Data received on the remote syslog are not well-formed (they look binary)

[leonzo]

Hi

I have installed the fluent-plugin-syslog_rfc5424 (https://github.com/cloudfoundry/fluent-plugin-syslog_rfc5424)

in order to send data to a remote rsyslog server trough fluentd

I have the following configuration to send log from a hostA to hostB (where a remote Syslog server is configured to collect log on port 514 through tcp or udp)

@type syslog_rfc5424 host hostB.com port 514 # # @type memory # flush_interval 10s # @type syslog_rfc5424 app_name_field example.custom_field_1 proc_id_field example.custom_field_2

After restarting the td-agent service I do receive data on the syslog remote server iin hostB.com

But they are not well formatted, instead of the json-like data sent from the source like this line :

2021-05-26T14:18:08+02:00 abc.agent.C:.Program Files (x86).nxlog.centralog.nxlog2fluentd.log {"E-Channel":"Application","E-CollectID":"abc.com","E-Collector":"NXLog2FluentD v1.0.0-2 (go1.9)","E-Level":"INFO","E-Source":"MSExchange ADAccess","I-@Ip":"xx.tt.yy.nn","I-NomPF":"SHAREPOINT","I-NomVM":"abc","I-PathTrace":"C:\\Program Files (x86)\\nxlog\\abc\\nxlog2fluentd.log","I-RoleVM":"WS","I-TypePF":"DEV","I-TypeTrace":"OS_WINDOWS","I-TypeVM":"BO","I-VersionOS":"Windows Server 2012 R2 Standard","I-VersionSocle":"6.3","file":"C:\\Program Files (x86)\\nxlog\\abc\\nxlog2fluentd.log","message":"Process w3wp.exe (RemotePS) (PID=5568). Finished clearing the expired organizations from ProvisioningCache in Powershell virtual directory process Powershell-Proxy, 1 expired organizations cleared.","pfname":"SHAREPOINT"}

I get this

cat #000.log

2021-05-26T15:08:21.035504+02:00 hostA.com #000▒#000▒#000▒#000▒#000k#000j#000i#000h#0009#0008#0007#0006#000▒#000▒#000▒#000▒▒2▒.▒*▒&▒#017▒#005#000▒#000=#0005#000▒▒/▒+▒'▒#▒#023▒#011#000▒#000▒#000▒#000▒#000g#000@#000?#000>#0003#0002#0001#0000#000▒#000▒#000▒#000▒#000E#000D#000C#000B▒1▒-▒)▒%▒#016▒#004#000▒#000<#000/#000▒#000A▒#021▒#007▒#014▒#002#000#005#000#004▒#022▒#010#000#026#000#023#000#020#000#015▒#015▒#003
2021-05-26T15:08:21.035504+02:00 hostA.com #000▒#001#000#001)#000#000#000&#000$#000#000!hostB.com#000#013#000#004#003#000#001#002
2021-05-26T15:32:40.923256+02:00 hostA.com #000▒#000▒#000▒#000▒#000k#000j#000i#000h#0009#0008#0007#0006#000▒#000▒#000▒#000▒▒2▒.▒*▒&▒#017▒#005#000▒#000=#0005#000▒▒/▒+▒'▒#▒#023▒#011#000▒#000▒#000▒#000▒#000g#000@#000?#000>#0003#0002#0001#0000#000▒#000▒#000▒#000▒#000E#000D#000C#000B▒1▒-▒)▒%▒#016▒#004#000▒#000<#000/#000▒#000A▒#021▒#007▒#014▒#002#000#005#000#004▒#022▒#010#000#026#000#023#000#020#000#015▒#015▒#003
2021-05-26T15:32:40.923256+02:00 hostA.com #000▒#001#000#001)#000#000#000&#000$#000#000!hostB.com#000#013#000#004#003#000#001#002
2021-05-26T15:54:37.198090+02:00 hostA.com #000▒#000▒#000▒#000▒#000k#000j#000i#000h#0009#0008#0007#0006#000▒#000▒#000▒#000▒▒2▒.▒*▒&▒#017▒#005#000▒#000=#0005#000▒▒/▒+▒'▒#▒#023▒#011#000▒#000▒#000▒#000▒#000g#000@#000?#000>#0003#0002#0001#0000#000▒#000▒#000▒#000▒#000E#000D#000C#000B▒1▒-▒)▒%▒#016▒#004#000▒#000<#000/#000▒#000A▒#021▒#007▒#014▒#002#000#005#000#004▒#022▒#010#000#026#000#023#000#020#000#015▒#015▒#003
2021-05-26T15:54:37.198090+02:00 hostA.com #000▒#001#000#001)#000#000#000&#000$#000#000!hostB.com#000#013#000#004#003#000#001#002

What am I missing in the syslog_rfc5424 configuration for received data to be correct and json like ?

Thank in advance for any help !