You could use something like Simple Event Correlator to combine logs like this.
There is not a good way to do so inside rsyslog (and trying to do so would cause
all sorts of grief with locking and multi-threaded processing)
best to do the combining before the logs go to rsyslog.
David Lang
lot of cpu.
Is there a firewall/router/switch that could be dropping packets in the path?
tcp timeouts/retries could account for delays
David Lang
On Tue, 16 Jul 2024, Jesper Skou Jensen via rsyslog wrote:
Date: Tue, 16 Jul 2024 08:20:51 +
From: Jesper Skou Jensen via rsyslog
To: "rsyslog@li
problem.
journald deliberately refuses to pass data to rsyslog using the ForwardToSyslog
method that is available via the imjournal module, so I would suggest comparing
the two.
David Lang
-Sean
On Mon, Jul 1, 2024 at 5:47 AM Ricardo Esteves via rsyslog <
rsyslog@lists.adiscon.com&g
to specify more than one facility in a message
Also, this would break many 3rd party parsers who are setup for a particular
message for a given facility to be only their specific messages.
What is it that you are trying to accomplish?
David Lang
anything about restarts, unresponsive, suspended, etc?
David Lang
On Tue, 4 Jun 2024, Johan Ryberg wrote:
Date: Tue, 4 Jun 2024 20:18:41 +0200
From: Johan Ryberg
To: David Lang
Cc: Johan Ryberg via rsyslog
Subject: Re: [rsyslog] Metrics: rsyslog_queue_full_counter vs
to see what's happening with the queues, enable impstats so you can see queue
and other performance stats.
David Lang
On Tue, 4 Jun 2024, Johan Ryberg via rsyslog wrote:
Date: Tue, 4 Jun 2024 16:16:27 +0200
From: Johan Ryberg via rsyslog
To: rsyslog-users
Cc: Johan Ryberg
Subject: Re
to the action statement?
That is the default, you don't need to use it (you still can use that format
ahead of an action statement if you want, but *.* or a bare action of any format
will do the same thing)
David Lang
___
rsyslog mailing list
https
when the queue hits full, you you aren't yet losing a message, it's the next
message that arrives while the queue is full that is lost.
David Lang
___
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
resending the configs
On Tue, 28 May 2024, David Lang wrote:
let's simplify this to the minimum needed
*Server**
# I've tried both with and without the line below
$ModLoad imtcp
$InputTCPServerRun 12345
$template LDSTag, "<%PRI>%TIMESTAMP [nameofsystem] %syslog% %msg%&q
remove the PermittedPeer line.
that only applies to the encryption settings on the server receiving TLS
connections.
and I don't think you need to set the NetStreamDriver, so I would remove those
liens from both configs.
David Lang
On Thu, 30 May 2024, Kathy Lyons wrote:
Date: Thu, 30
On Thu, 30 May 2024, Kathy Lyons wrote:
Here is my server conf file:
global(defaultNetStreamDriver="ptcp")
there needs to be more than that.
have you tried the configs that I posted?
David Lang
On Wed, May 29, 2024 at 12:12 PM David Lang wrote:
you still have some encryptio
it can be matched, it's just not what you thought it was.
log with the RSYSLOG_DebugFormat template and you will see what $syslogtag
contains.
David Lang
On Wed, 29 May 2024, sacawulu via rsyslog wrote:
ok...
but then... what's the use of being able to assign a tag with "logger -t
the complete log file (which includes all included
files), if you start rsyslog with -o /path/to/file it will write the combine
config file as it sees it into that file which makes it much easier to see how
all the config snippets combine.
David Lang
On Wed, 29 May 2024, cyusedfzfb via
you still have some encryption settings left in the file, please post your full
config again so we can see what you have left.
I already posted the minimal config that removed all the encryption settings.
David Lang
On Wed, 29 May 2024, Kathy Lyons wrote:
Date: Wed, 29 May 2024 06:35:44
On Wed, 29 May 2024, Kathy Lyons wrote:
which part sets encryption? I thought these options set encryption to 0,
or disabled.
leave out all the encryption settings to have them be disabled, setting the mode
to anon turns on encryption, but accepting any cert.
