Yes, the ignore is kind of permanent. However, even in inotify mode
relatively recent (since 2 yrs ago?) versions of rsyslog also do some
polling-like behaviour, so it should recover eventually. But this
depends on activity of other monitored files. So if the file with
wrong permissions is the
what's the error? which rsyslog version?
El lun, 8 mar 2021 a las 14:25, Milad Rezaei via rsyslog
() escribió:
>
> Hi Dears
>
> When I want to use ipv42num() or int2hex() to convert the IP address to
> hexadecimal
> Syslog got an error and never running
>
> how can I fix this?
>
> Regards
>
ndition ($msg contains "A" or $msg contains "B") or regex
> match (re_match($msg,"(A|B)")?
>
> It seems intuitive that simple match, even done twice (A _or_ B) shoul
> be faster than regexp matching but is it indeed?
>
> On 18.02.2021 08:49, Rainer Gerhards via
if $msg contains "ERROR:" or $msg contains "FATAL:" then
@logs6.papertrailapp.com:1
not sure if the syntax is 100% correct, but you get the idea.
HTH
Rainer
El mié, 17 feb 2021 a las 23:29, ashutosh via rsyslog
() escribió:
>
> Any help is appreciated.
>
> On Wed, Feb 17, 2021 at 3:17 PM
I am a bit late, but: good idea - see
https://github.com/rsyslog/rsyslog/pull/4525
Rainer
El vie, 22 ene 2021 a las 16:40, John Chivian via rsyslog
() escribió:
>
> pstats are awesome!
>
> When I want to know how much came into a TCP input, I look at pstats for
> name:inputName and get
actually it's even simpler. generally speaking:
if (a or b) {
action ,, (if any)
stop
}
in this special case:
if (($syslogtag startswith "dovecot") or ($msg startswith "imap-login ")) {
stop
}
I haven't checked any detail, so there may be some minor
incorrections. Error-messages, if any,
I haven't tried this, but as an idea.
Use mmnormalize/json twice:
1. parse the "upper" level, giving you msg
2. parse again, this time using msg as input
Just an idea...
Rainer
El vie, 5 feb 2021 a las 0:49, John Chivian via rsyslog
() escribió:
>
> David is correct. If what you posted is
It depends a bit on your template. I assume that you use the hostname
property. This is populated by the syslog header HOSTNAME field.
Unfortunately many tools do not populate it properly (many even do not
create a valid header at all).
If there are no relays involved, you could instead use
Hi all,
CentOS 6 is EOL for a couple of months now. I also have not heard
about any new rsyslog deployments on that platform. As such, I plan to
remove it from CI. The reason is that it causes extra effort and
complexity there (because of the old tooling).
Are there any good reasons to still
you can always rebuild librelp yourself - that's the obvious solution...
My 2cts
Rainer
El jue, 21 ene 2021 a las 9:07, Mariusz Kruk via rsyslog
() escribió:
>
>
> On 21/01/2021 06:54, Yuri Bushmelev wrote:
> > Hello!
> >
> > LD_PRELOAD can help you I guess.. though it'll be rsyslog-wide (not
>
Not much to add to David's response.
A queue on a ruleset is just like the default main queue on the
default ruleset. It means that
1. the to-be-processed messages are grabbed from the queue,
2. run through all actions synchronously
3. after that purged from queue
If one message blocks during
El mar, 19 ene 2021 a las 17:24, John Chivian via rsyslog
() escribió:
>
> ruleset (name=“from_input”) {
> call write_to_file
> call to_central_siem
> call to_separate_file
> }
>
> If I understand the internals, each call is essentially a “duplicated fork”
> that will operate independently
It's doable, but it is a (very) lot of work. I myself am not
interested in this work, and no company ever considered it important
enough to provide the (considerable) amount of sponsorship needed to
get this going (or implement it itself and contribute).
Sorry for being blunt, but that's simply
Full config pls.
Sent from phone, thus brief.
Salvatore Totaro via rsyslog schrieb am Do.,
17. Dez. 2020, 19:55:
> Hello,
>
> I tried with this:
> set $.newmsg = replace("nan nan nan","nan","'nan'::double precision");
> template(name="RMM_energy_value" type="list" option.sql="on") {
>
does
set $.newmsg = replace(...);
and using the $.newmsg variable inside the template work? On first
look it should...
