Thanks for reply.
I tried TCP using following Rsyslog configuration but no luck.
if ($msg contains "IEC:" ) then
{
set $!message = $msg;
action(
queue.filename="iem_queue"
type="omfwd"
Target="172.16.13.12"
Port="10515"
Protocol="tcp"
Device="ens33"
queue.type="linkedlist"
name="action_sspl_iem_fwd"
action.resumeRetryCount="-1"
)
}
This time instead of my own script I tried "ncat -l 10515" command to start
a TCP listener.
Basically I believe that Rsyslog will accumulate messages when my
script/app is down and send all the messages right away when my app starts
but it doesn't do so. Instead of that it sends all those messages only when
new message comes up. It sends all the old ones with that new message. So
the thing is my script will not get any of those messages which were
forwarded to Rsyslog during it was not running, until some new message
arrives.
Don't know I am missing something or is this a normal behaviour.
Regds,
*Malhar Vora*
Blog : http://malhar2010.blogspot.com
Blog : http://byteofcloud.blogspot.in/
Twitter : https://twitter.com/mlvora
Github : https://github.com/vbmade2000 <https://github.com/vbmade2000>
On Wed, Sep 25, 2019 at 11:47 AM Rainer Gerhards <[email protected]>
wrote:
> With datagram protocol you cannot detect that the remote side is down. Use
> tcp.
>
> HTH
> Rainer
>
> Sent from phone, thus brief.
>
> Malhar vora via rsyslog <[email protected]> schrieb am Mi., 25.
> Sep. 2019, 09:05:
>
>> Hello Experts,
>>
>> I am experimenting with Rsyslog. I am trying to redirect Rsyslog log to an
>> Rsyslog server I have created using Python. I am using Disk Assisted
>> queue.
>>
>> The problem is when my server is running Rsyslog sends logs properly but
>> problem occurs when I follow these steps.
>>
>> 1. Stop my rsyslog server.
>> 2. Send some logs
>> 3. Start my rsyslog server.
>> Here after starting my rsyslog server script I expect messages from
>> rsyslog
>> which I sent during stopped server. I believe that rsyslog enqueues those
>> messages if destination not reachable or available but it doesn't work
>> that
>> way. It doesn't send those logs when server starts. It sends whole bunch
>> of
>> those pending logs when I generate one more log message.
>>
>> *Following is my Rsyslog server script.*
>> import SocketServer
>> HOST, PORT = "0.0.0.0", 10514
>> class SyslogUDPHandler(SocketServer.BaseRequestHandler):
>>
>> def handle(self):
>> data = bytes.decode(self.request[0].strip())
>> print(self.request)
>> if __name__ == "__main__":
>> try:
>> server = SocketServer.UDPServer((HOST,PORT), SyslogUDPHandler)
>> server.serve_forever(poll_interval=0.5)
>> except (IOError, SystemExit):
>> raise
>> except KeyboardInterrupt:
>> print("Crtl+C Pressed. Shutting down.")
>>
>>
>> *Following is my configuration file for Rsyslog.*
>> if ($msg contains "IEC:" ) then
>> {
>> action(
>> queue.filename="iem_queue"
>> type="omfwd"
>> Target="172.16.13.12"
>> Port="10514"
>> Protocol="udp"
>> Device="ens33"
>> queue.type="linkedlist"
>> name="action_sspl_iem_fwd"
>> action.resumeRetryCount="-1"
>> )
>> }
>>
>> I have another python script and rsyslog conf file that use named pipe for
>> same purpose. I am facing same issue with that too so I believe that issue
>> is at Rsyslog side. I could be wrong.
>>
>> I need help to solve this issue. I am not able to understand what is
>> missing/wrong at Rsyslog side.
>>
>>
>>
>>
>> Regds,
>> *Malhar Vora*
>> Twitter : https://twitter.com/mlvora
>> Github : https://github.com/vbmade2000 <https://github.com/vbmade2000>
>> _______________________________________________
>> rsyslog mailing list
>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>> DON'T LIKE THAT.
>>
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
