On 01/03/13 14:51, Radu Gheorghe wrote:
Hello Ben,
I'm not sure another rsyslog on the Logstash side will help if the
bottleneck is on indexing to Elasticsearch.
AFAIK logstash has an internal buffer of 20 or so entries, and when that's
full (because the output is not fast enough) it blocks the
On Fri, 1 Mar 2013 10:20:28 +
Ben Bradley wrote:
> Hi everyone
>
> So I've got Rsyslog happily transmitting log messages over the network to
> Logstash. I have disk assisted queueing on the rsyslog log "clients".
> Sometimes I don't think Logstash can
Hi everyone
So I've got Rsyslog happily transmitting log messages over the network to
Logstash. I have disk assisted queueing on the rsyslog log "clients".
Sometimes I don't think Logstash can keep up on the other end, it blocks
because it can't get data into ElasticSearch fast enough. I've not
On Wed, 13 Feb 2013 17:26:03 +
Rainer Gerhards wrote:
> >
> > If I wanted to use the ZipLevel option on my rsyslog forwarding action,
> > would I also need to have rsyslog on the other end to decode?
>
> Yup, that's a non-standard extension.
>
> Rainer
Just had a quick look at the docs and
Hi everyone
I was thinking about possibly reducing the logging data volume that's being
transmitted by rsyslog. At the moment I have rsyslog on the log clients,
forwarding to logstash which filters and dumps into elasticsearch.
I realise that there will be a performance penalty but it seems that
On Thu, 7 Feb 2013 12:54:21 +
Rainer Gerhards wrote:
> simply use the right oder:
>
> pseudocode conf:
>
> *.* @forward
> if (apachmsgs) then {
> action()
> stop
> }...other rules...
>
> HTH
> Rainer
>
>
> On Thu, 2013-02-07
On Thu, 7 Feb 2013 12:54:21 +
Rainer Gerhards wrote:
> simply use the right oder:
>
> pseudocode conf:
>
> *.* @forward
> if (apachmsgs) then {
> action()
> stop
> }...other rules...
>
> HTH
> Rainer
Ok I've moved my forwarding rule above the log message rules and added:
if $app
Hi everyone
I have Apache logging to /bin/logger
Then rsyslog takes these log messages, writes vhost-specific log files, then
forwards over the network.
However with my rsyslog config as it is currently, I'm finding that all the
Apache logs are also ending up in /var/log/messages... which cause
On Thu, 31 Jan 2013 16:58:36 +
Rainer Gerhards wrote:
> > If you look at the http.usec and http.vhost fields in the template, is
> > there a way I can have a single regex with submatch 2 going in to
> > http.usec and submatch 1 going in to http.vhost?
> > And submatch 3,4,5,6 etc going into t
On Thu, 31 Jan 2013 13:44:03 +
Rainer Gerhards wrote:
> On Thu, 2013-01-31 at 14:51 +0200, Radu Gheorghe wrote:
> > Hi Ben,
> >
> > 2013/1/31 Ben Bradley
> >
> > > Hi everyone
> > >
> > > I'm currently using logstash as the log
On Thu, 31 Jan 2013 15:32:21 +
Rainer Gerhards wrote:
> On Thu, 2013-01-31 at 15:26 +0000, Ben Bradley wrote:
> > On Thu, 31 Jan 2013 13:44:03 +
> > Rainer Gerhards wrote:
> >
> > > > I guess it all comes down to performance testing, but 10GB would
&
On Thu, 31 Jan 2013 13:44:03 +
Rainer Gerhards wrote:
> > I guess it all comes down to performance testing, but 10GB would probably
> > mean ~20M logs or something like that. If the majority of those will be
> > sent during the day (say 10 hours), my poor math says if you handle 500-600
> > l
Hi everyone
I'm currently using logstash as the log collector from a few rsyslog sender
clients. I'd like to use rsyslog to receive the remote logs instead of
logstash. This means I'm keeping things simple and can possibly also use RELP.
If the rsyslog receiver is doing alot of regex parsing on
On Mon, 28 Jan 2013 11:33:11 +
Rainer Gerhards wrote:
> $template ApacheAccessLogFile,
> "/var/log/httpd/%msg:R,ERE,1,BLANK:([a-z0-9\-\.]+) [0-9]+$--end%_access.log"
>
Amazing! Thanks so much!
