Syslog exporter/forwarder - this forwarder has been tested with an rsyslog server and the sumologic cloud syslog source

[rnishtala-sumo]

Description

In order to send messages from a device to a remote syslog server, one needs a syslog agent. Most Linux operating systems ship with a syslog agent and if one is not available, one can be easily installed. The two most common syslog agents used on Linux systems today are rsyslog and syslog-ng

The syslog protocol is the standard for remote message logging.

OpenTelemetry seems to already have a syslog receiver, a syslog exporter/forwarder would be useful to send messages to a third party syslog server.

Setup

• To setup a cloud syslog source, follow the document below:
  • https://docs.google.com/document/d/14dLAtJSpqd2zduRrixy2tUl7muJErVlvJ5wO47Cpu1w/edit#heading=h.c496ek1o0ll7

Send syslog messages

Use the configuration template below, to configure this syslog forwarder to send messages to the cloud syslog source

• Example
• Also, this is the README
• Note: To send syslog messages to the cloud syslog source the syslog message must be RFC5424 complaint and must have the cloud syslog source token embedded in the message as a structured field. Example below:
  • <165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [token] BOMAn application event log entry...

[sumo-drosiek]

Can we raise this PR for upstream to avoid differences and possible breaking changes later?

[sumo-drosiek]

I need to disagree with the implementation. Correct me if I'm wrong, but as I understand the code, we expect Body to be already Syslog formatted. What would I expect from Syslog Exporter is to get any log (just as text usually) and send it in syslog format by adding necessary fields and formatting to correct RFC form

[sumo-drosiek]

In addition to my review, please remove unnecessary comments

[kasia-kujawa]

Now I'm working on fixing following issue which is visible in tests

--- FAIL: TestNoAddStructuredData (0.00s)
    syslog_test.go:29: 
                Error Trace:    /Users/kkujawa/git/sumologic-otel-collector/pkg/exporter/syslogexporter/syslog_test.go:29
                Error:          Not equal: 
                                expected: "<165>1 2003-08-24T05:14:15.000003-07:00 192.0.2.1 myproc 8710 - - It's time to make the do-nuts."
                                actual  : "<165>1 2003-08-24T05:14:15.000003-07:00 192.0.2.1 myproc 8710 - %!s(<nil>) It's time to make the do-nuts."
                            
                                Diff:
                                --- Expected
                                +++ Actual
                                @@ -1 +1 @@
                                -<165>1 2003-08-24T05:14:15.000003-07:00 192.0.2.1 myproc 8710 - - It's time to make the do-nuts.
                                +<165>1 2003-08-24T05:14:15.000003-07:00 192.0.2.1 myproc 8710 - %!s(<nil>) It's time to make the do-nuts.
                Test:           TestNoAddStructuredData
--- FAIL: TestRFC5424 (0.00s)
    syslog_test.go:43: 
                Error Trace:    /Users/kkujawa/git/sumologic-otel-collector/pkg/exporter/syslogexporter/syslog_test.go:43
                Error:          Not equal: 
                                expected: "<165>1 2003-08-24T05:14:15.000003-07:00 192.0.2.1 myproc 8710 - - It's time to make the do-nuts."
                                actual  : "<165>1 2003-08-24T05:14:15.000003-07:00 192.0.2.1 myproc 8710 - %!s(<nil>) It's time to make the do-nuts."
                            
                                Diff:
                                --- Expected
                                +++ Actual
                                @@ -1 +1 @@
                                -<165>1 2003-08-24T05:14:15.000003-07:00 192.0.2.1 myproc 8710 - - It's time to make the do-nuts.
                                +<165>1 2003-08-24T05:14:15.000003-07:00 192.0.2.1 myproc 8710 - %!s(<nil>) It's time to make the do-nuts.
                Test:           TestRFC5424
FAIL
FAIL    github.com/SumoLogic/sumologic-otel-collector/pkg/exporter/syslogexporter       0.557s
FAIL
make: *** [test] Error 1

[sumo-drosiek]

Just one validation complain 😬

[sumo-drosiek]

nit: It would be nice to validate everything on one run. I imagine situation where all fields are invalid and customer has to run it multiple time to fix all configuration error. It would be nice to avoid it

[sumo-drosiek]

I think we are good to go :)