David Lang
On Tue, May 28
e newer action() syntax that
sets all those things explicitly in the one place.
David Lang
On 5/28/2024 5:42 PM, David Lang wrote:
your message is badly linewrapped, can you please try again?
also note that while you can ping between the systems, that doesn't mean
that port 514 (T
.*
@@10.10.10.10.1:12345;LDSTmpl
if you do a tcpdump on port 12345 what do you see happening on each side?
David Lang
On 5/28/2024 5:42 PM, David Lang wrote:
your message is badly linewrapped, can you please try again?
also note that while you can ping between the systems, that does
your message is badly linewrapped, can you please try again?
also note that while you can ping between the systems, that doesn't mean that
port 514 (TCP or UDP) can get through, either due to firewalls at the network
layer or iptables on the systems
David Lang
On Tue, 28 May 2024, Kathy
better for you to update to a current version.
David Lang
On Tue, 28 May 2024, Chun-An Lee via rsyslog wrote:
Date: Tue, 28 May 2024 10:31:54 +0800
From: Chun-An Lee via rsyslog
To: rsyslog@lists.adiscon.com
Cc: Chun-An Lee
Subject: [rsyslog] need help with rsyslog
Dear All,
I installed
If you specify omprog in your config and then try to start rsyslog, do you get
any error messages? if the omprog module is not installed, you should get an
error trying to load it.
David Lang
On Fri, 24 May 2024, Mårten Persson via rsyslog wrote:
Date: Fri, 24 May 2024 21:03:56 +0200
From
for some things.
David Lang
On Fri, 24 May 2024, Thomas Raef wrote:
Date: Fri, 24 May 2024 12:37:15 -0400
From: Thomas Raef
To: David Lang
Cc: Rainer Gerhards via rsyslog ,
Rainer Gerhards
Subject: Re: [rsyslog] Stop actions
I created a lower numbered rules file with just
or you have other actions in the config that happen before your stop takes
place.
David Lang
On Fri, 24 May 2024, Rainer Gerhards via rsyslog wrote:
Date: Fri, 24 May 2024 13:57:07 +0200
From: Rainer Gerhards via rsyslog
To: Thomas Raef
Cc: Rainer Gerhards ,
rsyslog-users
Subject: Re
.
I'm not part of adiscon (the company formed by the Rainer, the initial author to
maintain rsyslog), you would have to ask him.
David Lang
On 5/22/24 09:49, David Lang wrote:
8.24 was released back in 2017. RedHat has backported some fixes and
features from newer versions of rsyslog (which were
of it. (adiscon is a very small company, a half
dozen or fewer people AFAIK)
David Lang
On Wed, 22 May 2024, Adam Cecile via rsyslog wrote:
Date: Wed, 22 May 2024 09:31:49 +0200
From: Adam Cecile via rsyslog
To: rsyslog-users
Cc: Adam Cecile
Subject: Re: [rsyslog] Unable to re-use variable generated
, fix capitalization, deal with duplicates, etc)
David Lang
Thanks a lot for your help !
Btw, do you have any suggestion about how to re-compose date-time object
from the individual fields, I'd like to hear from you
On 5/22/24 00:38, David Lang wrote:
if you do rsyslogd -N1 does it complain
if you do rsyslogd -N1 does it complain about anything?
David Lang
On Wed, 22 May 2024, Adam Cecile via rsyslog wrote:
Date: Wed, 22 May 2024 00:32:25 +0200
From: Adam Cecile via rsyslog
To: Adam Cecile via rsyslog
Cc: Adam Cecile
Subject: Re: [rsyslog] Unable to re-use variable generated
if you post that exact text into your liblognorm test, what do you get?
