RELP will prevent logs from being lost in transit, but if the log arrived on the
server, but was in the queue when rsyslog was killed, and rsyslog didn't have
time to write it out, you can still loose things.
how did you kill the rsyslog receiver?
what does your config look like? (how much stuff are you doing with the logs?)
do you have any idea what your queue stats looked like? (impstats)
If you are having the logs written to a database or something like that, it's
not uncommon for it to take long enough to get the logs out that rsyslog isn't
able to do so at shutdown.
David Lang
On Fri, 17 Jan 2014, Assaf Gordon wrote:
Hello,
I've setup rsyslogd (version 7.5.8) with RELP and TLS on two machines (one
server, one client).
For testing purposes, I've sent repeated messages from the client to the
server, but killed and restarted the server during those messages.
The result is that I've lost some messages, despite using RELP.
It was my understanding the RELP will ensure message delivery, even if the
connection fails for a little while - perhaps I understood incorrectly? or
configured something incorrectly?
Any help will be appreciated.
Thanks!
-gordon
My setup is as follows:
Server side:
--
$ cat server.conf
module(load="imrelp" ruleset="relp")
input(type="imrelp" port="20517" tls="on")
ruleset (name="relp") { action(type="omfile" file="/tmp/server.log") }
$ rsyslogd -f /tmp/server.conf -p /tmp/server.pid
--
Client side:
--
$ cat client.conf
module(load="imuxsock" SysSock.Use="off")
module(load="omrelp")
input(type="imuxsock" Socket="/tmp/client.sock" CreatePath="on")
action(type="omrelp" target="1.2.3.4" port="20517" tls="on")
$ rsyslogd -f /tmp/client.conf -p /tmp/client.pid
--
Sending messages from the client side:
--
$ for i in $(seq 100) ; do echo "Message $i" ; sleep 1 ; done | \
logger -u /tmp/client.sock -d
--
The messages (E.g. "Message 1", "Message 2", etc.) appear as expected in the
server log "/tmp/server.log".
I then kill the server process, and restart it immediately.
Few seconds later, the rest of the messages start arriving (e.g. "Message
48", "Message 49"),
BUT,
The messages that were sent during the server downtime (e.g. "Message 18",
"Message 20") never arrive, or at least do not appear in the log.
The log has one additional message, appearing after the first "resumed"
message:
===
2014-01-17T21:11:56.616438+00:00 ip-10-9-133-98 rsyslogd0: action '(null)'
resumed [try http://www.rsyslog.com/e/0 ]
===
Not sure if this is an error or not.
I'm using:
librelp 1.2.2
libee 0.4.1
libestr 0.1.9
libjsonc 0.11
liblognorm 0.3.7
rsyslogd 7.5.8
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
