you could put the remote sender things in a seprate ruleset with a queue on that
ruleset, that would let the rest of the config run without the network
(accumulating early logs and gathering shutdown logs up to the point that
rsyslog gets shut down)
you can configure rsyslog to save the queue to disk at shutdown (but this can
take time, so you may need to increase the systemd timeout for letting rsyslog
do a clean shutdown)
David Lang
On Wed, 13 Mar 2024, Attila Lakatos via rsyslog wrote:
Date: Wed, 13 Mar 2024 13:49:19 +0100
From: Attila Lakatos via rsyslog <rsyslog@lists.adiscon.com>
To: rsyslog-users <rsyslog@lists.adiscon.com>
Cc: Attila Lakatos <alaka...@redhat.com>
Subject: [rsyslog] Capturing shutdown logs
Recently I came across an observation where we are not able to capture
normal reboot/shutdown logs on Fedora/RHEL distributions. In these
environments, systemd is responsible for starting the rsyslog service. A
service can have multiple dependencies, which influence how early or how
late rsyslog is started or stopped. Many years ago, we added dependency for
the network.target and network-online.target into the service file [1]. If
rsyslog started before establishing network access, it would be unable to
transmit messages to remote destinations during that period, resulting in
the generation of misleading information about the unavailability of
certain remote targets (e.g. not able to resolve hostnames).
However, this approach results in a significant tradeoff. While it prevents
misleading unavailability messages during network setup and shutdown, it
also causes rsyslog to *exit* *early* during shutdown, leading to missed
logs regarding the graceful termination of other programs. This limitation
extends to system reboots as well. Thus, while addressing one issue, the
current service configuration introduces another.
By default, we retrieve shutdown events from the journal using the
imjournal module. Journal log data is stored in memory so after shutdown,
logs are not preserved.
Has someone faced this problem? Are there any known workarounds?
[1]
https://github.com/deoren/rsyslog-examples/blob/master/etc/systemd/system/rsyslog.service.d/10-wait-on-network.conf
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