David Lang
On Wed, 22 May 2024, Adam Cecile via rsyslog wrote:
Date: Wed, 22 May 2024 00:24:08 +0200
From: Adam Cecile via rsyslog
To: Adam Cecile via rsyslog
Cc: Adam Cecile
Subject: Re: [rsyslog] Unable to re-use
if you look at the msg field in the RSYSLOG_DebugFormat output, you will see
that it does have a leading space. your pattern doesn't
David Lang
On Tue, 21 May 2024, Adam Cecile via rsyslog wrote:
Date: Tue, 21 May 2024 23:58:23 +0200
From: Adam Cecile via rsyslog
To: Adam Cecile via rsyslog
log the message with RSYSLOG_DebugFormat so that you can see the variables that
exist.
my guess is that your rule needs a leading space, because the msg field you are
parsing starts with a space (a very common problem when you are starting to use
mmnormalize)
David Lang
On Tue, 21 May 2024
On Sun, 5 May 2024, Alberto via rsyslog wrote:
El 5/5/24 a las 22:02, David Lang escribió:
...
I only need filter by source, but all fields (FROMHOST, HOSTNAME,
FROMHOST-IP...) that can give me any information are useless because
appears Docker host IP, not real source host IP, and I cannot
populate
fromhost (I've probed, anyway).
which end is on docker? the sender or the receiver?
if fromhost-ip isn't useful, then fromhost won't be either as it's a lookup from
fromhost-ip
what is the sending system?
David Lang
PROGRAMNAME, SYSLOGTAG, APP-NAME... give me app name not source
know of, what happens if you
remove it?
are there any man pages for syslog.conf on that system?
David Lang
Any Idea?
Best Regards,
Alberto
___
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professio
I'm pretty sure this is one of the areas affected by the improvements since 2020
in imfile.
David Lang
On Tue, 23 Apr 2024, Ian Diddams via rsyslog wrote:
Date: Tue, 23 Apr 2024 14:10:32 +
From: Ian Diddams via rsyslog
To: John Chivian ,
rsyslog-users
Cc: Ian Diddams
Subject: Re
on the central server??
David Lang
On Mon, 22 Apr 2024, Ian Diddams via rsyslog wrote:
Date: Mon, 22 Apr 2024 08:42:00 +
From: Ian Diddams via rsyslog
To: rsyslog-users
Cc: Ian Diddams
Subject: Re: [rsyslog] [EXTERNAL] Re: imfile rsyslog config sporadic since
upgrade to ubuntu20
specifically
a
dynamic filename)
David Lang
___
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list
messages (at least
in some cases), I know rate limiting is based on batches rather than individual
messages, but didn't think queue size checking worked that way.
David Lang
On Fri, 19 Apr 2024, Tan Mientras via rsyslog wrote:
Date: Fri, 19 Apr 2024 14:12:36 +0200
From: Tan Mientras via
a longstanding problem of not being able to
deliver your messages (causing the queues to build).
David Lang
On Fri, 19 Apr 2024, Tan Mientras via rsyslog wrote:
Hi.
Long time no see!
A few months ago we deployed an opensearch cluster feeded by rsyslog and
let it running without giving it any
that puts them in different directories based on the hostname.
David Lang
On Fri, 19 Apr 2024, David Lang via rsyslog wrote:
Date: Fri, 19 Apr 2024 03:59:53 -0700 (PDT)
From: David Lang via rsyslog
To: Ian Diddams via rsyslog
Cc: David Lang
Subject: Re: [rsyslog] [EXTERNAL] Re: imfile rsyslog
Is there any chance that they are getting logged under a different hostname?
David Lang
On Fri, 19 Apr 2024, Ian Diddams via rsyslog wrote:
Date: Fri, 19 Apr 2024 09:24:03 +
From: Ian Diddams via rsyslog
To: "rsyslog@lists.adiscon.com"
Cc: Ian Diddams
Subject: Re: [rsyslog]
o with such an old version.
based on your test, it sounds as if imfile is reading things, but not matching
something else on your central system. can you provide more info about the
config there?
David Lang
___
rsyslog mailing list
https://lists.adiscon.net/mai
On Wed, 17 Apr 2024, Attila Lakatos via rsyslog wrote:
On Tue, Apr 16, 2024 at 1:17 PM Derek Atkins via rsyslog <
rsyslog@lists.adiscon.com> wrote:
Hi David,
On Tue, April 16, 2024 6:32 am, David Lang via rsyslog wrote:
> Is there any way to duplicate the existing functionality wit
that we
will need to make the new option work with both.