HTH
Rainer
El jue, 17 dic 2020 a las 18:34, Salvatore Totaro via rsyslog
() escribió:
>
> Hi,
>
> I have a msg property made in this way:
>
>
Oh, just saw the version number. Way back, we had a version with a bug
that wrote to disk only on buffer full. Maybe that's what's happening
here.
So let me add to my previous email:
FIRST upgrade to rsyslog current (8.2012.0),
THEN create the debug log
chances are great it's just an faulty
I see nothing in the config that delays processing. Creating a debug
log may enlighten us. See here:
https://www.rsyslog.com/doc/master/troubleshooting/debug.html
On-page search for "Enabling Debug via rsyslog.conf". When done, we
can look at the debug log and see when and from where the message
No, that's unfortunately not possible (because it is very uncommon).
HTH
Rainer
El lun, 30 nov 2020 a las 8:19, Alvaro Gamez via rsyslog
() escribió:
>
> Hi
>
> I want to implement something akin to
> https://www.rsyslog.com/doc/master/tutorials/tls_cert_server.html this
> structure with a
El sáb., 21 nov. 2020 a las 16:07, Michael Musiol () escribió:
>
>
>
> Im using in rsyslog.conf the simplest possible change:
>
> # RULES #
> *.info;mail.none; ... /var/log/%HOSTNAME%/mm_messages
That's what I thought. This is a bit wrong. You need to define a
template to be
I guess I know what you mean, but can you post a config snippet with
this configuration?
Rainer
El sáb., 21 nov. 2020 a las 11:41, Michael Musiol via rsyslog
() escribió:
>
> Hi all,
>
> sadly im facing a problem to very basic configuration in rsyslog.
> im using the well known message and
is there anything in front of rsyslog, like a load balancer? We just
use regular TCP socket calls, so there is actually nothing special...
Rainer
El jue., 12 nov. 2020 a las 9:47, Fva via rsyslog
() escribió:
>
> Hello everyone,
>
> I have implemented configuration files linked list queues and
windows to nxlog or other syslog forwarding tool?
>
> --
> Peter
>
> On Thu, Aug 27, 2020 at 2:18 PM Rainer Gerhards via rsyslog
> wrote:
>>
>> That's one of the reasons why I recommend rsyslog windows Agent: you
>> have full control over the output format. Also,
Hi,
this info is read from the header (RFC3164 or 5424 depending on format).
You may be more interested in fromhost-ip property (but that's the
last hop in a relay scenario).
HTH
Rainer
El mié., 11 nov. 2020 a las 16:38, Psquare via rsyslog
() escribió:
>
> Hi Everyone,
>
> I have few queries
looks good! Looking forward to the real sample. You can also check
yourself if the frame is terminated with LF (hex 0a). In the sample it
is.
Rainer
El mié., 11 nov. 2020 a las 10:18, Seifer, Florian
() escribió:
>
> Ok I got it:
>
> 0x: 4500 0130 ad1e 4000 3d06 8571 0a35 cd0d
Maybe you can just use wireshark -- a screen shot from the gui is
probably sufficient.
Rainer
El mié., 11 nov. 2020 a las 9:31, Seifer, Florian
() escribió:
>
> Hello Rainer,
>
> I am not terribly firm with tcpdump, how would I go about doing that?
>
> Also I forgot to mention, the logs are
looks good. my gut feeling is that some senders do not properly
terminate the syslog frame with '\n'. Can you check you captures for a
case where a message is missing and post all bytes of the last seen
and missing messages in the correct sequence?
Rainer
El mié., 11 nov. 2020 a las 9:16,
config?
El mié., 11 nov. 2020 a las 9:11, Seifer, Florian via rsyslog
() escribió:
>
> Hello,
>
> I have a rather strange problem with an rsyslog-machine.
>
> I configured it to process incoming logs over network via tcp port 514 using
> imtcp.
>
> The incoming logs on that connection are simply
I started to integrate the snippet from github into the doc... In a
sense, this looks like what you really after is a native ratelimiter
object that can be called during rule processing. Isn't it?
Rainer
El mié., 4 nov. 2020 a las 12:26, Rainer Gerhards
() escribió:
>
> sounds good! -->
sounds good! --> https://github.com/rsyslog/rsyslog/pull/4456
Rainer
El mar., 3 nov. 2020 a las 12:12, Nicholas Brown via rsyslog
() escribió:
>
> An alternative that could be useful would be just make a unix timestamp
> (with full second resolution) directly available as a variable.
