LogDNA incident

Some logs submitted over syslog using custom ports are not being correctly formatted and are not available for Alerting, Searching, Timelines, Graphs, and Live Tail.

Major Resolved View vendor source →

LogDNA experienced a major incident on February 16, 2022 affecting Log Ingestion (Syslog), lasting 1h 57m. The incident has been resolved; the full update timeline is below.

Started
Feb 16, 2022, 07:58 PM UTC
Resolved
Feb 16, 2022, 09:56 PM UTC
Duration
1h 57m
Detected by Pingoru
Feb 16, 2022, 07:58 PM UTC

Affected components

Log Ingestion (Syslog)

Update timeline

  1. investigating Feb 16, 2022, 07:58 PM UTC

    Some logs being sent to our service over syslog using custom ports are not being correctly parsed and are not available for Alerting, Searching, Timelines, Graphs, and Live Tail. Unparsable log lines will show the error “Unidentifiable Syslog Source” and “Unsupported syslog format.” Logs being sent over syslog that do not use custom ports are working normally.

  2. monitoring Feb 16, 2022, 09:17 PM UTC

    A fix has been implemented and we are monitoring the results.

  3. resolved Feb 16, 2022, 09:56 PM UTC

    The incident has been resolved. If you continue to experience issues with unparsable log lines that show the error “Unidentifiable Syslog Source” and “Unsupported Syslog format”, please contact Support.

  4. postmortem Mar 01, 2022, 08:13 PM UTC

    **Dates:** Start Time: Wednesday, February 16, 2022 at 19:58 UTC End Time: Wednesday, February 16, 2022 at 21:10 UTC Duration: 1:12:00 **What happened:** Some logs being sent to our service over syslog using custom ports were not being correctly parsed and were not available for Alerting, Searching, Timelines, Graphs, and Live Tail. Unparsable log lines showed the error “Unidentifiable Syslog Source” and “Unsupported syslog format.” Logs being sent over syslog that do not use custom ports were working normally. ‌ **Why it happened:** We introduced a bug into our production environment, specifically in a new service called Syslog Forwarder. The bug prevented Syslog lines from being parsed. As a result, any newly submitted Syslog lines sent using custom ports were not parsed. The lines displayed an error “Unidentifiable Syslog Source” and “Unsupported syslog format.” ‌ **How we fixed it:** We created a hot fix that corrected the bug. **What we are doing to prevent it from happening again:** We added to our test suite to guard against regressions in the Syslog Forwarder.