David Lang
On Tue, 16 Apr 2024, Attila Lakatos via rsyslog wrote:
One approach that comes to my mind is to create a brand new provider using
e.g. openssl. Provide
a new configure option to build that. If the new crypto provider is turned
t is identical to
MsgForwardFormat that users $.pri instead of $pri (the outbound message is just
text, so you can make it say anything)
David Lang
On Mon, Apr 8, 2024 at 6:37 PM David Lang wrote:
not easily within rsyslog, with an event correlation engine, you have a lot more
capability (which
), but that
gets really ugly really quickly
you would combine it essentially with a if/else type arrangement to only be done
if the prior action didn't take place. I don't know if the onceeveryinterval
will work with that.
David Lang
On Mon, 8 Apr 2024, Prasad Koya wrote:
Thank you
the right thing to do.
David Lang
On Sun, 7 Apr 2024, Prasad Koya via rsyslog wrote:
Thanks for the replies.
My requirement is that I have a daemon that may generate a burst of
syslogs, say, every minute (when a certain subsystem is overloaded).
We do not want to write all these syslogs to /var/lo
it's common for rsyslog configs to drop privileges, and if it does so, it can't
then make use of those privileges to open files as other users, etc.
This is why we need to see the full config, and any files included.
David Lang
On Sat, 6 Apr 2024, Mariusz Kruk via rsyslog wrote:
Also
if you are using the action() syntax, you set the ownership as part of the
action.
if you post your full config (including included files) we can better guess
what's wrong with it.
David Lang
On Sat, 6 Apr 2024, warron.french via rsyslog wrote:
I am running multiple servers on RHEL-7.9
(which could be
'system X sent Y OOM messages in the last 5 min' or something like that)
David Lang
On Tue, 2 Apr 2024, Prasad Koya via rsyslog wrote:
Date: Tue, 2 Apr 2024 18:25:01 -0700
From: Prasad Koya via rsyslog
To: rsyslog-users
Cc: Prasad Koya
Subject: [rsyslog] rate limiting logs
it, please re-post it)
when the problem isn't network/permissions, >90% of the time the problem is that
the log isn't being parsed the way you think it is, so the filter doesn't match.
David Lang
On Mon, 25 Mar 2024, Kees de Jong via rsyslog wrote:
Hi David,
SELinux is disabled on all ho
, or if there are firewall rules blocking that port. It's possible that
SELinux or systemd are also preventing rsyslog from accessing that port.
David Lang
On Mon, 25 Mar 2024, Kees de Jong via rsyslog wrote:
Date: Mon, 25 Mar 2024 10:25:23 +
From: Kees de Jong via rsyslog
To: "rsyslog@lists.adiscon.com
good to hear, If you can identify what in the logging configuration was
different that caused this problem, please post it to the list so that others
can learn from it.
David Lang
On Fri, 22 Mar 2024, Pedro Caetano via rsyslog wrote:
Starting from a minimal configuration on the switch
ok, the rawmsg field is telling us that the body of the message sent by the
device is a bunch of nonsense (control characters with a lot of nulls)
so the problem is on the sending side, not on the rsyslog side, look at your
options there..
David Lang
On Thu, 21 Mar 2024, Pedro Caetano via
when you use imjournal with rsyslog, journald is storing the logs in it's
database, then rsyslog is periodically querying the database for new logs. that
database can be all in ram, or partially on disk.
David Lang
On Wed, 20 Mar 2024, David Lang via rsyslog wrote:
Date: Wed, 20 Mar 2024 12
The jousnal is storing them somewhere anyway (in ram if nothing else), that's a
'feature' of journald.
you can set how much space you allocate to journald for it's fixed storage and
so can set it small enough to not be an issue.
David Lang
On Wed, 20 Mar 2024, Attila Lakatos via rsyslog
please log some messages with the template RSYSLOG_DebugFormat so we can see
exactly what is being sent, along with all the variables that it's being parsed
into. (and go ahead and send those in the email rather than posting to pastebin)
David Lang
On Wed, 20 Mar 2024, Pedro Caetano via
we would need to see your full configs on both the sender and receiving sides to
make a guess as to what is being done wrong.
David Lang
On Tue, 19 Mar 2024, Brian via rsyslog wrote:
I will have to take a closer look at logs but yes, the logs in the
receiving syslog server are showing up
if Redhat does not provide you with the pmciscoios module, then you need to
upgrade to a version that the community supports install that package from the
community repo.
see https://www.rsyslog.com/rhelcentos-rpms/ for instructions.
David Lang
P.S. this list is very much still alive
please post your full configs, it's likely that there are other things in the
config that are causing issues.
note that when you are within an if statement, you don't need to do the &, just
a bare stop will apply to everything that the if matched.
David Lang
On Tue, 19 Mar 2024, Kee
in practice is using json in the message body and
parsing that on the receiver.
There are no known problems on any processor (ARM or anything else)
David Lang
On Mar 15, 2024, at 11:53, Dimi Onobodies via rsyslog
wrote:
Hi everyone
I have two questions irrelevant with each other. I thought
imjournal uses the journal api to fetch the logs (fetching them in
near-real-time), journald keeps files internally to support it.
David Lang
On Fri, 15 Mar 2024, Attila Lakatos via rsyslog wrote:
The solution is clean to me, however I think this could be a bottleneck for
busy systems. Also
to disk at shutdown (but this can
take time, so you may need to increase the systemd timeout for letting rsyslog
do a clean shutdown)
David Lang
On Wed, 13 Mar 2024, Attila Lakatos via rsyslog wrote:
Date: Wed, 13 Mar 2024 13:49:19 +0100
From: Attila Lakatos via rsyslog
To: rsyslog-users
journald does not have the ability to send over the network to a syslog server.
when you configure journald to send to a syslog daemon, journald throws away a
lot of details that it knows. The other option is to use imjournal in rsyslog to
fetch the logs from journald
David Lang
On Tue, 12
have rsyslog write to different directories based on the sender
hostname/sourcetype/index and have splunk pick those up from the directory
rather than showing the splunk system as the sending host)
David Lang
On Tue, 5 Mar 2024, Andrew Heath via rsyslog wrote:
Greetings,
I have a rsyslog
while
you can frequently get away with using a FQDN and not having the short name be
unique, it is likely bite you at some point. Best to avoid it.
David Lang
___
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http
$fromhost is the result of a name lookup of the IP of the connection, it is
always the full result of that lookup (which will normally be a FQDN from DNS
David Lang
On Fri, 23 Feb 2024, Frank Morawietz via rsyslog wrote:
Thanks for your reply, Mariusz.
Also remember that fromhost
worse)
As noted, you if you care about absolute ordering of logs, you need good, high
precision timestamps, especially across multiple machines.
David Lang
___
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http
files as an extreme example.
David Lang
On Wed, 14 Feb 2024, Alex via rsyslog wrote:
Hello
I have two rsyslog servers - sender and receiver
Sender get data, convert it to json and send via relp to receiver
But receiver can't parse json
1. Sender config
module(load="omrelp")
templat
on. Perhaps I'm missing some other "action" setting?
Appreciate if you can give me a pointer to a sample configuration or point
me to relevant documentation.
Thank you.
On Mon, Feb 5, 2024 at 11:11 AM David Lang via rsyslog <
rsyslog@lists.adiscon.com> wrote:
> you hav
and see the action being
suspended after some failures.
David Lang
On Tue, 6 Feb 2024, Prasad Koya wrote:
Alex, excuse me for using this thread for posting my question. But my
question is also on the same topic.
I have configured rsyslogd (v8.2102.0) to forward syslogs to two remote
servers
you should be able to configure kafka to not throw away logs in it's queue.
In your example below, you have configured rsyslog to throw away messages when
the queue fills up to 6 messages.
can you show the pstats data that shows that rsyslog is dropping messages?
David Lang
On Tue, 6
as a result.
David Lang
On Tue, 6 Feb 2024, russel.miranda--- via rsyslog wrote:
Hello rsyslog community,
I am working on a Centos 7 system that has rsyslog 8.2202.0 configured to
monitor and process perhaps 2 dozen log files with the imfile module.
The module is loaded with the module directive like
to relevant, not to a
404 message.
David Lang
___
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC
to throw away messages if it
gets too full.
David Lang
On Mon, 5 Feb 2024, Alex via rsyslog wrote:
I have rsyslog (8.2310.0) in docker container from latest alpine image as a
syslog collector with forwarding to logstash.local and rabbitmq.local
Rsyslog stops working when rabbitmq is unavailable
it's trying to access (to make sure it's
trying to access what you think it is)
David Lang
On Mon, 5 Feb 2024, Garry Allen wrote:
Thanks David
I have tried running it with ryslogd -n as root but it gives the same error
message. I made sure before running it that the rsyslog service
a difference in the permissions
when run as root vs when started at boot.
David Lang
On Mon, 5 Feb 2024, Garry Allen via rsyslog wrote:
I am trying to get Ubuntu 22.04 rsyslog clients to connect to a Red Hat 8.8
rsyslog server using RELP over TLS. The Red Hat server has been configured
using
their build options are and
look at compilign rsyslog directly from source to get the latest version.
David Lang
On Tue, 23 Jan 2024, Kevin McKibbin via rsyslog wrote:
I used the following commands and it seems to have rsyslog running OK.
Do you think it's reasonably safe to use CentOS_8 RPMs
/properties evolved in rsyslog, I think a
re-write that starts off with an explination that ignores that history and talks
about how they are used (and then has a history section at the bottom or as a
link) would be better
I'll comment more as I think of things
David Lang
* what would be good
expected
rsyslog versions were 8.n up until about 8.36 and then moved to the date based
number scheme.
David Lang
On Wed, 3 Jan 2024, Karan Parmar wrote:
Date: Wed, 3 Jan 2024 20:33:06 +
From: Karan Parmar
To: David Lang ,
Karan Parmar via rsyslog
Cc: Karan Parmar
Subject: Re
to update to a more current one to update not only rsyslog, but a
lot of other things on the system.
David Lang
On Wed, 3 Jan 2024, Karan Parmar via rsyslog wrote:
Date: Wed, 3 Jan 2024 15:06:24 -0500
From: Karan Parmar via rsyslog
To: rsyslog@lists.adiscon.com
Cc: Karan Parmar ,
Karan Parmar
a HUP will reconnect, but I don't think that a HUP will reload the certificates
from disk.
David Lang
On Sat, 30 Dec 2023, John Chivian via rsyslog wrote:
I believe restarting is the only way possible to achieve this. Certificates are connection based and therefore you must force the client
we would be open to a patch for a flag that dropped the offending message and
kept going (see my other message about batch handling) but not to just ignore
the message and retry.
David Lang
On Wed, 6 Dec 2023, Peter Portante via rsyslog wrote:
Hello Rsyslog People!
I have been working
to new files. Then I have a
separate process do any compression on the files later.
David Lang
On Thu, 30 Nov 2023, Dan Pritts via rsyslog wrote:
[ catching up on lists ]
One thing I’d strongly suggest is decoupling rotation from compression. If you
compress from logrotate, it compresses files
it very much looks like a logrotate issue.
David Lang
On Tue, 14 Nov 2023, Dimi Onobodies via rsyslog wrote:
So I added "-v" option on the cronjob and redirected output to a file. I
observed the following:
considering log /data/servers/rsyslog/ldap-access.log
log needs rotating
/no' 'true/false', I considered '' '$!' and '$.' to allow
the use of $!foo or $.foo but after thinking about it a bit, I don't think the
added flexibility would be worth the complexity and confusion it could cause.
thoughts?
David Lang
___
rsyslog
n to add the 'call' capability and the ability to tie a ruleset to an
input), years later when the page on legacy statements was added, that one was
missed.
Rainer, is there a relatively easy way to search the code for legacy type
statements to make sure they are all documented on the legacy conf
hostname should not change, fromhost and fromhost-ip will change.
David Lang
On Thu, 2 Nov 2023, Martin Passard via rsyslog wrote:
Date: Thu, 2 Nov 2023 14:46:34 +
From: Martin Passard via rsyslog
To: "rsyslog@lists.adiscon.com"
Cc: Martin Passard
Subject: [rsyslog] Host
here should possibly be broken into sub-pages (some
sub-pages already exist that cover some of these and can/should be simplified),
or it make make sense to have a simple version on an overview page with the
ability to click down for the gory details.