> Perhaps
ttp://erwo.net/tmp/rsyslog.conf
>
> On Debian 10
>
> Wilhelm Greiner
>
> -Ursprüngliche Nachricht-
> Von: rsyslog [mailto:rsyslog-boun...@lists.adiscon.com] Im Auftrag von Rainer
> Gerhards via rsyslog
> Gesendet: Mittwoch, 4. November 2020 09:14
> An: rsyslog-users
>
It's here: https://www.rsyslog.com/doc/v8-stable/configuration/timezone.html
But I think we need to see the config of the OP.
Rainer
El mié., 4 nov. 2020 a las 5:57, David Lang via rsyslog
() escribió:
>
> where did you find documentation on the timezone() parameter?
>
> David Lang
> On Tue, 3
maybe doing a
set $.rulesetname = "nameOfRuleset";
right after the $ruleset directive?
Rainer
El mar., 20 oct. 2020 a las 14:12, doron via rsyslog
() escribió:
>
> Hi folks - any thoughts re this?
>
> I have read the correspondence re "ruleset as a variable". Could not solve
> my case: my
> I tried a solution, disabling kern.debug with :
>
> ```
> kern.debugstop
> kern.*-/var/log/kern.log
> ```
>
> This turned the log from 1000 lines to 150 after a reboot.
>
> Just to confirm, is this the correct way ? Does the kern.* still produces
> logs except for kern.debug
if you know how to filter at graylog, you can also filter out and
discard those messages at rsyslog ;-)
Rainer
El lun., 12 oct. 2020 a las 10:40, Unam via rsyslog
() escribió:
>
> Yep, I can filter directly into graylog but the reboot of 150 servers
> generate thousand of lines into graylog.
>
just an idea: could you filter out certain strings?
Rainer
El lun., 12 oct. 2020 a las 10:00, Unam via rsyslog
() escribió:
>
> Hi there,
>
> I am using rsyslog to send all our logs on a remote graylog server. The
> config on every host (Debian 9 & 10) is quite simple, we send by default
>
sounds like an old rsyslog version. Current is 8.2008.0.
Rainer
El jue., 8 oct. 2020 a las 4:46, Jason Yu 余健 via rsyslog
() escribió:
>
> Hello everyone,
>
> I use action queue to test if client will buffer the logs when server is
> offline.
>
> The client config is as following:
>
Hi Fabio,
thanks for the question. It's not yet supported, but you raise an
interesting point! Let me see what I can do :-)
Greetings to Italy,
Rainer
El lun., 5 oct. 2020 a las 18:20, Fabio Dania via rsyslog
() escribió:
>
> Hi All
> We have this version of rsyslog on a windows machine.
>
>
gt; >
>> > Hi Rainer
>> >
>> > This is running on a Intel CPU Virtual Machine (specifically an i5-6600
>> > CPU)
>> >
>> > Rsyslog version: rsyslogd 8.24.0-57.el7_9
>> >
>> >
>> > Regards,
>> > Scorsese P.
a Intel CPU Virtual Machine (specifically an i5-6600 CPU)
>
> Rsyslog version: rsyslogd 8.24.0-57.el7_9
>
>
> Regards,
> Scorsese P.
>
>
> On Mon, Oct 5, 2020 at 2:37 PM Rainer Gerhards via rsyslog
> wrote:
>>
>> Nothing in the config really looks like i
Nothing in the config really looks like it would need a lot of processing time.
Which machine is this run on (ARM?) and what rsyslog version is used?
Rainer
El dom., 4 oct. 2020 a las 17:12, Yuri Bushmelev via rsyslog
() escribió:
>
> Hello!
>
> From what I see you have 5 conditions. 4 of them
The recorded meeting is now online (pretty unedited, but looks good enough):
https://rainer.gerhards.net/2020/09/first-syslog-open-online-meeting-a-success.html
I have also added some additional info.
Rainer
El mié., 30 sept. 2020 a las 17:58, Rainer Gerhards
() escribió:
>
> > I liked this
> I liked this meeting. It was really great and helpful.
>
> In addition to this format, I suggest organizing telcos with an
> agenda. E.g., to share experience, findings, roadmaps etc.
