Hi Peter, Thanks for direction. Actually I had a look on documentation of queues but couldn't find solution.
I was unaware of impstats. I'll check it now. Bye the way, I tried same thing using named pipe using ompipe module but saw same issue. Regds, *Malhar Vora* Blog : http://malhar2010.blogspot.com Blog : http://byteofcloud.blogspot.in/ Twitter : https://twitter.com/mlvora Github : https://github.com/vbmade2000 <https://github.com/vbmade2000> On Wed, Sep 25, 2019 at 1:47 PM Peter Viskup <[email protected]> wrote: > Hi Malhar, > try to enable impstats [1] which will provide you the evidence of the > rsyslog runtime statistics and queue sizes. Also read about the rsyslog > queues [2][3] a little. > That might help you to understand the queuing in rsyslog. > > [1] https://www.rsyslog.com/how-to-use-impstats/ > [2] https://www.rsyslog.com/doc/v8-stable/whitepapers/queues_analogy.html > [3] https://www.rsyslog.com/doc/v8-stable/concepts/queues.html > > -- > Peter > > On Wed, Sep 25, 2019 at 10:03 AM Malhar vora via rsyslog < > [email protected]> wrote: > >> Thanks for reply. >> >> I tried TCP using following Rsyslog configuration but no luck. >> if ($msg contains "IEC:" ) then >> { >> set $!message = $msg; >> action( >> queue.filename="iem_queue" >> type="omfwd" >> Target="172.16.13.12" >> Port="10515" >> Protocol="tcp" >> Device="ens33" >> queue.type="linkedlist" >> name="action_sspl_iem_fwd" >> action.resumeRetryCount="-1" >> ) >> } >> >> This time instead of my own script I tried "ncat -l 10515" command to >> start >> a TCP listener. >> Basically I believe that Rsyslog will accumulate messages when my >> script/app is down and send all the messages right away when my app starts >> but it doesn't do so. Instead of that it sends all those messages only >> when >> new message comes up. It sends all the old ones with that new message. So >> the thing is my script will not get any of those messages which were >> forwarded to Rsyslog during it was not running, until some new message >> arrives. >> >> Don't know I am missing something or is this a normal behaviour. >> >> >> >> >> >> Regds, >> *Malhar Vora* >> Blog : http://malhar2010.blogspot.com >> Blog : http://byteofcloud.blogspot.in/ >> Twitter : https://twitter.com/mlvora >> Github : https://github.com/vbmade2000 <https://github.com/vbmade2000> >> >> >> >> On Wed, Sep 25, 2019 at 11:47 AM Rainer Gerhards < >> [email protected]> >> wrote: >> >> > With datagram protocol you cannot detect that the remote side is down. >> Use >> > tcp. >> > >> > HTH >> > Rainer >> > >> > Sent from phone, thus brief. >> > >> > Malhar vora via rsyslog <[email protected]> schrieb am Mi., 25. >> > Sep. 2019, 09:05: >> > >> >> Hello Experts, >> >> >> >> I am experimenting with Rsyslog. I am trying to redirect Rsyslog log >> to an >> >> Rsyslog server I have created using Python. I am using Disk Assisted >> >> queue. >> >> >> >> The problem is when my server is running Rsyslog sends logs properly >> but >> >> problem occurs when I follow these steps. >> >> >> >> 1. Stop my rsyslog server. >> >> 2. Send some logs >> >> 3. Start my rsyslog server. >> >> Here after starting my rsyslog server script I expect messages from >> >> rsyslog >> >> which I sent during stopped server. I believe that rsyslog enqueues >> those >> >> messages if destination not reachable or available but it doesn't work >> >> that >> >> way. It doesn't send those logs when server starts. It sends whole >> bunch >> >> of >> >> those pending logs when I generate one more log message. >> >> >> >> *Following is my Rsyslog server script.* >> >> import SocketServer >> >> HOST, PORT = "0.0.0.0", 10514 >> >> class SyslogUDPHandler(SocketServer.BaseRequestHandler): >> >> >> >> def handle(self): >> >> data = bytes.decode(self.request[0].strip()) >> >> print(self.request) >> >> if __name__ == "__main__": >> >> try: >> >> server = SocketServer.UDPServer((HOST,PORT), SyslogUDPHandler) >> >> server.serve_forever(poll_interval=0.5) >> >> except (IOError, SystemExit): >> >> raise >> >> except KeyboardInterrupt: >> >> print("Crtl+C Pressed. Shutting down.") >> >> >> >> >> >> *Following is my configuration file for Rsyslog.* >> >> if ($msg contains "IEC:" ) then >> >> { >> >> action( >> >> queue.filename="iem_queue" >> >> type="omfwd" >> >> Target="172.16.13.12" >> >> Port="10514" >> >> Protocol="udp" >> >> Device="ens33" >> >> queue.type="linkedlist" >> >> name="action_sspl_iem_fwd" >> >> action.resumeRetryCount="-1" >> >> ) >> >> } >> >> >> >> I have another python script and rsyslog conf file that use named pipe >> for >> >> same purpose. I am facing same issue with that too so I believe that >> issue >> >> is at Rsyslog side. I could be wrong. >> >> >> >> I need help to solve this issue. I am not able to understand what is >> >> missing/wrong at Rsyslog side. >> >> >> >> >> >> >> >> >> >> Regds, >> >> *Malhar Vora* >> >> Twitter : https://twitter.com/mlvora >> >> Github : https://github.com/vbmade2000 <https://github.com/vbmade2000 >> > >> >> _______________________________________________ >> >> rsyslog mailing list >> >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> >> http://www.rsyslog.com/professional-services/ >> >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >> myriad >> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> >> DON'T LIKE THAT. >> >> >> > >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> DON'T LIKE THAT. >> > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
