Hi Malhar, try to enable impstats [1] which will provide you the evidence of the rsyslog runtime statistics and queue sizes. Also read about the rsyslog queues [2][3] a little. That might help you to understand the queuing in rsyslog.
[1] https://www.rsyslog.com/how-to-use-impstats/ [2] https://www.rsyslog.com/doc/v8-stable/whitepapers/queues_analogy.html [3] https://www.rsyslog.com/doc/v8-stable/concepts/queues.html -- Peter On Wed, Sep 25, 2019 at 10:03 AM Malhar vora via rsyslog < [email protected]> wrote: > Thanks for reply. > > I tried TCP using following Rsyslog configuration but no luck. > if ($msg contains "IEC:" ) then > { > set $!message = $msg; > action( > queue.filename="iem_queue" > type="omfwd" > Target="172.16.13.12" > Port="10515" > Protocol="tcp" > Device="ens33" > queue.type="linkedlist" > name="action_sspl_iem_fwd" > action.resumeRetryCount="-1" > ) > } > > This time instead of my own script I tried "ncat -l 10515" command to start > a TCP listener. > Basically I believe that Rsyslog will accumulate messages when my > script/app is down and send all the messages right away when my app starts > but it doesn't do so. Instead of that it sends all those messages only when > new message comes up. It sends all the old ones with that new message. So > the thing is my script will not get any of those messages which were > forwarded to Rsyslog during it was not running, until some new message > arrives. > > Don't know I am missing something or is this a normal behaviour. > > > > > > Regds, > *Malhar Vora* > Blog : http://malhar2010.blogspot.com > Blog : http://byteofcloud.blogspot.in/ > Twitter : https://twitter.com/mlvora > Github : https://github.com/vbmade2000 <https://github.com/vbmade2000> > > > > On Wed, Sep 25, 2019 at 11:47 AM Rainer Gerhards <[email protected] > > > wrote: > > > With datagram protocol you cannot detect that the remote side is down. > Use > > tcp. > > > > HTH > > Rainer > > > > Sent from phone, thus brief. > > > > Malhar vora via rsyslog <[email protected]> schrieb am Mi., 25. > > Sep. 2019, 09:05: > > > >> Hello Experts, > >> > >> I am experimenting with Rsyslog. I am trying to redirect Rsyslog log to > an > >> Rsyslog server I have created using Python. I am using Disk Assisted > >> queue. > >> > >> The problem is when my server is running Rsyslog sends logs properly but > >> problem occurs when I follow these steps. > >> > >> 1. Stop my rsyslog server. > >> 2. Send some logs > >> 3. Start my rsyslog server. > >> Here after starting my rsyslog server script I expect messages from > >> rsyslog > >> which I sent during stopped server. I believe that rsyslog enqueues > those > >> messages if destination not reachable or available but it doesn't work > >> that > >> way. It doesn't send those logs when server starts. It sends whole bunch > >> of > >> those pending logs when I generate one more log message. > >> > >> *Following is my Rsyslog server script.* > >> import SocketServer > >> HOST, PORT = "0.0.0.0", 10514 > >> class SyslogUDPHandler(SocketServer.BaseRequestHandler): > >> > >> def handle(self): > >> data = bytes.decode(self.request[0].strip()) > >> print(self.request) > >> if __name__ == "__main__": > >> try: > >> server = SocketServer.UDPServer((HOST,PORT), SyslogUDPHandler) > >> server.serve_forever(poll_interval=0.5) > >> except (IOError, SystemExit): > >> raise > >> except KeyboardInterrupt: > >> print("Crtl+C Pressed. Shutting down.") > >> > >> > >> *Following is my configuration file for Rsyslog.* > >> if ($msg contains "IEC:" ) then > >> { > >> action( > >> queue.filename="iem_queue" > >> type="omfwd" > >> Target="172.16.13.12" > >> Port="10514" > >> Protocol="udp" > >> Device="ens33" > >> queue.type="linkedlist" > >> name="action_sspl_iem_fwd" > >> action.resumeRetryCount="-1" > >> ) > >> } > >> > >> I have another python script and rsyslog conf file that use named pipe > for > >> same purpose. I am facing same issue with that too so I believe that > issue > >> is at Rsyslog side. I could be wrong. > >> > >> I need help to solve this issue. I am not able to understand what is > >> missing/wrong at Rsyslog side. > >> > >> > >> > >> > >> Regds, > >> *Malhar Vora* > >> Twitter : https://twitter.com/mlvora > >> Github : https://github.com/vbmade2000 <https://github.com/vbmade2000> > >> _______________________________________________ > >> rsyslog mailing list > >> http://lists.adiscon.net/mailman/listinfo/rsyslog > >> http://www.rsyslog.com/professional-services/ > >> What's up with rsyslog? Follow https://twitter.com/rgerhards > >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > >> DON'T LIKE THAT. > >> > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
