Dear David,
Please see my rsyslog configs below. Pastbin is not open here so i use
email page.
# /etc/rsyslog.conf Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
# Default logging rules can be found in /etc/rsyslog.d/50-default.conf
#################
#### MODULES ####
#################
$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support (previously done by
rklogd)
#$ModLoad immark # provides --MARK-- message capability
# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
###########################
#### GLOBAL DIRECTIVES ####
###########################
#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Filter duplicated messages
$RepeatedMsgReduction on
#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog
#
# Where to place spool files
#
$WorkDirectory /var/spool/rsyslog
$template msg,"%msg%"
$template msgonly,"%rawmsg%\n"
main_queue(
queue.filename="main_queue" # write to disk if needed
queue.maxdiskspace="5g" # when to stop writing to disk
queue.highwatermark="1500000" # start spilling to disk at this size
queue.lowwatermark="500000" # stop spilling when it gets back to this size
queue.saveonshutdown="on" # write queue contents to disk on shutdown
queue.dequeueBatchSize="5000"
queue.workerthreads="4"
queue.size="2000000" # absolute max queue size
)
action(type="omfwd" target="127.0.0.1" port="5170" protocol="tcp"
template="msgonly"
queue.filename="forwarding" queue.size="1000000"
queue.maxdiskspace="5g" queue.highwatermark="900000"
queue.lowwatermark= "200000" queue.dequeuebatchsize="1000"
queue.type="LinkedList"
)
if $fromhost-ip == '172.20.16.25' then stop
Please help in these tasks
1- I want to stop logs to be written in syslog file.
2- I am also facing this problem.
Dec 17 22:44:03 rdsaparser rsyslogd: [origin software="rsyslogd"
swVersion="8.14.0" x-pid="659" x-info="http://www.rsyslog.com";] start
Dec 17 22:44:04 rdsaparser rsyslogd-2040: fatal error on disk queue 'main
Q[DA]', emergency switch to direct mode [v8.14.0 try
http://www.rsyslog.com/e/2040 ]
Dec 17 22:44:04 rdsaparser rsyslogd-2040: fatal error on disk queue 'action
4 queue[DA]', emergency switch to direct mode [v8.14.0 try
http://www.rsyslog.com/e/2040 ]
Dec 17 22:44:03 rdsaparser rsyslogd-2307: warning: ~ action is deprecated,
consider using the 'stop' statement instead [v8.14.0 try
http://www.rsyslog.com/e/2307 ]
Dec 17 22:44:03 rdsaparser rsyslogd-2307: warning: ~ action is deprecated,
consider using the 'stop' statement instead [v8.14.0 try
http://www.rsyslog.com/e/2307 ]
Dec 17 22:44:03 rdsaparser rsyslogd: imklog: cannot open kernel log
(/proc/kmsg): Operation not permitted.
Dec 17 22:44:03 rdsaparser rsyslogd-2145: activation of module imklog
failed [v8.14.0 try http://www.rsyslog.com/e/2145 ]
Dec 17 22:44:03 rdsaparser rsyslogd: rsyslogd's groupid changed to 104
Dec 17 22:44:03 rdsaparser rsyslogd: rsyslogd's userid changed to 101
3- I want to emit logs 1000/sec
4- I want impstat on TCP.
Thanks
On Thu, Dec 17, 2015 at 9:41 PM, David Lang <[email protected]> wrote:
> On Thu, 17 Dec 2015, Muhammad Asif wrote:
>
> Hi Guys,
>>
>> I have a rsyslog server which is receiving logs from different sources and
>> then sending to fluentd. Problem is that our rsyslog sending logs to
>> fluentd and also writing all logs in syslog file which increases to 20GB.
>> I don't want to write coming logs in syslog. How can i achieve my goal.
>>
>
> short answer, change your config to not write to the file.
>
> long answer, we can't tell you exactly how to change your config without
> knowing more about it.
>
> either remove the lines that write to the file if you don't want anything
> there, or have a 'if..then' statement in your config that does a stop after
> the log is written to fluentd and before it's written to the file to only
> not write to the file sometimes.
>
> David Lang
>
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
