sending via tcp means that when the receiver can't handle the messages, the
sender starts queueing them for later delivery and when the queue is full, will
suspend sending as well
it would probably make things much clearer if you enabled impstats on both
systems.
beyond that, I think we would need to see both configs, impstats from both, and
examples of messages that you think are wrong to try and understand this.
David Lang
On Wed, 19 Feb 2020, dgermanrsysl--- via rsyslog wrote:
Date: Wed, 19 Feb 2020 13:09:54 -0500
From: dgermanrsysl--- via rsyslog <[email protected]>
To: rsyslog-users <[email protected]>
Cc: [email protected]
Subject: [rsyslog] Suspended entry occurs at remote syslog
We frequently (BUT not always) see (identical) "action suspended"
messages both on the originating host and on the "forwarded to" host.
2 questions:
1) Why are the suspensions happening at all?
2) If there is a problem forwarding the message, how does it end up at
the "forwarded to" host? (with the same timestamp as the original message)
The environment is:
Both systems are on the same LAN
pi93graf (192.168.1.51) wifi connected raspberry Pi Zero W Raspbian
GNU/Linux 9 (stretch)
rsyslogd 8.24.0 at a fixed location less than 15 meters from the verizon
router.
dalogger ethernet connected Raspberry Pi Model B Rev 2; Raspbian
GNU/Linux 10 (buster)
rsyslogd 8.1901.0 (aka 2019.01)
dalogger.dns04.com( a dynamic DNS resolved name ending up at
108.35.223.94 port forwarded to ethernet connected 192.168.1.14)
on pi93graf local7.log AND 05_notice.log AND 04_warn.log
2020-02-18 19:57:20 pi93graf local7.warning liblogging-stdlog: action
'action 11' suspended, next retry is Tue Feb 18 19:58:50 2020 [v8.24.0
try http://www.rsyslog.com/e/2007 ]
on dalogger local7.log.1: AND 05_notice.log.1 AND 04_warn.log.1
2020-02-18 19:57:20 pi93graf local7.warning liblogging-stdlog: action
'action 11' suspended, next retry is Tue Feb 18 19:58:50 2020 [v8.24.0
try http://www.rsyslog.com/e/2007 ]
on pi93graf rsyslogd -N 1 -d 2 includes:
5241.693867466:main thread : PRIFILT '*.warn'
5241.700666318:main thread : ACTION 11
[builtin:omfwd:action(type="builtin:omfwd" ...)]
/etc/rsyslog.conf includes:
# all unexpected messages (warn,err,crit... ) go to dalogger
*.warn @dalogger.dns04.com
*.warn action(type="omfwd" target="dalogger.dns04.com" protocol="tcp"
action.resumeRetryCount="20" queue.type="linkedList" queue.size="1000")
If complete rsyslog.conf would be helpful I will make them available but
I didn't want to clutter up this email with them.
Thanks for you help and for a GREAT package.
Dennis
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
