Greetings, We are using Rsyslog on RHEL9.3 to gather logs in an environment of around 600 or so servers. All of these servers forward directly to our single syslog server, which then forwards the logs along to a mysql db (runs on a separate server), ELK stack, and to file locally on the system.
I've noticed at around the same time each night, rsyslog begins dropping most of the incoming logs, and there is a gap where almost all logs simply aren't recorded. Network connectivity seems ok, as I am able to connect to the syslog server, connect to 514/TCP port (we also use UDP), and I can see logs hitting the server using tcpdump on the NIC. The syslog server is a virtualized server w/ 4 CPU cores and 8G of RAM. Would anyone have any idea on how to tune rsyslog to avoid these periods of log loss? Levi Wilbert HPC & Linux Systems Administrator ARCC - Division of Research and Economic Development Information Technology Ctr 226 1000 E. University Avenue, Laramie, WY 82071-200 _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
