Some logs submitted over syslog using custom ports are not being correctly formatted and are not available for Alerting, Searching, Timelines, Graphs, and Live Tail.
Incident Report for Mezmo Status Page
Postmortem

Dates:
Start Time: Wednesday, February 16, 2022 at 19:58 UTC
End Time: Wednesday, February 16, 2022 at 21:10 UTC
Duration: 1:12:00

What happened:

Some logs being sent to our service over syslog using custom ports were not being correctly parsed and were not available for Alerting, Searching, Timelines, Graphs, and Live Tail. Unparsable log lines showed the error “Unidentifiable Syslog Source” and “Unsupported syslog format.” Logs being sent over syslog that do not use custom ports were working normally.

Why it happened:

We introduced a bug into our production environment, specifically in a new service called Syslog Forwarder. The bug prevented Syslog lines from being parsed.

As a result, any newly submitted Syslog lines sent using custom ports were not parsed. The lines displayed an error “Unidentifiable Syslog Source” and “Unsupported syslog format.”

How we fixed it:

We created a hot fix that corrected the bug.

What we are doing to prevent it from happening again:

We added to our test suite to guard against regressions in the Syslog Forwarder.

Posted Mar 01, 2022 - 20:14 UTC

Resolved
The incident has been resolved. If you continue to experience issues with unparsable log lines that show the error “Unidentifiable Syslog Source” and “Unsupported Syslog format”, please contact Support.
Posted Feb 16, 2022 - 21:56 UTC
Monitoring
A fix has been implemented and we are monitoring the results.
Posted Feb 16, 2022 - 21:17 UTC
Investigating
Some logs being sent to our service over syslog using custom ports are not being correctly parsed and are not available for Alerting, Searching, Timelines, Graphs, and Live Tail. Unparsable log lines will show the error “Unidentifiable Syslog Source” and “Unsupported syslog format.” Logs being sent over syslog that do not use custom ports are working normally.
Posted Feb 16, 2022 - 19:58 UTC
This incident affected: Log Ingestion (Syslog).