[receiver/syslog] expose the syslog parser config from the syslog receiver #36906
Conversation
…eiver The syslog receiver relies on the stanza syslog input. Among other inputs, the syslog input is a bit special because it's a wrapper of a TCP/UDP input with a syslog parser. The user can't configure the syslog parser because it's not exposed from the syslog input config, which means that some useful features like the `on_error` mode or `parse_from/to` is unavailable if you are using syslog receiver. This PR adds the parser config to the syslog input config, under `parser` field. I choose not to flatten it because the existing `InputConfig.WriterConfig` will be conflicted with the `ParserConfig.TransformerConfig.WriterConfig`. We can overrides it later in the `Build` func, but I guess it's a bit implicit and error-prone, therefore I choose to add a new `parser` field. I'm open to change it if the owners think otherwise. This change should be backward-compatible.
namco1992
requested review from
djaglowski,
andrzej-stencel and
a team
as code owners
|
https://github.com/open-telemetry/opentelemetry-collector-contrib/actions/runs/12425577954/job/34692561655?pr=36906 |
There was a problem hiding this comment.
I don't agree that there's any reason to expose most of these settings. The only one that makes any sense to me is on_error because it can provide useful behavior options.
All of the other fields suggested here are for things that instruct the parser where to find things, which is already defined due to the behavior of the tcp and udp inputs.
If you want to customize behavior further, why not use tcp or udp receivers and configure the syslog parser manually?
|
Hi @djaglowski, thanks for the reply.
If this makes some sense, then is it possible to at least expose this config?
Can you elaborate more on this point? The TCP/UDP inputs didn't really "define" any parser config other than init a default config. I'm also not sure why it would be a bad thing to grant users the power to config the parser.
Yes, I guess we would have to go down that route if this can't happen upstream. However, there is some config that we can't touch from the outside, like setting the CMIIW, but it seems we can't really have a 1-1 replication of the syslog receiver by combining TCP/UDP receiver with syslog parser. Lastly, the syslog_input documentation claims that it supports https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/f21f7183cafdb2ec61fbb23692e9ee37b4f871c2/pkg/stanza/docs/operators/syslog_parser.md#configuration-fields, but that's not true since the parser config is not configurable. I understand that it might be a niche request, but I believe it's a reasonable one(or probably because I needed it 🙊 ). I'm ok with exposing the ones that you think make sense. |
|
This PR was marked stale due to lack of activity. It will be closed in 14 days. |
|
Hi @djaglowski, is there anything I can do to reopen this discussion? Or should I consider it as a "no no"? Thanks! |
Yes, I am in support of exposing this.
The syslog input embeds the tcp & udp inputs, which means there is no ambiguity as to where the syslog parser should look when trying to find the syslog. (e.g. syslog comes into tcp input -> tcp input places it in the body -> syslog parser look for it in the body.)
The settings are key to the seamless integration between the inputs and the parser. What good is exposing
You can configure this by setting
It supports all the fields in the syslog parser's "BaseConfig" which as you've noted excludes the fields that are defined in a generic parser. |
Let's rewind a bit so I can clarify my understanding. IIUC, the alternative you suggested is TCP/UDP log receiver + syslog parser, and the config could look like this: receivers:
tcplog:
listen_address: 0.0.0.0:601
operators:
- type: syslog_parser
protocol: rfc5424
enable_octet_counting: true
parse_to: bodyDuring initialization, the opentelemetry-collector-contrib/pkg/stanza/operator/input/tcp/config.go Lines 112 to 114 in 0788185 The What I linked in the previous comment is from
For the rest of your comment, I don't really have a strong opinion, I will update my PR to only expose the |
I still cannot understand why you would need an alternative. |
|
Yup sure, I guess since you mentioned that possibility then I got too obsessed with it 😂 Will PR add the |
|
This PR was marked stale due to lack of activity. It will be closed in 14 days. |
…37847) <!--Ex. Fixing a bug - Describe the bug and how this fixes the issue. Ex. Adding a feature - Explain what this achieves.--> #### Description As per the discussion in #36906, this PR supports setting the `on_error` mode in syslog receiver that controls the behaviour of the underlying `syslog_parser` when it encounters an error. <!-- Issue number (e.g. #1234) or full URL to issue, if applicable. --> #### Link to tracking issue Closes #36906. <!--Describe what testing was performed and which tests were added.--> #### Testing Tested setting `on_error` in the syslog receiver config. <!--Describe the documentation added.--> #### Documentation Documented the `on_error` entry in both the syslog input and receiver config. <!--Please delete paragraphs that you did not use before submitting.--> Signed-off-by: Mengnan Gong <[email protected]>
Description
The syslog receiver relies on the stanza syslog input. Among other inputs, the syslog input is a bit special because it's a wrapper of a TCP/UDP input with a syslog parser. The user can't configure the syslog parser because it's not exposed from the syslog input config, which means that some useful features like the
on_errormode orparse_from/tois unavailable if you are using syslog receiver.This PR adds the parser config to the syslog input config under the
parserfield. I chose not to flatten it because the existingInputConfig.WriterConfigwill conflict with theParserConfig.TransformerConfig.WriterConfig. We can override it later in theBuildfunc, but I guess it's a bit implicit and error-prone, so I choose to add a newparserfield. I'm open to changing it if the owners think otherwise.This change should be backward-compatible.
Testing
Tested locally with newly added config.
Documentation
Added the parser config documentation to the syslog receiver README.