Hi
We plan to send syslog protocol version info in message per rfc5424
(https://tools.ietf.org/html/rfc5424#page-11). When I send out version
1 as per spec, syslog receiver nxlog gets confused. Message at line 4
below is sent without it and the message at line 7 is sent with
version 1 after PRI. F
Hi
Trying to confirm if what I'm seeing is the right behavior. We are using
rsyslog-8.2001 version.
bash-4.2# cat /etc/rsyslog.conf
module( load="imuxsock" )
$MainMsgQueueTimeoutEnqueue 0
module( load="imklog" )
# The default file format
template( name="EOS_FileFormat" type="list" ) {
propert
Hi
We have a kernel module that is exporting its logs to a separate
circular buffer via a debugfs file in the linux kernel. We were
wondering if we can use imklog to read that file and write the kernel
logs to a separate ext3/vfat file in userspace. Is that possible?
For imfile, I see we can prov
to Adiscon about sponsoring such a change)
>
> unless you can show this to be a solution to a more general problem than just
> your module, adding this feature is probably very low on the priority list.
>
> David Lang
>
> On Sat, 29 Oct 2022, Prasad Koya via rsyslog wrote:
Hi
We are using rsyslog-8.2102 and we are trying to delay forwarding of
syslogs messages to a remote host.
ruleset ( name="ForwardToServer1" queue.size="1000"
queue.dequeuebatchsize="1" queue.type="LinkedList"
queue.dequeueslowdown="10" ) {
if $syslogfacility-text != 'authpriv' and $sysl
u explain a bit more about the problem you are trying to solve? the
> dequeueslowdown parameter is a poor mans rate limiting attempt, and almost
> never
> used.
>
> David Lang
>
>
>
>
> On Sat, 14 Jan 2023, Prasad Koya via rsyslog wrote:
>
> > Date: Sat, 1
Alex, excuse me for using this thread for posting my question. But my
question is also on the same topic.
I have configured rsyslogd (v8.2102.0) to forward syslogs to two remote
servers, one using TCP protocol and second one using UDP. Besides
forwarding, I also have a rule to log to a local file.
Hi
Before I explain what I'm trying to solve, here is our rsyslog.conf:
module( load="imuxsock" )
module( load="imklog" )
module( load="impstats" interval="60" severity="7" log.syslog="off"
log.file="/var/log/rsyslog_stats")
$MainMsgQueueTimeoutEnqueue 0
template( name="Msg_ForwardFormat_info"
Thanks for replying.
The problem I'm trying to solve is when forwarding syslogs to multiple
servers over TCP. Yes, UDP is unreliable and out of order messages are
expected.
I'm understanding more about rulesets. I'll get back to the thread after
some more work on this.
On Wed, Feb 14, 2024 at 12
Hi
module( load="imuxsock" )
module( load="imklog" )
if ($syslogfacility-text == 'kern' and $msg contains "Out of memory") then {
action(type="omfile" queue.size="1000" queue.type="LinkedList"
queue.dequeueSlowDown="36" file="/var/log/oom")
}
If we have a flurry of, for example,
MK
>
>
> On 3.04.2024 08:51, Rainer Gerhards via rsyslog wrote:
> > This sounds a bit like you are looking for this:
> >
> > https://www.rsyslog.com/doc/tutorials/log_sampling.html
> >
> > HTH
> > Rainer
> >
> > El miƩ, 3 abr 2024 a las 3:25, Prasad Koy
sending them to an
> external
> app (single threaded or a very complex multi-threaded thing that correlates
> across it's threads) is the right thing to do.
>
> David Lang
>
> On Sun, 7 Apr 2024, Prasad Koya via rsyslog wrote:
>
> > Thanks for the replies.
> &
rrelation engine, since rsyslog is
> >> multi-threaded for performance, it can't count on anything internal seeing
> >> every
> >> message, which is why filtering for the messages and sending them to an
> >> external
> >> app (single threaded or a ve
Hi
We are using rsyslog version 7.2.6. With omfwd module forwarding
syslogs to a server over tcp, we see a situation (when syslog server
is not reading the tcp socket or maybe a firewall rule added drops
data to syslog server) where mainqueue builds up to 10,000 messages at
which point we are not
)]
$ActionQueueWorkerTimeoutThreadShutdown [number is timeout in
ms (1000ms is 1sec!), default 6 (1 minute)]
When does above configs come into play?
$ActionQueueCheckpointInterval
?
On Tue, Sep 4, 2018 at 12:29 PM David Lang wrote:
>
> On Tue, 4 Sep 2018, Prasad Koya via rsyslog
Hi
We are using rsyslog-7.2.6. Been going through
https://www.rsyslog.com/doc/v7-stable/configuration/index.html
1.
We have few rules like below with all of them forwarding to same syslog
server. However, depending upon the contents of source message we'd like to
send different message ie.,
Thanks for reply.
We are migrating to rsyslog-8.x for next production version.
Could you point me to any help page on (1).
On Tue, Oct 23, 2018 at 1:22 AM David Lang wrote:
> On Mon, 22 Oct 2018, Prasad Koya via rsyslog wrote:
>
> > Hi
> >
> >
> > We are u
Hi
We ran into this issue first time with rsyslog 7.2.6. With
'RepeatedMsgReduction on', we saw the syslog printed ended up with
wrong timestamp. Please see the timestamp in lines 2,3,4 below. The
timestamp in line 4 should be 2018 Oct 22 11:20:25.
2018 Oct 22 11:20:24 glc254 Aaa: %AAA-4-ACCT: A
Hi Florian
Found a bug in rsyslog-8.29.0. I see the issue exists in master branch as
well:
https://github.com/rsyslog/rsyslog/blob/v8-stable/plugins/omudpspoof/omudpspoof.c#L513
When the issue happens, rsyslogd goes into infinite loop and syslogging
stops. Reproducible when udpspoof module is in
rom phone, thus brief.
>
> Prasad Koya via rsyslog schrieb am Fr., 1.
> Mai 2020, 03:15:
>
>> Hi Florian
>>
>> Found a bug in rsyslog-8.29.0. I see the issue exists in master branch as
>> well:
>>
>> https://github.com/rsyslog/rsyslog/blob/v8-stable/
Hi
how do I submit ipv6/udpspoof patch as part of
https://github.com/rsyslog/rsyslog/issues/4268.
Can I email the mailing list a git diff patch that applies to
rsyslog-master?
Thank you.
___
rsyslog mailing list
https://lists.adiscon.net/mailman/listin
Hi
On one of our customer's system, we saw that rsyslog started logging
hostname in lowercase after receiving SIGHUP. We run 'logrotate' every
15mins. Our syslogs in the system are diverted to a file named 'messages'
under /var/log. Below is block that handles rotation of /var/log/messages
in log
Hi
Please see attached git patch based off of master branch. It compiles.
I created a local branch that I can try to push but I had to create a VM,
install quite a few things. Building from spec file was easier in our
workflow. github.com didn't let me create a branch on their site. Maybe I
need
23 matches
Mail list logo
