unless it's a massive log message, the best thing to do is probably increase
maxmessagesize on the receiving systems so that they can handle the full log
message.
David Lang
On Tue, 11 Apr 2017, Tim Mori via rsyslog wrote:
Date: Tue, 11 Apr 2017 21:24:11 +0000
From: Tim Mori via rsyslog <[email protected]>
To: "[email protected]" <[email protected]>
Cc: Tim Mori <[email protected]>
Subject: [rsyslog] drop messages without timestamp
I’m trying to work out a problem with the logs from our ESX servers. It seems
for one of the logs, the message can overrun some maximum and it dumps the
remaining part of the message on to the next line. This is a problem because
these message fragments break the organization set via dynafile and of course
they don’t parse.
The only thing I can really match on is that the fragment doesn’t lead with a
timestamp.
I’m wondering if there’s any easy way to drop this message. In writing this
out, I’m not sure basing it on timestamp would be the best idea as some
messages may not immediately start with one. I’m not sure I can use a variable
like timestamp as a condition though.
Tim Mori
SAS Solutions OnDemand
Systems Engineer ▪ Tel: + 1 919 531 1774 ▪
[email protected]<mailto:[email protected]>
100 SAS Campus Drive ▪ Cary ▪ NC ▪ 27513-2414
www.sas.com<http://www.sas.com>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
