Skip to content

feat: Syslog backend #2985

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ruslandoga wants to merge 55 commits into
base: main
Choose a base branch
from
Open

feat: Syslog backend #2985

ruslandoga wants to merge 55 commits into from

Conversation

@ruslandoga
Copy link
Contributor

@ruslandoga ruslandoga commented Dec 1, 2025
edited
Loading

Continues from #2067

TODOs

  • Enable payload encryption with user-uploaded cipher keys
  • Format log messages according to syslog protocol RFC5424
  • Deliver over TCP as described in RFC6587 (implemented with octet counting)
  • TLS support based on RFC5425
  • Move telegraf usage to a docker-compose workflow with write-to-file assertions
  • CI workflow should also be updated
  • Create TCP backend via /backends liveview form
  • clean up tests
  • add Syslog Structured Data to config
  • support connection URI in config
  • more tests
  • try it out irl with some hosted syslog sink service

Questions

  • How should LogEvent data be mapped to the Syslog hostname, app-name, procid, and msgid fields?
  • How should Syslog Structured Data be handled, should it be populated from LogEvent? Some platforms like Better Stack rely on SD for authentication. Maybe SD can be provided via config.
  • Should this backend expose the Broadway topology parameters in the backend / application configuration?
  • Instead of requiring separate host, port, and tls fields, could it be a connection URI (e.g., tcp://host:port, or ssl://host:port or tls://host:port)? It might even contain cipher keys/certs/... like in psql-style urls.

@ruslandoga ruslandoga changed the title ft: TCP backend feat: TCP backend Dec 2, 2025
@ruslandoga ruslandoga force-pushed the rd/tcp-backend branch 4 times, most recently from 7e8eedd to 2561f2a Compare December 5, 2025 19:20
ruslandoga
ruslandoga commented Dec 11, 2025
View reviewed changes
ruslandoga
ruslandoga commented Dec 11, 2025
View reviewed changes
lib/logflare/backends/adaptor/syslog_adaptor/pipeline.ex

case Pool.send(pool, content) do
:ok -> messages
{:error, reason} -> fail_batch(messages, reason)
Copy link
Contributor Author

@ruslandoga ruslandoga Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if we need to add handle_failed and retry there. We can keep something like :attempt in the ack metadata to stop retrying after attempt > 3 or something like that.

Copy link
Contributor

@Ziinc Ziinc Dec 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lets default to 1 retry which is what all backends are standardizing to

@ruslandoga ruslandoga requested a review from Ziinc December 12, 2025 01:47
@ruslandoga ruslandoga changed the title feat: TCP backend feat: Syslog backend Dec 12, 2025
ruslandoga
ruslandoga commented Dec 12, 2025
View reviewed changes
@Ziinc
Copy link
Contributor

Ziinc commented Dec 13, 2025
edited
Loading

How should Syslog Structured Data be handled, should it be populated from LogEvent? Some platforms like Better Stack rely on SD for authentication. Maybe SD can be provided via config.

Yes lets use a config for it since it is not widely supported

Should this backend expose the Broadway topology parameters in the backend / application configuration?

no don't expose those. we should manage them automatically under the hood.

Instead of requiring separate host, port, and tls fields, could it be a connection URI (e.g., tcp://host:port, or ssl://host:port or tls://host:port)? It might even contain cipher keys/certs/... like in psql-style urls.

Yes, we can do that, should be an either/or validation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Ziinc Ziinc Awaiting requested review from Ziinc

Requested changes must be addressed to merge this pull request.

Assignees

@ruslandoga ruslandoga

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ruslandoga @Ziinc @hauleth