Morning Sean,
Are you using the stdout output plugin to view the logs from logstash?
IIRC it tries to escape the data.
Try outputing the logs to a file.
Using tcpdump to look at the syslog data after rsyslog sends it and/or
before rsyslog receives it might also help.
BR,
- Simon
On Mon,
when rsyslog starts up, it generates various log messages, are they being sent
to the script?
it would really help to see the queue data from impstats
David Lang
On Mon, 18 Sep 2023, TG Servers via rsyslog wrote:
I don't know what this is... I implemented a complete queue solution and
it
I don't know what this is... I implemented a complete queue solution and
it occasionally happens when there is no request but one in sight, and
this one gets a 111 then, nothing in nginx debug log, no error to be
seen in rsyslog log
but one thing I realized, after a restart the first log
we need to see a lot more about what's created, your editing is hiding too much.
go ahead and mask out the contents, but we need to see all the values in the
debug output and their structure (i.e. any json significant characters), change
all the words/numbers to garbage if you want.
Another
rsyslog does not just pipe the socket to the script. It reads a message from the
socket, adds it to a queue (by default the main queue), then a separate thread
reads from the queue and sends the line to the script.
If the script takes too long to process the line, then a backlog of messages
please post your full config including any included files
rsyslogd -N1 -o /path/to/file
will create the combined config as rsyslog sees it, and report any config errors
it finds along the way.
David Lang
On Mon, 18 Sep 2023, John Chivian via rsyslog wrote:
Question for maintainers
This email may contain proprietary information of BAE Systems and/or third
parties.
Sorry, but for ‘reasons’ I can only give you a severely edited version, I have
used debug output from mmexternal first and the received message from logstash
second:
1. mexternal debug output – I am
Output the message with RSYSLOG_DebugFormat template. I need to see which
data msg actually has.
Rainer
Sent from phone, thus brief.
Lennon, Sean (UK) schrieb am Mo., 18. Sept.
2023, 16:41:
>
>
>
>
> This email may contain proprietary information of BAE Systems and/or third
> parties.
>
>
This email may contain proprietary information of BAE Systems and/or third
parties.
Thanks for your response Rainer. I don't think it answers my question, I have
property fields from the Rsyslog message that are fine, they get formatted
correctly, for example 'timereported' or
I just wanted to add that in a further message as it came to my mind.
you were faster...
the script is definitely "slow", this is what I know for sure as it does
quite a lot of processing/analytics in the background, so even if you
trigger it from command line it can take half a sec or so I
Does this example from the rsyslog testbench help?
https://github.com/rsyslog/rsyslog/blob/761cb2bc51e3046b242b45994cff11ff8be3990e/tests/json-nonstring.sh#L4
Rainer
El lun, 18 sept 2023 a las 15:10, Lennon, Sean (UK) via rsyslog
() escribió:
>
>
>
>
>
> This email may contain proprietary
> so far not a single 111 today, I let this run the until late evening,
> and if there is stil no 111 I will put back the python script in order
> because right now there are 2 possibilities, I moved the socket as said,
> and I skipped the script and just appended the message to a file
> if either
so far not a single 111 today, I let this run the until late evening,
and if there is stil no 111 I will put back the python script in order
because right now there are 2 possibilities, I moved the socket as said,
and I skipped the script and just appended the message to a file
if either of the
This email may contain proprietary information of BAE Systems and/or third
parties.
This is the one I meant.
-Original Message-
From: rsyslog On Behalf Of Lennon, Sean
(UK) via rsyslog
Sent: 29 August 2023 17:39
To: rsyslog@lists.adiscon.com
Cc: Lennon, Sean (UK)
Subject:
This email may contain proprietary information of BAE Systems and/or third
parties.
Sorry, replied to the wrong message.
-Original Message-
From: rsyslog On Behalf Of Lennon, Sean
(UK) via rsyslog
Sent: 18 September 2023 14:09
To: rsyslog-users
Cc: Lennon, Sean (UK)
Subject:
This email may contain proprietary information of BAE Systems and/or third
parties.
Hi,
Has anyone got any thoughts/suggestions on this?
Cheers,
Sean.
-Original Message-
From: rsyslog On Behalf Of David Lang via
rsyslog
Sent: 18 September 2023 08:22
To: TG Servers via rsyslog
Question for maintainers regarding rsyslog 8.2210. I am using the following
in the configuration…
maxMessageSize="32k"
oversizemsg.errorfile="/path/to/oversize.out"
oversizemsg.input.mode="truncate"
…and I am getting LOTS of the following in the rsyslog log file…
rsyslog: imptcp
what I did today in the morning was to put the socket in /run
input(type="imuxsock" socket="/run/logmat")
until now no errors so far but that does not mean a lot as there is not
much traffic right now.
you mean remove the python script or the whole script call? what I could
do is to echo the
my thought is that if rsyslog is getting blocked (queues full) then it will stop
accepting new logs via unix sockets.
can you enable impstats and see if you have any reports of the main queue being
full during the times that this happens?
full configs for rsyslog could identify if there is
Maybe a debug logs helps, but if rsyslog does not emit an error
message, it does not sound like it has some issue. I also don't see a
relation to the script. But to be sure, would it be possible to
temporarily remove it and see if that changes anything?
Rainer
El lun, 18 sept 2023 a las 9:09, TG
Hi Rainer,
this is from nginx error log, yes.
No I cannot find any other errors, thats my problem
But it happens every single day, regularly...
as just written in another message re the question if it occurs with
rsyslog restart or logrotate :
no absolutely not, I cannot see any relation to
___
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
Hi Yury,
no absolutely not, I cannot see any relation to things like that, that
is what leaves me a bit baffled here.
You can see this is all from one day, and if there is a 111 on 2:52:19
on 2:52:22 there is everything ok (just as an example)
Rsyslog restarts run between 0:10 and 0:15,
Is this from a nginx text log? Any errors infos from rsyslog itself?
Rainer
PS: I do not see how this can be related to rsyslog, but you never
know. I do not yet understand the fault scenario TBH.
El dom, 17 sept 2023 a las 18:39, TG Servers via rsyslog
() escribió:
>
> Hi,
>
> ever since I
Hello!
Does the timing match with rsyslog restarts (manual or logrotate-initiated)?
On Mon, 18 Sept 2023 at 00:39, TG Servers via rsyslog <
rsyslog@lists.adiscon.com> wrote:
> Hi,
>
> ever since I started logging to a UDS from my nginx I get the occasional
> 111 in my nginx error logs.
> As I
25 matches
Mail list logo
