On Mon, May 27, 2013 at 2:46 PM, David Lang <[email protected]> wrote: > On Mon, 27 May 2013, C. L. Martinez wrote: > >> HI all, >> >> I am using an OpenBSD host with rsyslog (version 4.6.4, I know I >> know, it is too old but it is patched and packaged for OpenBSD, and it >> is an official package) to receipt logs from one barnyard2 instance. >> >> Configuration is simple: >> >> # Increasing Message size >> $MaxMessageSize 64k >> >> #### MODULES #### >> >> $ModLoad imtcp # needs to be done just once >> $InputTCPServerRun 10514 >> >> >> #### GLOBAL DIRECTIVES #### >> >> # Use default timestamp format >> $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat >> >> # File syncing capability is disabled by default. This feature is >> usually not required, >> # not useful and an extreme performance hit >> #$ActionFileEnableSync on >> >> >> #### Templates definitions #### >> >> #### RULES #### >> >> # Default spool directory >> $WorkDirectory /data/logs/rsyslog >> $MainMsgQueueFileName mainq >> $MainMsgQueueType LinkedList >> $MainMsgQueueSaveOnShutDown on >> $MainMsgQueueMaxDiskSpace 1g >> $MainMsgQueueSize 8000000 >> >> >> # Define input for Barnyard2 alert logs >> $ActionQueueFileName by2fwd >> $ActionQueueMaxDiskSpace 3g >> $ActionQueueSaveOnShutdown on >> $ActionQueueType LinkedList >> $ActionQueueMaxFileSize 20m >> $ActionResumeRetryCount -1 >> #if $programname == 'barnyard2' then /tmp/by2.log >> *.* /tmp/by2.log >> & ~ >> >> .. but it doesn't works (by2.log is empty always). Using this type of >> configuration with rsyslog 5.8.x under CentOS servers, works. >> >> I have attached debug log, but I can't where it can be the problem. > > > from the logs, it looks like the worker thread fails every time it tries to > write to disk. > > One thing I would suggest is to simplify your configuration. > > unless you have other things in your config, there is no advantage to > defining an action queue for one output. > > In addition, if you are just going to write the logs out to disk for the > action, there's also not really any value in defining an action queue. If > the disk isn't full, it will just write to the file, if the disk is full it > can't write to the queue file > > Try stripping your config down to just: > > $MaxMessageSize 64k > > $ModLoad imtcp # needs to be done just once > $MainMsgQueueSize 8000000 > $InputTCPServerRun 10514 > $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat > *.* /tmp/by2.log > & ~ > > and see what happens. > > David Lang >
Thanks David, and sorry for my late response. Problem is solved now. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
