Thank you all for the input, but I still am not getting a file output of my debug file. Nothing writes to it. I tried deleting it and seeing if it would be recreated and it doesn't even do that.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Boylan, James Sent: Tuesday, June 04, 2013 3:54 AM To: rsyslog-users Subject: Re: [rsyslog] Debug not working If you decide to start using fromhost or fromhost-ip as a standard part of your template I highly recommend installing nscd (For *nix, or your OS equivalent) so that the DNS queries are cache. Otherwise you can put a considerable amount of extra load onto your DNS servers. -James -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of David Lang Sent: Tuesday, June 04, 2013 1:35 AM To: rsyslog-users Subject: Re: [rsyslog] Debug not working On Mon, 3 Jun 2013, Eric wrote: > Maybe a health check from a load balancer? I know I had to set specific > discard rules for the host (F5) that was executing the health check, > otherwise I'd get random spam like this. > > Eric > > On Jun 3, 2013, at 2:23 PM, Josh Bitto <[email protected]> wrote: > > I am trying to run a debug to track down an issue that I'm having, and it > isn't creating the file. > > This is the line that I have in my config. > > *.* /var/log/debugformat;RSYSLOG_DebugFormat > > > The reason why I'm trying to do a debug is I'm getting a directory that has > no real host name. I have my config setup on templates and based on Hosts > that come in they get assigned to a specific directory. > > So that being said I get a directory (which is supposed to be legit host > names that I have on my network. > > Example: > /hosts/host1 > /hosts/host2 > /hosts/host3...etc. > > But I am picking up one that I have no idea what it is /hosts/last > > And the contents of the folder is a file named success and the contents of > the file is "last message repeated 3 times" > They have time stamps and it just repeats over and over. I don't believe I > have an error in my config, but I could be wrong. Any suggestions? you have some system on your network that is set to collapse duplicate messages into 'last message repeated X times' logs, and when it's sending that out, it doesn't bother to put it's hostname in the message, so when the central box gets it, it follows the parsing rule and can't tell that 'last' is not a hostname. Since you are loggign in debug format, you should be able to see the fromhost or fromhost-ip, which will tell you which box is doing this. David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
