rsyslogd: use %rawmsg-after-pri% instead of %msg%

after some prolonged RFC reading and tinkering w/ rsyslogd... cpython's SysLogHandler doesn't emit RFC3164 formatted messages in the format you'd expect; it's missing the ISO date, hostname, etc... along with other header values; the handler implementation relies on you to specify a syslog-like formatter (we've replaced all of this with our own *custom* logstash-esque formatter that effectively outputs valid JSON - without dates and other syslog header values prepended) because of this unanticipated format, rsyslogd chokes when trying to parse the message's parts; AWX is emitting: <priority>RAWJSON ...so the usage of `%msg%` isn't going to work for us, because rsyslog tries to parse *all* of the possible headers (and yells, because it can't find a date to parse): see: https://www.rsyslog.com/files/temp/doc-indent/configuration/properties.html#message-properties this is fine, because we don't *need* any of that message parsing anyways; in the end, we're *just* interested in forwarding the raw JSON/text content to the third party log handler
2026-01-13 11:00:03 -03:30 · 2020-04-09 00:42:43 -04:00 · 2020-04-09 00:42:43 -04:00 · 2a4b009f04
commit 2a4b009f04
parent 8cdd42307c
3 changed files with 11 additions and 11 deletions
--- a/awx/main/tests/unit/api/test_logger.py
+++ b/awx/main/tests/unit/api/test_logger.py
@ -43,7 +43,7 @@ data_loggly = {
            None,
            'https',
            '\n'.join([
-                'template(name="awx" type="string" string="%msg%")\nmodule(load="omhttp")',
+                'template(name="awx" type="string" string="%rawmsg-after-pri%")\nmodule(load="omhttp")',
                'action(type="omhttp" server="logs-01.loggly.com" serverport="80" usehttps="off" skipverifyhost="off" action.resumeRetryCount="-1" template="awx" errorfile="/var/log/tower/external.err" healthchecktimeout="20000" restpath="inputs/1fd38090-2af1-4e1e-8d80-492899da0f71/tag/http/")',  # noqa
            ])
        ),
@ -54,7 +54,7 @@ data_loggly = {
            9000,
            'udp',
            '\n'.join([
-                'template(name="awx" type="string" string="%msg%")',
+                'template(name="awx" type="string" string="%rawmsg-after-pri%")',
                'action(type="omfwd" target="localhost" port="9000" protocol="udp" action.resumeRetryCount="-1" template="awx")',  # noqa
            ])
        ),
@ -65,7 +65,7 @@ data_loggly = {
            9000,
            'tcp',
            '\n'.join([
-                'template(name="awx" type="string" string="%msg%")',
+                'template(name="awx" type="string" string="%rawmsg-after-pri%")',
                'action(type="omfwd" target="localhost" port="9000" protocol="tcp" action.resumeRetryCount="-1" template="awx")',  # noqa
            ])
        ),
@ -76,7 +76,7 @@ data_loggly = {
            None,
            None,
            '\n'.join([
-                'template(name="awx" type="string" string="%msg%")\nmodule(load="omhttp")',
+                'template(name="awx" type="string" string="%rawmsg-after-pri%")\nmodule(load="omhttp")',
                'action(type="omhttp" server="yoursplunk" serverport="443" usehttps="on" skipverifyhost="off" action.resumeRetryCount="-1" template="awx" errorfile="/var/log/tower/external.err" healthchecktimeout="20000" restpath="services/collector/event")',  # noqa
            ])
        ),
@ -87,7 +87,7 @@ data_loggly = {
            None,
            None,
            '\n'.join([
-                'template(name="awx" type="string" string="%msg%")\nmodule(load="omhttp")',
+                'template(name="awx" type="string" string="%rawmsg-after-pri%")\nmodule(load="omhttp")',
                'action(type="omhttp" server="yoursplunk" serverport="80" usehttps="off" skipverifyhost="off" action.resumeRetryCount="-1" template="awx" errorfile="/var/log/tower/external.err" healthchecktimeout="20000" restpath="services/collector/event")',  # noqa
            ])
        ),
@ -98,7 +98,7 @@ data_loggly = {
            None,
            None,
            '\n'.join([
-                'template(name="awx" type="string" string="%msg%")\nmodule(load="omhttp")',
+                'template(name="awx" type="string" string="%rawmsg-after-pri%")\nmodule(load="omhttp")',
                'action(type="omhttp" server="yoursplunk" serverport="8088" usehttps="on" skipverifyhost="off" action.resumeRetryCount="-1" template="awx" errorfile="/var/log/tower/external.err" healthchecktimeout="20000" restpath="services/collector/event")',  # noqa
            ])
        ),
@ -109,7 +109,7 @@ data_loggly = {
            8088,
            None,
            '\n'.join([
-                'template(name="awx" type="string" string="%msg%")\nmodule(load="omhttp")',
+                'template(name="awx" type="string" string="%rawmsg-after-pri%")\nmodule(load="omhttp")',
                'action(type="omhttp" server="yoursplunk" serverport="8088" usehttps="on" skipverifyhost="off" action.resumeRetryCount="-1" template="awx" errorfile="/var/log/tower/external.err" healthchecktimeout="20000" restpath="services/collector/event")',  # noqa
            ])
        ),
@ -120,7 +120,7 @@ data_loggly = {
            8088,
            'https',
            '\n'.join([
-                'template(name="awx" type="string" string="%msg%")\nmodule(load="omhttp")',
+                'template(name="awx" type="string" string="%rawmsg-after-pri%")\nmodule(load="omhttp")',
                'action(type="omhttp" server="yoursplunk.org" serverport="8088" usehttps="on" skipverifyhost="off" action.resumeRetryCount="-1" template="awx" errorfile="/var/log/tower/external.err" healthchecktimeout="20000" restpath="services/collector/event")',  # noqa
            ])
        ),
@ -131,7 +131,7 @@ data_loggly = {
            8088,
            None,
            '\n'.join([
-                'template(name="awx" type="string" string="%msg%")\nmodule(load="omhttp")',
+                'template(name="awx" type="string" string="%rawmsg-after-pri%")\nmodule(load="omhttp")',
                'action(type="omhttp" server="yoursplunk.org" serverport="8088" usehttps="off" skipverifyhost="off" action.resumeRetryCount="-1" template="awx" errorfile="/var/log/tower/external.err" healthchecktimeout="20000" restpath="services/collector/event")',  # noqa
            ])
        ),
--- a/awx/main/utils/external_logging.py
+++ b/awx/main/utils/external_logging.py
@ -32,7 +32,7 @@ def construct_rsyslog_conf_template(settings=settings):
        '$IncludeConfig /var/lib/awx/rsyslog/conf.d/*.conf',
        '$ModLoad imuxsock',
        'input(type="imuxsock" Socket="' + settings.LOGGING['handlers']['external_logger']['address'] + '" unlink="on")',
-        'template(name="awx" type="string" string="%msg%")',
+        'template(name="awx" type="string" string="%rawmsg-after-pri%")',
    ])
    if protocol.startswith('http'):
        # https://github.com/rsyslog/rsyslog-doc/blob/master/source/configuration/modules/omhttp.rst
--- a/awx/main/utils/formatters.py
+++ b/awx/main/utils/formatters.py
@ -97,7 +97,7 @@ class LogstashFormatterBase(logging.Formatter):

    @classmethod
    def serialize(cls, message):
-        return ' ' + json.dumps(message, cls=DjangoJSONEncoder) + '\000'
+        return json.dumps(message, cls=DjangoJSONEncoder) + '\n'


 class LogstashFormatter(LogstashFormatterBase):