GELF multiline messages are filling internal log with errors

(Janis) #1

Hello there!

Long story short - GELF TCP input generates internal errors out of multiline messages sent via nxlog:

java.lang.IllegalArgumentException: GELF message <7255f746-f76a-11e7-ab4c-00505696fbe8> (received from IP:PORT) has empty mandatory “short_message” field.

According to this post i have to get rid of blank lines which i did by using:

Exec if $raw_event =~ s/^\s//mg;

As an example (modsecurity auditlog):

was                                become

Unfortunately it didnt help and internal log keeps filling with these:

Unable to decode raw message …
Error processing message …

Any advice would be appreciated.

Graylog 2.4.0+2115a42 (Oracle Corporation 1.8.0_121 on Linux 3.16.0-4-amd64)
Logs travel via TCP to GELF TCP

Many thanks in advance!

(system) closed #2

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.