Thx for the feedback. I agree on meetings with agenda, but we also
need to keep in mind that rsyslog is a
>>
> >> Rainer
> >>
> >> El mar., 29 sept. 2020 a las 9:05, Radu Gheorghe
> >> () escribió:
> >> >
> >> > I love the idea, it’s just that I have a call already scheduled for
> >> then. Maybe i
guys (and girls?) are still around at 4PM UTC I can join
> > later?
> > >
> > > Best regards,
> > > Radu
> > > --
> > > Sematext Cloud - Full Stack Observability - https://sematext.com
> > > Solr and Elasticsearch Consulting, Training
upport
>
> > On 28 Sep 2020, at 20:51, Peter Portante via rsyslog
> > wrote:
> >
> > Great idea, Rainer!
> >
> > On Mon, Sep 28, 2020 at 12:57 PM Rainer Gerhards via rsyslog <
> > rsyslog@lists.adiscon.com> wrote:
> >
> >> Hi folks,
Hi folks,
I am doing an experiment tomorrow and invite you to an open (virtual)
meeting around rsyslog. It's on short notice, and that's part of the
experiment. More details here:
https://rainer.gerhards.net/2020/09/experiment-an-open-online-meeting-for-rsyslog-folks.html
Rainer
> > Note: RFC3195 is NOT RELP. 3195 is a very early and (for practical
> > reasons) now-abandoned syslog standard by IETF. RELP is a
> > "proprietary" "standard" but well-alive ;-)
>
> Aha! Thanks for clarification. So, if I want to send messages through
> RELP, I have to use librelp?
I checked
> Den mån 21 sep. 2020 kl 17:26 skrev Rainer Gerhards
> :
>
> > Liblogging can do this.
>
> Thanks! It looks exactly as an answer I was looking for!
>
> I am testing it right now. Look great. And has support for RFC 3195 (RELP)
> also!
Note: RFC3195 is NOT RELP. 3195 is a very early and (for
mhhh... when rsyslog forwards, it should add an \n AFTER the message.
Can you check what is outgoing (e.g. via Wireshark)? If the LF is
missing, can you post the client's config (and maybe a debug log)?
Rainer
El vie., 18 sept. 2020 a las 9:56, Peter Viskup
() escribió:
>
> Hi Rainer,
> confirm
https://www.rsyslog.com/doc/v8-stable/concepts/multi_ruleset.html
Use the modern syntax in the samples.
Rainer
Jens Bürger via rsyslog schrieb am Fr., 11.
Sept. 2020, 21:49:
> Dear all,
>
> I have a Debian 9 machine and want to receive and store logs from an
> external hardware devices
This smells like incorrect framing (no LF at end of message).
Rainer
El mar., 8 sept. 2020 a las 9:48, Peter Viskup via rsyslog
() escribió:
>
> Getting following strange messages on our syslog servers:
>
>
> Sep 8 06:02:03 syslog01 rsyslogd: imptcp bo-t: message received is at
> least 2001
n't have a specific
> preference.
>
> Thank you for offering to take a look at the configuration!
>
> -Original Message-
> From: rsyslog On Behalf Of Rainer
> Gerhards via rsyslog
> Sent: Wednesday, September 2, 2020 3:14 AM
> To: rsyslog-users
> Cc: Rainer G
I don't see the rest of this thread, can you (re?) post you config?
Rainer
El mié., 2 sept. 2020 a las 3:13, Adam Chalkley via rsyslog
() escribió:
>
> Unfortunately the system is still having issues.
>
> I enabled debug logging earlier, copied the debug log aside and *then*
> disabled
I thought I had corrected that statement a while ago - will check.
But, yes, it is safe.
Rainer
El vie., 28 ago. 2020 a las 12:50, Aleksandar Lazic
() escribió:
>
> On 27.08.20 08:28, Rainer Gerhards via rsyslog wrote:
> > use omstdout
>
> Is it ready to be used i
That's one of the reasons why I recommend rsyslog windows Agent: you
have full control over the output format. Also, it's default format
(Adiscon EventReporter) is known by many systems because it was the
first tool ever to perform that type of work.
Rainer
El jue., 27 ago. 2020 a las 13:41,
use omstdout
HTH
Rainer
El mié., 26 ago. 2020 a las 23:32, Randall Diffenderfer via rsyslog
() escribió:
>
> working in a container env, the ask is to have a single rsyslog process
> "concentrate" logs from disparate processes and spit them out to STDOUT.
>
> what's the *right way* to do this?
check here: https://github.com/rsyslog/rsyslog/pull/4391
Rainer
El mié., 26 ago. 2020 a las 13:15, Rainer Gerhards
() escribió:
>
> I hadn't thought there was a legit use case for this, but you have a
> point. Looking at the quoted thread, I would also tend to say the
> message should be a
I hadn't thought there was a legit use case for this, but you have a
point. Looking at the quoted thread, I would also tend to say the
message should be a warning:
https://github.com/rsyslog/rsyslog/issues/3668#issuecomment-493107691
Rainer
El mié., 26 ago. 2020 a las 12:32, Thomas Spitz via
A little bit more background on the binary package delay:
https://rainer.gerhards.net/2020/08/rsyslog-8-2008-released-packages-delayed.html
Rainer
El mar., 25 ago. 2020 a las 18:21, Florian Riedl via rsyslog
() escribió:
>
> Today, we release rsyslog 8.2008.0. This release provides mostly
>
I suspect they have a problem with their framing (rings a bell). Can
you post a tcpdump of a few messages?
Rainer
El mar., 25 ago. 2020 a las 4:30, Tod A Sandman via rsyslog
() escribió:
>
> I am running a central log server with rsyslog-8.2006 and the latest release
> of RHEL7.
>
> A few weeks
For obvious reasons, I recommend the rsyslog Windows Agent ;-)
https://www.rsyslog.com/windows-agent/
Rainer
El lun., 24 ago. 2020 a las 16:17, Peter Viskup via rsyslog
() escribió:
>
> Does anyone have experience of handling WEC messages from Windows clients
> in (r)syslog infrastructure?
>
Please post your config. Note: rsyslog always keeps existing config
working, so it is not the age of your samples that is the problem.
Rainer
El vie., 21 ago. 2020 a las 3:12, Clifford McGlamry via rsyslog
() escribió:
>
> Good day. I'm attempting to set up rsyslog for the first time to capture
Which keywords were you searching for? I'd like to improve on that...
Rainer
Sent from phone, thus brief.
Александр Поволоцкий via rsyslog schrieb am
Mi., 19. Aug. 2020, 07:30:
> Thank you! I could not find anything because I was searching for wrong
> keywords and was too sleepy to read docs
The problem is that you have not de-coupled the flow of actions from
each other. So when the forwarding blocks, rsyslog cannot process the
others until it times out. You decouple via queues. I guess this
resource might be useful for you:
David,
this may help you limiting down the volume of debug output:
https://github.com/rsyslog/rsyslog/blob/master/tests/imtcp-tls-ossl-basic-tlscommands.sh#L12
Not sure if it is everything that's needed, but may be helpful.
Rainer
El jue., 13 ago. 2020 a las 19:11, David Lang () escribió:
>
>
updated https://github.com/rsyslog/rsyslog/issues/4241
Rainer
El vie., 14 ago. 2020 a las 2:36, David Lang via rsyslog
() escribió:
>
> using the legacy option (so that I can do ?path;format to write) I am seeing
> the dynafile cache size being limited to 1000.
>
> rsyslogd -N1
> rsyslogd:
David,
not sure if my mail reached you. I said that Andre is best qualified
to answer this question, but he has a week off. Of course, I can look
at the debug log, but I have not done any real work on the openSSL
drivers.
Rainer
El jue., 13 ago. 2020 a las 17:37, David Lang via rsyslog
()
just to get me started - are these files created by rsyslog or other
applications?
Rainer
El vie., 7 ago. 2020 a las 9:00, Shrikant Jadhav via rsyslog
() escribió:
>
> Hi,
>
> I am new to using rsyslog - I have a scenario in which I want to send
> file1.log, file2.log to a remote machine say
The first one is a bit unsafe, as rsyslog currently opens multiple
files in this case (there is one personal item for me on the todo list
to make this only once via a global cache, but nobody ever asked for
it, so it has low prio).
The performance of the second should be better, assuming that the
El mié., 5 ago. 2020 a las 8:22, David Lang via rsyslog
() escribió:
>
> if I do
>
> set $!trusted!timestamp=$timegenerated;
>
> what I get is a low precision formatted timestamp
>
> if I then try to send this to a remote machine, $!trusted!timestamp contains
> something like "Aug 4 20:00:01" so
El lun., 3 ago. 2020 a las 9:11, Naoum, (Alexandros)
() escribió:
>
>
> I got them. I was more expecting something on the official distro repos or at
> least in EPEL. As company we can't use any other repository except of the
> official distro and EPEL (not recommended but it is approved)
then
see here: https://www.rsyslog.com/downloads/download-other/
El lun., 3 ago. 2020 a las 8:18, Naoum, (Alexandros) via rsyslog
() escribió:
>
> Hi,
>
> What is the name of the package and in which repo (EPEL?)? I was looking for
> something like rsyslog-module-ossl
>
>
> Regards,
> Alexandros
>
>
thx - looks like I need to dig a bit deeper, I am sure there is a
valid explanation - which then should be reflected by some name
mangling.
Rainer
El vie., 17 jul. 2020 a las 20:21, Peter Viskup
() escribió:
>
> Not related to IPv4 vs. IPv6 nor rulesets
>
> On server with IPv6 disabled with only
El jue., 16 jul. 2020 a las 9:00, Peter Viskup () escribió:
>
> Just discovered the same on our infra.
> Will test by disabling IPV6 and confirm if Ángel will not answer sooner.
Thx - I guess if it is that way, it would make sense to automatically
append"ipv4" or "v6" to the configured name.
Sorry for being late to the discussion.
I would need to check, but I guess this is ipv4 and ipv6, which
possibly are not clearly indicated. Could this be the case?
Rainer
El mar., 14 jul. 2020 a las 15:49, Peter Viskup via rsyslog
() escribió:
>
> Hi Ángel,
> might be related to the ruleset in
Did you have a look at imklog? That's the original module for kernel
messages. I admit I do not remember why exactly imkmsg was
contributed.
Rainer
El vie., 3 jul. 2020 a las 20:10, Eric Blomquist via rsyslog
() escribió:
>
> Does anyone have any idea how to get imuxsock to read kernel messages?
IIRC, the doc is wrong (it was written when the final things was not
utilized). But I can check details.
Currently I am spending most of my time with packaging, as nobody ever
really took up this task and we had ample of problems because of it in
the past couple of month. It requires quite some
Sorry, I had not yet pushed the scheduled stable release branch. This
is now done.
Thx for the heads up.
Rainer
El mié., 24 jun. 2020 a las 11:46, Cyril Stoll via rsyslog
() escribió:
>
>
> Hi
>
> Just in case this is has been overlooked. The changelog on github (see link
> below in original
I have not used the module myself, but I think you just need to put
the components into the right config parmater. If you do not know what
private key etc is, I suggest to contact your certificate issuer for
assistance.
Rainer
El vie., 5 jun. 2020 a las 16:07, Arp via rsyslog
() escribió:
>
>
The question is as which user it is executed? Does that user have
permissions to send HUP to the rsyslog process, which may run as
another user.
When you say "one works, one other not" it smells strongly like
permission issues
Rainer
El mar., 2 jun. 2020 a las 17:17, Anthony Benitez Borges
Sounds like logrotate has no permission to send hup to rsyslog process...
Rainer
Sent from phone, thus brief.
Anthony Benitez Borges via rsyslog schrieb am
Di., 2. Juni 2020, 16:29:
> I have some switches/firewalls sending logs to my logging server through
> both TCP/UDP and I have noticed
David,
> on 8.2001 I set the dynafilecachesize = 1 and I get an error message at
> startup (and with -N1) saying that this exceeds the limit and has been
> reducedto
> 1000
I tried to redroduce this on 8.2001 and I can set it to much higher
values than 10,000. I also don't find any hint of
Depends on what you want to do with the actions. Most important
question: if one action blocks, shall all others block as well? If the
answer is yes, then go for the queue at the ruleset level.
As you know for omfile it almost always makes no sense to define a
queue. Some for rulesets that
I think I also said this on the issue tracker, but: what is the
predicate to stop watching the file? No activity for"n" hours?
Rainer
El sáb., 23 may. 2020 a las 19:07, John Chivian via rsyslog
() escribió:
>
> Not currently, no. There is an open request to read a file, then close
> and delete.
