convox
Invalid program name when using Syslog forwarder, sending logs to Papertrail
Hi there,
We use a Syslog forwarder and forward our logs to Papertrail, as in Convox's example.
On the 15th of November, our logs started showing the following as "program name":
convox/syslog/unknown
instead of what they used to show before, the name of the Convox service, release and container identifier:
maestro-mock:RSITDWPHPKY/1c018b9c4e0a
This was following a Rack update that was manually triggered.
I talked to Papertrail, and they had the following to say:
The key bit of that code for identifying the program is in Lines 75 to 119, and the default value is convox/syslog/unknown. This is almost certainly something Convox is doing, or not doing - somehow, it's no longer picking up the app/release/container ID info. (Papertrail generally doesn't do much parsing on incoming messages, aside from trying to make sure they match a syslog format. If that was failing, I'd expect the whole line to come through in the message with an IP and basic program name added on, rather than a properly formatted message with a specific program name.)
The Convox syslog code itself hasn't changed much recently - most of it is from more than six months ago - so one thing that came to mind is whether the NativeLogging option mentioned in the comments is now being used.
If it's not that, though, it might be more useful to try to explore this with Convox Support. Depending on what method of support is appropriate, feel free to loop us in if it's feasible, by cc'ing [email protected].
Does that make sense? I'd like to be able to provide more concrete guidance, but it's hard for me to guess what might have caused the change without a better knowledge of the whole system, which I imagine Convox would have. (Though one thing that did come to mind is whether the errors on Lines 93 and 112 are showing up anywhere.)
