Re: [rsyslog] Capturing shutdown logs

2024-03-20 Thread Attila Lakatos via rsyslog
Hello Peter, I think that would be the best solution from rsyslog point of view. However, this would mean that logs would be stored in both /var/log/{messages|secure|...} and the journal. Ideally, it would be better to have them only in one place. Thanks, Attila On Tue, Mar 19, 2024 at 4:03 PM P

Re: [rsyslog] Bash history --> rsyslog relay --> Elastic

2024-03-20 Thread Kees de Jong via rsyslog
Hi David, I've attached the full config with some redacted parts such as IPs. I hope that helps. -- Kees de Jong | Supercomputing | https://www.surf.nl/en/about-surf OpenPGP fingerprint: 0x0E45C98AB51428E6 On Tue, 2024-03-19 at 07:39 -0700, David Lang wrote: > please post your full configs, i

Re: [rsyslog] Capturing shutdown logs

2024-03-20 Thread Yury Bushmelev via rsyslog
Hello Atilla! You can limit the persistent journald storage in size with SystemMaxUse option. Just find a value which is good enough for you to save all the messages while rsyslog is down. I guess 1Gb should be more than enough. On Wed, 20 Mar 2024 at 12:17, Attila Lakatos via rsyslog < rsyslog@l

[rsyslog] question: decoding cisco syslog messages using pmciscoios

2024-03-20 Thread Pedro Caetano via rsyslog
Hi, After installing rsyslog and rsyslog-pmciscoios, I'm able to load the module without issues using the example present in the documentation. This are the installed packages: rsyslog.x86_64 8.2404.0.master-1710892962 rsyslog-pmciscoios.x86_64 8.2404.0.maste

Re: [rsyslog] Capturing shutdown logs

2024-03-20 Thread Peter Portante via rsyslog
Implied is not to store locally via rsyslog but use rsyslog to send off-host. On Wed, Mar 20, 2024 at 4:16 AM Attila Lakatos wrote: > > Hello Peter, > > I think that would be the best solution from rsyslog point of view. > However, this would mean that logs would be stored in both > /var/log/{me

Re: [rsyslog] question: decoding cisco syslog messages using pmciscoios

2024-03-20 Thread David Lang via rsyslog
please log some messages with the template RSYSLOG_DebugFormat so we can see exactly what is being sent, along with all the variables that it's being parsed into. (and go ahead and send those in the email rather than posting to pastebin) David Lang On Wed, 20 Mar 2024, Pedro Caetano via rsysl

Re: [rsyslog] Capturing shutdown logs

2024-03-20 Thread David Lang via rsyslog
The jousnal is storing them somewhere anyway (in ram if nothing else), that's a 'feature' of journald. you can set how much space you allocate to journald for it's fixed storage and so can set it small enough to not be an issue. David Lang On Wed, 20 Mar 2024, Attila Lakatos via rsyslog wrot

Re: [rsyslog] Capturing shutdown logs

2024-03-20 Thread David Lang via rsyslog
when you use imjournal with rsyslog, journald is storing the logs in it's database, then rsyslog is periodically querying the database for new logs. that database can be all in ram, or partially on disk. David Lang On Wed, 20 Mar 2024, David Lang via rsyslog wrote: Date: Wed, 20 Mar 2024 12: