Which error messages do you see?
Rainer
Sent from phone, thus brief.
warron.french via rsyslog schrieb am Mo., 15.
Apr. 2024, 15:52:
> At Mariusz, my apologies for not replying earlier, somehow Google Mail
> crunched your reply in the thread so that I did not see it (*laziness on my
> part I
Sound good to me, as long as everything is backwards-compatible ;-)
Else we need to discuss pro and con (I guess there a lot of pro!)
Rainer
El lun, 15 abr 2024 a las 11:55, Attila Lakatos via rsyslog
() escribió:
>
> Hello,
>
> Currently, log messages written to files can undergo encryption
chosen. The thing is I was choosing not based directly on random(4) but
> > on (random(some_bigger_integer) % 4) which I thought would yield more
> > uniform randomness. It appears I was wrong.
> >
> > MK
> >
> >
> > On 3.04.2024 08:51, Rainer Gerhards via rsys
Hi Michael,
thanks for the info, but I am unfortunately unable to reproduce this.
As the tests have complex timing interdependencies, may it be the case
that we had just a very busy flaky day? Would it be possible to re-run
them?
Side-note: I also looked at the changes and I cannot see anything
This sounds a bit like you are looking for this:
https://www.rsyslog.com/doc/tutorials/log_sampling.html
HTH
Rainer
El mié, 3 abr 2024 a las 3:25, Prasad Koya via rsyslog
() escribió:
>
> Hi
>
>
> module( load="imuxsock" )
> module( load="imklog" )
>
> if ($syslogfacility-text == 'kern' and
you need to craft a template with a fixed facility you want. That's
the part inside the template. See RFC5424 for how to calculate it
(yes, it should be easier, but it's a pretty uncommon request and this
is right now the only way to do it.).
HTH
Rainer
El dom, 24 mar 2024 a las 13:21, Steven
Usually this happens when TLS cannot successfully be enabled at the
server side. This can happen even though the config looks valid, e.g.
permission issues reading cert files.
Rainer
El mar, 19 mar 2024 a las 15:55, David Lang via rsyslog
() escribió:
>
> we would need to see your full configs
Please contain a plain text part in your mail. The mailing list
processor removes HTML for security reasons.
Judging from the subject, I guess either the receiver OR the sender
has not successfully enabled TLS. Check for error messages from
rsyslog.
HTH
Rainer
El mar, 19 mar 2024 a las 15:06,
In theory, you can build rsyslog from the sources yourself - except
when something was broken in the meantime.
Side-note: we offered IBM to keep rsyslog AIX compatible if they
provide a buildbot worker for CI checking and some advise on problems.
but they seemed not very interested in that
As I said, TLS 1.3 is supported, but not all properties are yet
available directly via the GUI. However, they can be set via "SSL
configuration commands". I have requested that the next major version
also provides proper GUI parameters.
In the meantime I suggest to contact Adiscon support at
I need to ask the folks closer to the agent, but to the best of my
knowledge TLS 1.3 is supported (very sure), and I guess openssl 3.x is
used (not so sure on that).
HTH
Rainer
El mié, 21 feb 2024 a las 13:34, Ivanov Timea via rsyslog
() escribió:
>
> Hello!I need to send specific Windows event
> You could try pushing all events to a single ruleset with a queue with
> just one worker thread. I suppose then the events dequeued from the main
> queue and enqueued into the ruleset queue would be in order. I'm not
> fully sure about the order of events enqueued into action queues though.
>
I checked, but SuSe unfortunately does not provide the ability to
build for Rocky Linux.
Maybe you can give these ones a try:
https://www.rsyslog.com/rhelcentos-rpms/
I would appreciate it if you could report back your findings, whatever
they may be.
Rainer
El lun, 22 ene 2024 a las 22:04,
Hi all,
I just wrote a bit about how I integrate AI in the doc improvement
process. I thought that might be interesting for some of you:
https://www.rsyslog.com/documentation-improvement-and-ai/
And, as it exits anyhow, a version translated into German is also
available as part of this article:
Hi all,
more news, please have a look here:
https://www.rsyslog.com/additional-improvements-to-rsyslog-doc-and-site/
Rainer
___
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
ll benefit from this in the end
>
> Best regards Johan Ryberg
>
> Den tors 4 jan. 2024 18:01Peter Portante via rsyslog
> skrev:
>>
>> On Thu, Jan 4, 2024 at 11:31 AM Rainer Gerhards via rsyslog
>> wrote:
>> >
>> > Hi all,
>> >
>&
Hi all,
happy new year to everyone!
I think I have some good news. I have initiated a new project to
enhance doc and rsyslog website. Initial announcement is here:
https://www.rsyslog.com/improving-the-rsyslog-documentation/
More details follow in further postings. As you may guess, some
It will not.
Rainer
El dom, 31 dic 2023 a las 1:03, David Lang via rsyslog
() escribió:
>
> a HUP will reconnect, but I don't think that a HUP will reload the
> certificates
> from disk.
>
> David Lang
>
> On Sat, 30 Dec 2023, John Chivian via rsyslog wrote:
>
> > I believe restarting is the
Thx, that is useful. Obviously we have a leak:
> 48,420,608 bytes in 189,143 blocks are definitely lost
unfortunately, we do not have symbols, so we do not know exactly where
it happens. Can you install debug symbols? Usually there is a package
rsyslog-debuginfo (or the like), which should at
Great.
Do you know valgrind? If so, you could run rsyslog under valgrind control,
best in the forground. When you terminate rsyslog, valgrind will show leak
stats of any.
Rainer
Sent from phone, thus brief.
Adriaan de Waal schrieb am Mi., 6. Dez. 2023,
19:56:
> Good day
>
> Looking at the
Look at the queue sizes in impstats. Are they ever-increasing?
Rainer
El mié, 6 dic 2023 a las 14:30, Adriaan de Waal via rsyslog
() escribió:
>
> Good day
>
> I am trying to diagnose and resolve an issue whereby the memory consumed by
> the rsyslog daemon increases linearly over time. This
This smells like a bug. It looks like the discarded messages will
never be deleted.
In this case, I would suggest to open a github issue tracker if that
is possible for you.
Rainer
El jue, 16 nov 2023 a las 16:21, Jeremiah Garmatter via rsyslog
() escribió:
>
> Hello,
>
> I have rsyslog
Well, you say that the equipment does not necessarily follow the RFC.
In that case, rsyslog might not be able to read the hostname from the
message. We try hard to handle "well known malformed formats", but we
cannot let everything slip through. Especially if it really is unclear
where the
I do not personally see a need for that file to reside in
> > the rsyslog repo.
> >
> > Regards,
> >
> >
> >> On Oct 20, 2023, at 10:24, Rainer Gerhards via rsyslog
> >> wrote:
> >>
> >> Hi all,
> >>
> >> the git reposito
Hi all,
the git repository contains rsyslog.service sample files. Actually,
these have not been updated for years and do no longer match distro
policies.
Thankfully, Michael Biebl sent a PR to update the Debian parts. We had
a small discussion about the usefulness of these files at all. Michael
I guess it works because journal always throws messages away if it cannot
deliver them quickly. Luke a very short timeout+drop queue config in
rsyslog.
Rainer
Sent from phone, thus brief.
David Lang schrieb am Do., 21. Sept. 2023, 08:23:
> now you have journald acting as a queue, so all
I reviewed the code - it's puzzling. It looks like the config system
for that param got implemented, but that part of the config is never
used. Looks a bit like PR is missing. I need to investigate closer.
I'd appreciate the creation of a github issue.
Rainer
El lun, 18 sept 2023 a las 21:15,
It's not easy to guess what rsyslog really sees, but I have one final
shot. As it looks, msg might already contain json. In that case, do
not use any special json formatting option. These options exist to
ensure non-json data (or json data as an inner encapsulation layer)
will be received as-is.
Output the message with RSYSLOG_DebugFormat template. I need to see which
data msg actually has.
Rainer
Sent from phone, thus brief.
Lennon, Sean (UK) schrieb am Mo., 18. Sept.
2023, 16:41:
>
>
>
>
> This email may contain proprietary information of BAE Systems and/or third
> parties.
>
>
Does this example from the rsyslog testbench help?
https://github.com/rsyslog/rsyslog/blob/761cb2bc51e3046b242b45994cff11ff8be3990e/tests/json-nonstring.sh#L4
Rainer
El lun, 18 sept 2023 a las 15:10, Lennon, Sean (UK) via rsyslog
() escribió:
>
>
>
>
>
> This email may contain proprietary
> so far not a single 111 today, I let this run the until late evening,
> and if there is stil no 111 I will put back the python script in order
> because right now there are 2 possibilities, I moved the socket as said,
> and I skipped the script and just appended the message to a file
> if either
Maybe a debug logs helps, but if rsyslog does not emit an error
message, it does not sound like it has some issue. I also don't see a
relation to the script. But to be sure, would it be possible to
temporarily remove it and see if that changes anything?
Rainer
El lun, 18 sept 2023 a las 9:09, TG
Is this from a nginx text log? Any errors infos from rsyslog itself?
Rainer
PS: I do not see how this can be related to rsyslog, but you never
know. I do not yet understand the fault scenario TBH.
El dom, 17 sept 2023 a las 18:39, TG Servers via rsyslog
() escribió:
>
> Hi,
>
> ever since I
you can load modules only once. If you need a new input, just use the
"input" object.
I cannot read your config snippet correctly (it's garbled by your mail
client, maybe due to html mail). But it looks like it is invalid.
Rainer
El jue, 7 sept 2023 a las 17:44, Pedro Caetano via rsyslog
()
Ole,
it probably is a good idea to file this as a github issue and tag
@cropi while doing so.
The last fix to that patch was this here:
https://github.com/rsyslog/rsyslog/pull/5166
Rainer
El mié, 30 ago 2023 a las 14:30, Rainer Gerhards
() escribió:
>
> There is a patch by Red Hat that limits
There is a patch by Red Hat that limits rsyslog capabilities. One
capability is CAP_DAC_OVERRIDE, which permits to bypass permission
checks. IMHO it should not be dropped even with the patch present, but
it sounds like it is. Please also note that there are different
versions of that patch
It might be worth contacting Red Hat if there is a patch inside their
version that causes the issue.
Alternatively, you can try rsyslog from the project itself.
And maybe there are some other OS settings that cause this issue.
My 2cts,
Rainer
El mié, 30 ago 2023 a las 10:07, Ole Froslie via
You should move the forwarding rule really to the top, above the include
statement. Thus I really meant top because it solves all such rule
dependency issues (I am not a fan of splitting configs, it unnecessarily
complicates things, at least in almost all cases) .
Rainer
kathy lyons schrieb
Move the forwarding rule to the top, that should solve your issue.
Rainer
Sent from phone, thus brief.
David Lang via rsyslog schrieb am Do., 17. Aug.
2023, 19:16:
> all of those lines are telling rsyslog that if it matches the filter
> and
> writes it to the file that it should stop
[...]
> > Acceptable client certificate CA names CN = CA1 CN = CA2 C = DE, O =
> > Democompany Inc., CN = Democompany Inc. - Intermediate CA-1 C = DE, O
> > = Democompany Inc., CN = Democompany Inc. - Root-CA C = US, O =
> > Amazon, CN = Amazon Root CA 4 [...]
> >
> &
actually, there is DTLS, which is "datagram tls" and there also is a RFC.
So far, we had no real demand to implement it. My impression is that
DTLS syslog is largely unused.
Rainer
El jue, 3 ago 2023 a las 12:07, Redbourne,Michael via rsyslog
() escribió:
>
> Yeah, unfortunately that's what I
Thanks - the RELP info is a good pointer!
Rainer
El mié, 2 ago 2023 a las 10:27, Mariusz Kruk via rsyslog
() escribió:
>
> Sorry, I'm just a simple admin. I wouldn't touch the TLS-related
> programming with a ten-foot pole. Tried it once, long time ago, got my
> hair a bit more grayish and ran
disclaimer: I did not read the full message
BUT: I think you are both right.
It actually should work in the way Mariusz describes, but for many
software products it actually does work like Andre describes (I think
even some web server).
Not sure if it is a lib limitation or something we need to
>
>
>
>
>
>
> -Ursprüngliche Nachricht-----
> Von: rsyslog Im Auftrag von Rainer
> Gerhards via rsyslog
> Gesendet: Montag, 31. Juli 2023 18:21
> An: rsyslog-users
> Cc: Rainer Gerhards
> Betreff: Re: [rsyslog] Support for multiple certificate chains (
I think this version is too old.thre was related work not long ago.
Rainer
Sent from phone, thus brief.
Roman Möller via rsyslog schrieb am Mo., 31.
Juli 2023, 18:18:
> Hello subscribers,
> we are using rsyslog with TLS to collect logs transport encrypted from
> different logsources.
> The
Well, it depends.
For a busy system, the default timeout in the main queue is way to
long (I think I have shortened it recently, but still). This means
while the message ultimately gets deleted, the system can become
sluggish to a point where it looks totally unresponsive.
HOWEVER, you can
I suggest to use the openssl driver (ossl, separate package). A prime
reason for implementing openssl was that the gnutls error messages are
usually very unhelpful. this is much better with openssl.
Rainer
El lun, 17 jul 2023 a las 8:54, Mariusz Kruk via rsyslog
() escribió:
>
> Yes. People came
> I have the rsyslog repo configured and use "yum update".
the repo via SuSe OBS or from the Adiscon servers?
Rainer
>
> The same error occurred when trying to update to 8.2304.0. There was an error
> in the package definition for this specific dependency.
>
> -Original Message-
>
Where do you install from?
Rainer
El mié, 21 jun 2023 a las 11:14, Tobias Heaton via rsyslog
() escribió:
>
> Good Morning,
>
> The libfastjson package conflict for OEL8 yum update is cropping up again,
> much like it did for the 8.2304.0 release (see errors below).
>
> -Tobias
>
> Error:
>
Derek, Andre,
> > There has been no change on nsd_ossl.c driver since January 2023, so I
> > believe this is not related to the different rsyslog versions you are
> > running.
> > The warnings tell you, that there is no client certificate configured
> > which
> > can be ok but unusual in this
> It might be common, but it's wrong. If you're using cert-based
> authentication, reusing the same certificate is effectively defeating
> the purpose. True, in some specific use cases it might be OK but a
> decision to do so should be preceeded by risk analysis. In general -
> using the same
No problem, thanks!
Sent from phone, thus brief.
Brad Van Orden schrieb am Do., 4. Mai 2023, 14:45:
> I figured it out. I had a second line in that same file that started with:
>
> if $progamname == "systemd-logind"
>
> I was missing the second 'r' in programname. :(
>
> Sorry for the
This is strange. No,everything is supported, we never remove any
config capability without very, very strong reason. Plus, the "if" is
not BSD-Style but script, the most modern filter.
Which version is running on RHEL 8?
How does the full config look like?
What does rsyslogd -N1 split out?
imuxsock? Is really something spamming the unix socket with multiline messages?
nevertheless, imptcp has similar functionality.
Rainer
El vie, 24 mar 2023 a las 14:23, Tan Mientras via rsyslog
() escribió:
>
> Hi
>
> Is imfile the unique module that can handlee multilines with startmsg.regex?
>
pect just a bit different `packer` config
> to create the image)..
>
> Thank you!
>
> On Wed, 22 Mar 2023 at 15:30, Rainer Gerhards via rsyslog
> wrote:
>>
>> Hi all,
>>
>> just some info you might find interesting. We have been working the
>> past
Hi all,
just some info you might find interesting. We have been working the
past couple of weeks on an AWS rsyslog offering. Quick Intro is here:
https://www.rsyslog.com/aws-rsyslog-an-overview/
Why are we doing this?
We were approached by some folks that currently AWS host a rsyslog
What do you expect?
Sent from phone, thus brief.
Tan Mientras via rsyslog schrieb am Mo., 6.
März 2023, 13:27:
> Found
>
> https://github.com/rsyslog/rsyslog-doc/commit/912bc5dcc54966be2cea9890c81414a1e96a94ce
> however it isn't working as expected (or at least how I expect)
>
> On Mon, Mar 6,
IMHO this is a JSON question, not rsyslog. But iirc it is \"
Rainer
Sent from phone, thus brief.
Tan Mientras via rsyslog schrieb am Mo., 6.
März 2023, 12:36:
> Hi
>
> Receiving the following log:
>
> 2023-03-06T12:30:19+00:00 mycomputer windows/windows: {
>
> > Code w/ comments:
> >
> > https://github.com/rsyslog/liblognorm/blob/master/src/parser.c#L2578
>
> That's what I remember seeing, but I don't see it in the documentation page
Yeah, but it's a full feature for quite a while. As I said, there is a
doc build problem or a doc issue in general.
I checked a bit ;-)
> > is it as simple as taking the PR and changing the type name?
>
> I need to look, but probably not - else I would have done it.
That would cause a lot of code duplication - bad. The proper solution
is to control this via options.
>
> >
> > given that we don't have an
> is it as simple as taking the PR and changing the type name?
I need to look, but probably not - else I would have done it.
>
> given that we don't have an existing name-value type, what backwards
> compatibility broke?
We already have one, the iptables type.
Rainer
> note that I know I've seen patches go by for the name-value type, but I'm not
> seeing it in the documentation at
> https://www.liblognorm.com/files/manual/configuration.html#field-types
>
> @rainer, have those patches not made it to a release?
IIRC no, because they broke backwards
Post the output of the debug file template.
Rainer
Sent from phone, thus brief.
John Chivian via rsyslog schrieb am Mi., 1.
März 2023, 14:33:
> The needParse option for imfile is how you tell rsyslog to attempt to read
> syslog header elements out of the imfile content. If it is not used,
also: do you send a proper RELP greeting via telnet? If not, this is
the reason the connection is closed.
Rainer
El vie, 24 feb 2023 a las 18:23, David Lang via rsyslog
() escribió:
>
> what is the rest of your config? what you have shown is the config to receive
> logs, but not any instructions
yes and yes - I suggest a simple script to run during the deployment process.
Rainer
El vie, 17 feb 2023 a las 16:13, Mariusz Kruk via rsyslog
() escribió:
>
> Just double-checking.
>
> Please confirm that I see it right and there is no way of "looping"
> outside of the message processing
System test after some maintenance work. Please disregard.
Rainer
___
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE
The problem is that these are multi-line messages (#012 is LF). This
will most probably hurt you in later log processing and may give
problem in log forwarding. Thus they are escaped. Validly formed logs
usually have no LF. If and only if the other log sources behave well,
there would be no
I checked, it's contributed code that I just merged (via commit and
some fixes). It depends on libuuid. Patch is here:
https://github.com/rsyslog/rsyslog/commit/744d7c426da4aa3229771358a5da27b79e2edf52
If you have text for the doc, feel free to create a doc PR or at least
le me know some
I ignore the database logging issue. When you have rate-limiting
issues again, please report, together with the description of what
happens.
If you think this is related to mysql, please address that issue first.
Rainer
El mié, 14 dic 2022 a las 17:48, helices
() escribió:
>
> REF:
It's a bad idea to try to handle two independent issues on a single
conversation. I do not have more advise for sql other than UI gave.
But the debug log should also be helpful here. If you have issues with
rate limiting, pls open a new issue, ideally on github. But else use a
different subject.
Thx - I do not see anything obviously wrong.
Could it be that those messages arrive e.g. via imklog instead of imjournal?
Can you check inside the debug log for occurrences of the ratelimited
message - and find where it actually is emitted. Alternatively, you
may want to post a full debug log
well, for the debug log to make sense to me, I need the whole thing at
least for the startup sequence. You can post it in a gist or something
like pastebin. I guess David would also be interested in it.
Rainer
El mar, 13 dic 2022 a las 15:57, helices
() escribió:
>
> I'm trying to understand
I am a bit confused if/how this shall relate to the imjournal rate
limiter, but... well.. you may know - especially if it helped ;-)
As to troubleshooting the SQL issue: did you manually try the insert
statement? Did the sql server error log give you more information?
Could you at least post the
I would probably make sense to create a debug log, at least for
startup, to show what actually happened.
Doc: https://www.rsyslog.com/doc/master/troubleshooting/howtodebug.html
Rainer
El mar, 13 dic 2022 a las 15:00, helices
() escribió:
>
> No, it still rate-limits. I verified that the restart
you set the interval, but not ratelimit.burst
doc: https://www.rsyslog.com/doc/v8-stable/configuration/modules/imjournal.html
Rainer
El mar, 6 dic 2022 a las 15:16, helices via rsyslog
() escribió:
>
> David,
>
> What am I doing wrong?
>
> module(load="imjournal" Ratelimit.Interval="1"
>
You do this at the input() level.
Rainer
Sent from phone, thus brief.
Robert Gabriel via rsyslog schrieb am Mi., 23.
Nov. 2022, 18:55:
> Hi,
>
> Am I right in saying that multiple different TLS certs across multiple
> ports is unsupported?
>
> So, I cannot declare various configs with
> >>>> https://www.rsyslog.com/doc/v8-stable/configuration/filters.html
> >>>>
> >>>> "Multiple selectors may be specified for a single action using the
> >>>> semicolon (“;’’) separator. Remember that each selector in the selector
> >>
1.7 0.1 0:01.66 in:imtcp
> >>>
> >>> /etc/sysctl.conf
> >>> net.core.rmem_default = 33554432
> >>> net.core.rmem_max = 268435456
> >>> net.core.wmem_default = 33554432
> >>> net.core.wmem_max = 268435456
> >>> net.ipv4.t
Just wanted to make sure awareness of that option. Agree that it is
not often needed.
Rainer
El mar, 15 nov 2022 a las 10:02, David Lang () escribió:
>
> I haven't needed to do that to handle 300k messages/sec on UDP input (usually
> I
> run into bottlenecks in processing the messages long
let me add: look into setting imudp to realtime priority. Doc:
https://www.rsyslog.com/doc/master/configuration/modules/imudp.html
Rainer
El mar, 15 nov 2022 a las 5:04, David Lang via rsyslog
() escribió:
>
> Some additional comments on the config
>
>
>
> These action queue configs probably
> > of overwriting" but that's not the point ;-)). I'd intepret that passage
> > > as "if you add multiple selectors with semilcolons, the latter ones
> > > overwrite the former" so I'd expect it to work as Gordon did. It might
> > > need rew
For linux file permission system see e.g.
https://linuxize.com/post/understanding-linux-file-permissions/
you can set the owner of the file. But linux permissions does not give
you the capability to grant permissions to specific users.
Raienr
El jue, 3 nov 2022 a las 10:59, Alexander Birman
()
semilcolons, the latter ones
> > overwrite the former" so I'd expect it to work as Gordon did. It might
> > need rewording if it works differently.
> >
> > MK
> >
> > On 2.11.2022 20:18, Rainer Gerhards via rsyslog wrote:
> > > Info is higher severity tha
Gordon did. It might
> need rewording if it works differently.
>
> MK
>
> On 2.11.2022 20:18, Rainer Gerhards via rsyslog wrote:
> > Info is higher severity than debug, so it validly matches.
> >
> > Sent from phone, thus brief.
> >
> > David Lang via rs
specify the settings in the action() object. Doc:
https://www.rsyslog.com/doc/v8-stable/configuration/modules/omfile.html
side-note: I am not sure, but I think the legacy construct you quoted
just changes the setting for the next output action. But I am too lazy
to look this up, as it is not
If you want to match only debug in old Style, it is
*.=debug
See man page. It's odd, but it is this way since 40+ years...
Rainer
Sent from phone, thus brief.
John Chivian via rsyslog schrieb am Mi., 2.
Nov. 2022, 20:46:
> I think what Rainer is saying is that *.debug matches all events of
Info is higher severity than debug, so it validly matches.
Sent from phone, thus brief.
David Lang via rsyslog schrieb am Mi., 2. Nov.
2022, 20:10:
> not that I expect this to fix it (this isn't something I've seen as a
> known
> bug), but could you please confirm that this still happens on
It's contributed code.
Albeit I have done some improvements, I need to familiarize myself
again with the module. IAW: it will take some time ;-)
Rainer
El mié, 5 oct 2022 a las 16:04, Marcin Mirosław via rsyslog
() escribió:
>
> It would be easier to fix if it would be my misconfiguration :(
>
El jue, 6 oct 2022 a las 14:54, Felipe Gasper via rsyslog
() escribió:
>
>
> > On Oct 6, 2022, at 03:41, Rainer Gerhards via rsyslog
> > wrote:
> >
> > El jue, 6 oct 2022 a las 8:20, Mariusz Kruk via rsyslog
> > () escribió:
> >>
> >> Escap
El jue, 6 oct 2022 a las 8:20, Mariusz Kruk via rsyslog
() escribió:
>
> Escaping is done on input so you can't disable it on output. You could
> try to "unescape" it but there's no way of knowing if - for example -
> #11 is a literal string or escaped tab character.
> I don't remember if you can
Hi David,
I was out of office last week. I'll check and update. Legacy should be
mentioned, albeit IMHO only brief info is needed, a al
Legacy is
$template ,
as should be defined. This, together with 1 or 2 samples.
What do you think?
Rainer
El mié, 28 sept 2022 a las 22:12, David Lang via
I do not fully understand the question (maybe language issue on my
side), but there is a syntax error:
In a string template, properties must be enclosed in percent sign. so:
... string="%msg%
HTH
Rainer
El lun, 3 oct 2022 a las 13:18, Marcin Mirosław via rsyslog
() escribió:
>
> Hello!
> Field
The - does not throw a syntax error, but is ignored for many years. iIRC it
caused a sync after each write, which would be crazy for actual systems.
Rainer
Sent from phone, thus brief.
John Chivian via rsyslog schrieb am Do., 29.
Sep. 2022, 23:25:
> If I am not mistaken, buffering is the
I suggest updating to 8.2208.0. IIRC there is a patch that prevents a
temporary stall if TCP connections receive data extremely fast.
Rainer
El mié, 14 sept 2022 a las 11:14, Tomas Bekecs Zvarillo via rsyslog
() escribió:
>
> Hi rsyslog group,
>
> I'm stuck with rsyslog connectivity during
John,
please have a look here:
https://github.com/rsyslog/rsyslog/pull/4969
While I have tested the patch, it wouldn't hurt if you give it a try
and report back.
Rainer
El mar, 23 ago 2022 a las 9:26, Rainer Gerhards
() escribió:
>
> There is a lot of history in rsyslog. If a directive exists
There is a lot of history in rsyslog. If a directive exists in one
module but not the other, it was probably implemented for a specific
use case. And not carried over. We try to avoid this, but often it
makes sense (especially when experimenting, contributions, etc.).
That said, I'll look what it
Hi folks,
I just wanted to give an advance warning that we may see some service
disruptions. Some of our infrastructure is running on sponsored VMs
and there may be an, possibly temporary, glitch with the sponsorship.
This can lead some services to become offline.
If a problem arises, I will see
No, it's not possible - intentionally. That would require rsyslog to
re-evaluate the port for every single message and close/open
connections as required. That would cause massive performance
degradation.
Rainer
El mié, 10 ago 2022 a las 13:42, Ricardo Esteves via rsyslog
() escribió:
>
> Hi,
>
Have a look at the "call" doc:
https://www.rsyslog.com/doc/master/rainerscript/rainerscript_call.html
I think it explains your question.
Note, however, that thread-safeness is different from [a]sync
processing. There are some inherent races when non-direct queues are
involved. But from context
can you please post rsyslog -v output as well as the current ASAN report?
Thanks,
Rainer
El vie, 17 jun 2022 a las 10:12, vijay kumar
() escribió:
>
> HI Rainer/David/Marisuz,
>
> Could you please help me with creating one input rule with a queue as Marisuz
> suggested. I was failing to create
1 - 100 of 439 matches
Mail list logo