Dates:
Start Time: Wednesday, February 16, 2022 at 19:58 UTC
End Time: Wednesday, February 16, 2022 at 21:10 UTC
Duration: 1:12:00

What happened:

Some logs being sent to our service over syslog using custom ports were not being correctly parsed and were not available for Alerting, Searching, Timelines, Graphs, and Live Tail. Unparsable log lines showed the error “Unidentifiable Syslog Source” and “Unsupported syslog format.” Logs being sent over syslog that do not use custom ports were working normally.

‌

Why it happened:

We introduced a bug into our production environment, specifically in a new service called Syslog Forwarder. The bug prevented Syslog lines from being parsed.

As a result, any newly submitted Syslog lines sent using custom ports were not parsed. The lines displayed an error “Unidentifiable Syslog Source” and “Unsupported syslog format.”

‌

How we fixed it:

We created a hot fix that corrected the bug.

What we are doing to prevent it from happening again:

We added to our test suite to guard against regressions in the Syslog Forwarder.