David Lang
Rsyslog architecture is very
,
still supported, but not as clear)
David Lang
___
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL
Makes sense to me, they are far more dependent on the distro decisions than
anything we provide.
David Lang
On Fri, 20 Oct 2023, John Chivian via rsyslog wrote:
Hi Rainer:
Our source of truth for rsyslog.service has always been the copy packaged
with the OS, and all modifications
what's actually
happening.
David Lang
On Wed, 11 Oct 2023, Ole Froslie via rsyslog wrote:
Date: Wed, 11 Oct 2023 14:04:07 +0200
From: Ole Froslie via rsyslog
To: rsyslog@lists.adiscon.com
Cc: Ole Froslie
Subject: [rsyslog] Rsyslog error: imfile: wd 1 already in wdmap
Hi all,
I struggle
P.S. this confusion of templates being useful for parsing messages seems to be a
common one, any suggestions on what we should put in the documentation to make
clear that they are for output only, not for parsing messages?
David Lang
On Wed, 11 Oct 2023, Gundlapally, Navanitha via rsyslog
there.
David Lang
On Wed, 11 Oct 2023, Gundlapally, Navanitha via rsyslog
wrote:
Hi Team,
I am new to this community and hoping to get some help with my below query.
We are collecting some network logs from client devices to a Syslog collector
(A) which is managed by Vendor and the next
most distros have additional rsyslog-* packages that include modules that have
other dependencies, and it's common for omudpspoof to be in those additional
packages.
David Lang
On Wed, 11 Oct 2023, Raghunatha Reddy wrote:
Dear David & Rainer,
How are you doing? As part of my work, I
On Tue, 10 Oct 2023, Michael Biebl wrote:
Am Di., 10. Okt. 2023 um 21:49 Uhr schrieb David Lang :
I see people putting things in /etc/rsyslog.d besides configs, so locking down
/etc may trip them up.
ProtectSystem=full will make /etc read-only.
Do you have a use case in mind where rsyslog
.
can /etc/rsyslog.d be made a link to someplace that's safe for rsyslog to write
to without too much grief?
David Lang
On Tue, 10 Oct 2023, Michael Biebl wrote:
See the links for ProtectHome and ProtectSystem
Am Di., 10. Okt. 2023 um 20:35 Uhr schrieb David Lang :
what directories
what directories will rsyslog be able to access (both read and write) with this
config?
David Lang
On Tue, 10 Oct 2023, Michael Biebl via rsyslog wrote:
Date: Tue, 10 Oct 2023 20:20:14 +0200
From: Michael Biebl via rsyslog
To: rsyslog-users
Cc: Michael Biebl
Subject: [rsyslog] [RFC
look at mmnormalize for ways to parse the message into various fields under $!
that you can then use in templates. There is a very simple json parsing option
as part of this.
David Lang
On Mon, 2 Oct 2023, Karsten Ohme via rsyslog wrote:
Hi all,
I'm looking for an input plugin support
out
the */* and just have a line that read ?CATC and it will be the same as your
current CATC line)
re-write everything using if...then syntax and I think it will be more obvious
what is going wrong
David Lang
On Thu, 28 Sep 2023, warron.french via rsyslog wrote:
I hope this is th
66.167.227.145
cannot find your hostname, [66.167.227.145]; from=
to= proto=ESMTP helo=
Thomas
On 21/09/2023 11:00, David Lang wrote:
On Thu, 21 Sep 2023, TG Servers wrote:
I did not get a single message from you David regarding that, that
confused me quite a bit as Rainer
understanding what you are doing. The systemd logging system
is named journald
David Lang
On Thu, 21 Sep 2023, TG Servers wrote:
Date: Thu, 21 Sep 2023 11:26:50 +0200
From: TG Servers
To: David Lang
Cc: Rainer Gerhards ,
TG Servers via rsyslog
Subject: Re: [rsyslog] Repeated 111
1 - 100 of 3658 matches
Mail list logo