--- start of long story ---
I have Apache logging to /bin/logger and then have rsyslog generate
On Mon, 28 Jan 2013 10:44:31 +
Rainer Gerhards wrote:
> http://www.rsyslog.com/doc/property_replacer.html
>
That's excellent.
I've got my regular expression and tested it using the regex tester...
$template tpl, "%msg:R,ERE,1,BLANK:([a-z0-9\-\.]+) [0-9]+$--end%\n"
How do I modify this bit
Hi everyone
Is there a way to isolate/specify a word/string from an incoming syslog message
and use that in an output file name template?
Is there full regex and pattern matching support in rsyslog filters/templates?
Cheers, B
___
rsyslog mailing lis
Hi everyone
I'm a bit confused about rsyslog configuration syntax, specifically what to use
where.
I read that there's been a change in syntax at some point. I'm using rsyslog 7
on CentOS from the adiscon repo but the header at the top of the config file
says it's a v5 format config file. I th
Hi everyone
Just wondering if there's an alternative to logging to /usr/bin/logger with
Apache?
I find that in some cases the Apache referer string pushes the log message over
the 1K limit supported by the syslog protocol and /usr/bin/logger cuts it.
Can I tell Apache to log directly to the rsy
On 08/01/2013 16:33, Rainer Gerhards wrote:
Lines 37-44 are what I'm having trouble with.
I believe this should write my logs to a vhost-specific log file but it
doesn't seem to be working.
There is nothing obviously wrong, if I saw correctly. Are you sure the fields
contain what you expect
t; Von meinem Android-Gerät gesendet.
>
>
>
> -Original Message-
> From: Ben Bradley
> To: rsyslog@lists.adiscon.com
> Sent: Mo., 07 Jan 2013 18:36
> Subject: [rsyslog] Apache logs to rsyslog, transmit over network and create a
> local file
>
> Hi everyone
&
Hi everyone
I'm still getting my head around the configuration of rsyslog and Apache and I
need some help. I think I'm getting a bit confused by the different config
syntaxes that are referred to around the documentation.
On my webservers I'd like to keep a local copy of the Apache logs and sen
On Mon, 10 Dec 2012 09:58:27 +
Rainer Gerhards wrote:
> > Do you mean something like this?
> > http://serverfault.com/questions/385414/apache-httpd-send-error-logs-
> > to-syslog-and-local-disk-without-touching-etc-sy
> >
> > Using a script like this?
> > http://www.oreillynet.com/pub/a/sysa
>
> Note like Radu, I am not slighting logstash with this statement, nor am I
> saying "use rsyslog!" if you are comfortable with logstash and it meets
> your needs!
>
> Brian
>
>
> On Mon, Dec 10, 2012 at 6:55 AM, Radu Gheorghe wrote:
>
> > Hi Ben,
On Fri, 7 Dec 2012 10:34:25 -0800 (PST)
David Lang wrote:
> On Fri, 7 Dec 2012, Ben Bradley wrote:
> > I'd like to store the logs on a central server running
> > logstash/ElasticSearch so they can be searched and monitored using Kibana.
> > With rsyslog sending the
On Fri, 07 Dec 2012 13:39:10 +0100
Axel wrote:
> Hi Ben,
>
> you can use a syslogtag to separate one vHost from another in your
> vHost log directive.
> You have to cretae a template on your logserver which stores your
> logfiles separated by your syslogtag
>
> rgds
> Axel
>
Hi Axel
Do you
On Fri, 7 Dec 2012 15:07:48 +0200
Radu Gheorghe wrote:
> Hi Ben,
>
> 2012/12/7 Ben Bradley
>
> > I've tested rsyslog using the imfile module to watch each Apache log
> > files, but this means I have to hard-code each vhost log file into my
> > rsyslog.con
Hi everyone
I've just started investigating centralised logging and I'm gradually building
up a plan of action.
I'd like to store the logs on a central server running logstash/ElasticSearch
so they can be searched and monitored using Kibana. With rsyslog sending the
logs over the network to a
27 matches
Mail list logo