fragmentation can happen if the log is too long (either on the sending machine
or on the network, or on the receiving side, I've seen cases where using a high
precision timestamp lengthened the message enough to cause fragments to appear)
David Lang
On Tue, 4 Jun 2013, Josh Bitto wrote:
Well I have it working "sort of" Instead of the *.*
/var/log/debugformat;RSYSLOG_DebugFormat being at the end of the config I put it before
my templates and that created the file. So somewhere in the conglomerate of my config the
template structure is not working correctly for debugging. That being said I can now try
and find the cause of my original issue.
I am getting entries from a known host that is already doing logging, but
appears to be fragments. Weird.
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of David Lang
Sent: Tuesday, June 04, 2013 8:38 AM
To: rsyslog-users
Subject: Re: [rsyslog] Debug not working
On Tue, 4 Jun 2013, Josh Bitto wrote:
Thank you all for the input, but I still am not getting a file output
of my debug file. Nothing writes to it. I tried deleting it and seeing
if it would be recreated and it doesn't even do that.
ahh, I didn't catch that you weren't getting output from your debug line.
if you start rsyslog with the debug flag ( -dn , d to run in debug mode, n to
not go into the background) you will get a ton of output, check it to see what
it complains about when it tries to write to the file.
David Lang
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Boylan, James
Sent: Tuesday, June 04, 2013 3:54 AM
To: rsyslog-users
Subject: Re: [rsyslog] Debug not working
If you decide to start using fromhost or fromhost-ip as a standard part of your
template I highly recommend installing nscd (For *nix, or your OS equivalent)
so that the DNS queries are cache. Otherwise you can put a considerable amount
of extra load onto your DNS servers.
-James
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of David Lang
Sent: Tuesday, June 04, 2013 1:35 AM
To: rsyslog-users
Subject: Re: [rsyslog] Debug not working
On Mon, 3 Jun 2013, Eric wrote:
Maybe a health check from a load balancer? I know I had to set specific discard
rules for the host (F5) that was executing the health check, otherwise I'd get
random spam like this.
Eric
On Jun 3, 2013, at 2:23 PM, Josh Bitto <[email protected]> wrote:
I am trying to run a debug to track down an issue that I'm having, and it isn't
creating the file.
This is the line that I have in my config.
*.* /var/log/debugformat;RSYSLOG_DebugFormat
The reason why I'm trying to do a debug is I'm getting a directory that has no
real host name. I have my config setup on templates and based on Hosts that
come in they get assigned to a specific directory.
So that being said I get a directory (which is supposed to be legit host names
that I have on my network.
Example:
/hosts/host1
/hosts/host2
/hosts/host3...etc.
But I am picking up one that I have no idea what it is /hosts/last
And the contents of the folder is a file named success and the contents of the file is
"last message repeated 3 times"
They have time stamps and it just repeats over and over. I don't believe I have
an error in my config, but I could be wrong. Any suggestions?
you have some system on your network that is set to collapse duplicate messages
into 'last message repeated X times' logs, and when it's sending that out, it
doesn't bother to put it's hostname in the message, so when the central box
gets it, it follows the parsing rule and can't tell that 'last' is not a
hostname.
Since you are loggign in debug format, you should be able to see the fromhost
or fromhost-ip, which will tell you which box is doing this.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is
a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our
control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is
a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our
control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE
WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites
beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is
a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our
control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
