Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

otel: add syslog-ng <-> syslog-ng communication via OTLP #4564

Merged
merged 16 commits into from
Aug 22, 2023
Merged

otel: add syslog-ng <-> syslog-ng communication via OTLP #4564

merged 16 commits into from
Aug 22, 2023

Conversation

alltilla
Copy link
Collaborator

@alltilla alltilla commented Jul 26, 2023
edited
Loading

The syslog-ng-otlp() source and destination helps to transfer the internal representation of a log message between syslog-ng instances. In contrary to the syslog-ng() (ewmm()) drivers, syslog-ng-otlp() does not transfer the messages on simple TCP connections, but uses the OpenTelemetry protocol to do so.

It is easily scalable (workers() option), uses built-in application layer acknowledgement, out of the box supports google service authentication (ADC or ALTS), and gives the possibility of better load balancing.

The performance is currently similar to ewmm() (OTLP is ~30% quicker) but there is a source side limitation, which will be optimized. We measured 200-300% performance improvement with a PoC optimized code using multiple threads, so stay tuned.

Note: The syslog-ng-otlp() source is only an alias to the opentelemetry() source. This is useful for not needing to open different ports for the syslog-ng messages and other OpenTelemetry messages. The syslog-ng messages are marked with a @syslog-ng scope name and the current syslog-ng version as the scope version. Both sources will handle the incoming
syslog-ng messages as syslog-ng messages, and all other messages as simple OpenTelemetry messages.

Signed-off-by: Attila Szakacs [email protected]

@alltilla alltilla force-pushed the syslog-ng-otlp branch 6 times, most recently from 131f46d to 785a319 Compare July 26, 2023 14:17
@alltilla alltilla marked this pull request as draft July 27, 2023 09:30
@alltilla alltilla force-pushed the syslog-ng-otlp branch 3 times, most recently from 69f66a1 to 8575307 Compare July 28, 2023 13:59
@alltilla alltilla marked this pull request as ready for review July 28, 2023 14:05
@alltilla alltilla force-pushed the syslog-ng-otlp branch 3 times, most recently from 5188a35 to a1bc6e6 Compare August 2, 2023 07:59
MrAnno
MrAnno reviewed Aug 16, 2023
View reviewed changes
Copy link
Collaborator

@MrAnno MrAnno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

alltilla added 14 commits August 17, 2023 12:59
@alltilla
otel: fix persist name generation
d5167db 
Signed-off-by: Attila Szakacs <[email protected]>
@alltilla
otel: show that seqid is not used
edbff35 
We never do anything seqid related, the LogTemplateEvalOptions is only
needed for the ValuePairs walk.

The value 11 before was a copy paste error, and it caused no problems,
because it is not used.

Signed-off-by: Attila Szakacs <[email protected]>
@alltilla
otel: add syslog-ng message formatting to formatter
f267c94 
Signed-off-by: Attila Szakacs <[email protected]>
@alltilla
otel: rename gRPC Credentials Builder related grammar rules
0428363 
Signed-off-by: Attila Szakacs <[email protected]>
@alltilla
otel: make dest and dest worker fields protected
ab47495 
So we can access them from descendant classes.

Signed-off-by: Attila Szakacs <[email protected]>
@alltilla
otel: move dest worker construct to cpp class
f2be87c 
It makes it easier to derive from the worker.

Signed-off-by: Attila Szakacs <[email protected]>
@alltilla
otel: make dest driver and worker functions virtual
ea1aa77 
Signed-off-by: Attila Szakacs <[email protected]>
@alltilla
otel: factor out dest driver and worker C wrapper init
055d896 
This makes it easier to derive.

Signed-off-by: Attila Szakacs <[email protected]>
@alltilla
otel: add syslog-ng-otlp() dest driver
2e6d4af 
Signed-off-by: Attila Szakacs <[email protected]>
@alltilla
rewrite-set-pri: expose convert_pri()
4d6f360 
This will be useful when parsing the syslog-ng-otel() messages.

Signed-off-by: Attila Szakacs <[email protected]>
@alltilla
otel: add syslog-ng message parsing to parser
a70d722 
Signed-off-by: Attila Szakacs <[email protected]>
@alltilla
otel: parse syslog-ng messages directly in source
1f0f35e 
Signed-off-by: Attila Szakacs <[email protected]>
@alltilla
otel: add syslog-ng-otlp() alias to opentelemetry()
1ced917 
For the sake of symmetry.

Signed-off-by: Attila Szakacs <[email protected]>
@alltilla
otel: do not drop non .otel_raw messages in parser
a99696e 
Signed-off-by: Attila Szakacs <[email protected]>
@alltilla
Copy link
Collaborator Author

alltilla commented Aug 17, 2023
edited
Loading

  • Rebased to master.
  • Fixed review comments.
  • Made ProtobufFormatter::get_metadata_for_syslog_ng() static.
  • Use scope name for marking syslog-ng messages instead of resource_schema_url.
  • Also set scope version with the syslog-ng version.
  • Fixed setting observed_time_unix_nano() copy paste error.
  • Get TAGS and PRI with log_msg_get_value_by_name_with_type() instead of using templates.
  • Send GMT offset for recvd and stamp timestamps.
  • Added unit tests.

@alltilla
Copy link
Collaborator Author

  • Added $0 test for the UT.
  • Added a news file entry.

@kira-syslogng
Copy link
Contributor

Build FAILURE

@alltilla
Copy link
Collaborator Author

@kira-syslogng retest this please

@MrAnno MrAnno merged commit 1d82000 into syslog-ng:master Aug 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MrAnno MrAnno MrAnno approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@alltilla @kira-syslogng @MrAnno