Description
Before reporting an issue
- I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.
Area
core
Describe the bug
When enabling syslog logging with configuration (either command line or config file), and setting log-syslog-output to tcp or ssl-tcp, logs fail to be received, in particular by syslog-ng. This seems to be because of the syslog framing, which is required to do byte counting when TCP or SSL/TLS is used (see RFC5424).
Setting the Quarkus property quarkus.log.syslog.use-counting-framing allows syslog events to be captured.
I would suggest one of two approaches to resolving this
- Add an extra config option to mirror the
quarkus.log.syslog.use-counting-framingoption - When setting the
log-syslog-outputconfig option totcporssl-tcp, then automatically set thequarkus.log.syslog.use-counting-framingoption correctly.
Given approach 2, it might even be an upstream change to Quarkus to do this. I so, I can raise on the Quarkus issues.
Version
26.2.4
Regression
- The issue is a regression
Expected behavior
When enabling syslog logging for TCP or SSL-TCP, then byte count framing should be enabled.
Actual behavior
Without the flag, UDP syslog format framing is used, and syslog messages fail to be received.
How to Reproduce?
Create a syslog collector (syslog-ng or similar. Enable syslog in Keycloak with the following options.
- --log=console,syslog
- --log-level=INFO
- --log-syslog-app-name=keycloak
- --log-syslog-endpoint=host:port
- --log-syslog-level=debug
- --log-syslog-protocol=ssl-tcp
- --log-syslog-type=rfc5424
- --log-syslog-output=json
Log evens will not be received and syslog-ng in debug mode will repot the framing error. After setting quarkus.log.syslog.use-counting-framing in the quarkus.properties, then syslog logging is successful.
Anything else?
No response