David,
> one current limitation is that if youare using dynafiles to write your logs to
> different files, the dynafile cache size is currently limited to 1000 entries.
can you fresh up my memory where you hit this limit? I just checked
the code and did some testing and I do not see the limit
I don't see any problems with many connections, but I am not sure if
that old version has some bug in regard to it.
HTH
Rainer
El vie., 22 may. 2020 a las 12:57, PRATIK RANA via rsyslog
() escribió:
>
> Hi All,
>
>
>
> I am using a centralised rsyslog server of version 8.24.0-34.el7 configured
>
The problem might be related to the beauty of "unnecessary include
files" - the problem construct could be in the file that is included
before this one.
I suggest to take the content of asa.conf and copy it verbatim
to the spont in rsyslog.conf itself where you want it. At a minimum,
this makes
> $.dev1IP = 192.168.1.1;
> $.dev2IP = 192.168.1.2;
> $.dev3IP = 192.168.1.3;
>
> set $.sourceIP = $fromhost-ip;
> set $.sourceTag = "";
>
> template(name="temp1" type="string"
> string="/path/to/logDir/%.sourceIP%/%.sourceIP%.%.sourceTag%.log")
The problem is that ".sourceTag" is not a
> I have multiple devices sending logs to a central logging server and these
> all sends logs in a somewhat different way, therefore I have different sets
> of filters for each of these devices. The idea I had was to set variables
> at the top of the configuration with the IP addresses for these
librelp is now also updated.
Rainer
El lun., 11 may. 2020 a las 9:21, Rainer Gerhards
() escribió:
>
> FYI: I have finally been able to update OBS again. Somehow the OBS
> client doesn't seem to work on none-SUSE distros any longer (at least
> not for me).
>
> Note: I have updated rsyslog, but
The simplest way is to create a pull request on github. Basically, all
you need to do is clone the rsyslog repository, add a branch with your
patch and create a PR out of it. Full procedure is here:
> Can the imptcp and imudp inputs share the same inputname?
I am not sure if it is checked, but the idea was that they are unique.
So I wouldn't try it that way...
> Thinking of using the different IPs with same port numbers for
> listener pairs imptcp+imudp. Need to process messages based on
FYI: I have finally been able to update OBS again. Somehow the OBS
client doesn't seem to work on none-SUSE distros any longer (at least
not for me).
Note: I have updated rsyslog, but am still working on librelp, which
also needs an update.
Rainer
El mar., 5 may. 2020 a las 12:44, David Lang
El mar., 5 may. 2020 a las 21:35, David Lang () escribió:
>
> On Tue, 5 May 2020, Rainer Gerhards wrote:
>
> >> also, could you take a look at the pull requests for liblognorm? there are
> >> a bunch of contributions that have been sitting for a long time.
> >
> > I will and have done, but IIR a
El mar., 5 may. 2020 a las 12:44, David Lang via rsyslog
() escribió:
>
> 8.2002 and 8.2004 are not showing up on OBS
There seem to be some tech problems with OBS. I just tried yesterday
to update it, but for now, I receive unexpected errors trying to
upload the new releases. Working on it.
>
>
Just a tipp: if you search for the old-style construct inside the
rsyslog documentation, it's context and relation to the new style
should show up, often together with a sample. See here:
https://www.rsyslog.com/doc/master/rainerscript/queue_parameters.html?highlight=actionqueuediscardseverity
Please see
https://www.rsyslog.com/slightly-changed-rsyslog-stable-release-cycle/
Rainer
___
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow
Please open an issue at GitHub, so that we can have a look.
Sent from phone, thus brief.
Prasad Koya via rsyslog schrieb am Fr., 1. Mai
2020, 03:15:
> Hi Florian
>
> Found a bug in rsyslog-8.29.0. I see the issue exists in master branch as
> well:
>
>
oh, that's a good question - maybe I was on the wrong path. I need to
investigate.
Rainer
El mié., 29 abr. 2020 a las 13:45, Peter Viskup
() escribió:
>
> What's the purpose of inputs.timeout.shutdown then.
> Thought it should cover this scenario in a way that the clients will have
> enough
no, the receiver shuts down as soon as possible. This is intended.
Otherwise you get even longer shutdown times.
Rainer
El mié., 29 abr. 2020 a las 13:00, Peter Viskup via rsyslog
() escribió:
>
> Just testing the message forwarding and reliability of plain TCP. Am aware
> of the un-reliability
201 - 300 of 448 matches
Mail list logo