Summary
Troubleshooting Syslog Ingestion When Standards Aren’t Strictly Followed.
Problem
Syslog messages are expected to follow standards like RFC3164 or RFC5424. However, in real-world scenarios, minor deviations—such as extra spaces or formatting quirks—can cause parsing failures in Dynatrace’s OpenTelemetry Collector (OtelCollector). This guide helps you resolve such issues using OpenPipeline.
Troubleshooting steps
When syslog messages deviate slightly from expected standards:
-
OtelCollector fails to parse them.
-
Logs appear as raw messages in Dynatrace (e.g., Logs app).
-
Typical error
Failed to process entry {"operator_id": "syslog_input_internal_parser", "error": "expecting a Stamp timestamp [col 5]"}
Resolution
Use OpenPipeline for Custom processing.
Leverage Dynatrace’s OpenPipeline with the built-in Syslog Technology Bundle to handle non-standard messages.
Steps
-
Create a custom pipeline in OpenPipeline.
-
Route syslogs to this pipeline using a matcher:
matchesValue(dt.openpipeline.source, "extension:syslog") or matchesValue(log.source, "/var/log/syslog")
-
Select the Syslog Technology Bundle to enable parsing logic.
-
Optional: Decorate syslogs with custom attributes to route different streams to different pipelines.
What's next
Create a support ticket with all the steps mentioned above, with the logs, also provide
More articles can be found on the
Syslog Ingestion via ActiveGate Troubleshooting Guide
