So then the fuse driver is playing Schroedinger's cat with the file (sorry
I couldn't resist)
On Fri, Oct 16, 2015, 11:16 AM David Lang wrote:
> On Fri, 16 Oct 2015, Kendall Green wrote:
>
> > The bug doesn't seem to be the file system driver, because the fuse-dfs
> > mount reports the error as
I have multiple incoming messages that I want to filter on the contents of
the message containing an IP address (not a fromhost-ip, etc.)
As a result this forces me to have to search the actual $msg itself using
either regex or contains...
with that being said, is it more efficient for me to re_m
this is an interesting discussion, I'd be curious to see what people are
doing to parse/normalize messages as they are coming in.
Several projects that I'm associated with tend to revolve around
extrapolating properties of a message and then assigning them (typically
post-receipt and generating mo
:
> Whats the error message and complete conf?
>
> Sent from phone, thus brief.
> Am 15.09.2014 20:32 schrieb "Nick Syslog" :
>
> > Would anyone know how I would get the $myhostname variable to work
> > appropriately under the following syntax
> >
>
Would anyone know how I would get the $myhostname variable to work
appropriately under the following syntax
:source , !isequal , $myhostname ~
For whatever reason I can't seem to get this variable and filter
combination to work appropriately.
___
rsys
s, I would expect that it would take
> longer to flush the queues, so you would be more likely to run into this
> problem than on bare metal.
>
> unfortunantly, when you run "service rsyslog start", teh "Ok" is being
> generated by the initscript, not by rsyslog.
>
t's happening when you find that it's waiting for user input but doesn't
> show any prompt and you need to control-c to get out)
>
> now, you say this is new behavior for you, so what changed?
>
> are you using a different version, different storage? are these VMs?
>
>
different identical hosts including one with a 'base' install.
On Sat, Jul 5, 2014 at 4:11 PM, David Lang wrote:
> On Thu, 3 Jul 2014, Nick Syslog wrote:
>
> I've upgraded my VMWare based hosts to 8.2.2 recently and have had some
>> weird phenomena that I can't
I've upgraded my VMWare based hosts to 8.2.2 recently and have had some
weird phenomena that I can't seemingly explain from the previous
installation...specifically:
OS: RHEL 6.3
-Starting/stopping the service using "service rsyslog restart" hangs unless
a sleep is inserted between the stop/start
I don't know, the whole notion of "rocket" and leveraging it to almost
exclusively define product message/capability makes it seem somewhat
cartoonish (ok, logstash is just as bad) which concerns me that it might
serve as a detractor rather than something that encourages new members.
(While I know
is there Cent/RHEL OS RPMs up for 8.2.2?
On Wed, Jun 4, 2014 at 1:34 PM, Michael Biebl wrote:
> 2014-06-04 14:42 GMT+02:00 Rainer Gerhards :
> > I have now updated the doc tarball so that it contains everything that is
> > also in git. I originally thought this would only confuse users and not
YES! It would make the output synonymous with what is seen in the UDP
namingnot to mention we could finally agree on a naming schema for the
IM modules hopefully...
(since I believe IMUDP uses inputname= and IMPTCP uses name= or something
similar.)
On Sat, Jun 21, 2014 at 1:43 AM, Rainer Ger
ote:
> On Wed, May 28, 2014 at 11:06 PM, Nick Syslog
> wrote:
>
> > Just FYI,
> >
> > I pushed global() above my modules and no longer see fragmentation on
> > messages through imPtcp so it would appear the issue from prior legacy
> > versions does still exist
configuration had global() loading AFTER the module
definitions, after placing the configuration for global above the module
configurations I stopped seeing message fragmentation on TCP messages.
On Wed, May 28, 2014 at 9:31 AM, Nick Syslog wrote:
> 8.2.1 presently
>
>
> On Wed, May 28, 201
8.2.1 presently
On Wed, May 28, 2014 at 9:24 AM, Rainer Gerhards
wrote:
> quick question: is this v8.2.2?
>
>
> On Wed, May 28, 2014 at 6:23 PM, Rainer Gerhards
> wrote:
>
> >
> > On Wed, May 28, 2014 at 6:20 PM, Nick Syslog >wrote:
> >
> >> Note
Note: I use exclusively IMPTCP and do not load IMTCP at all
On Wed, May 28, 2014 at 8:42 AM, Rainer Gerhards
wrote:
> On Tue, May 27, 2014 at 10:03 PM, Nick Syslog >wrote:
>
> > I'm seeing cases where many of my large TCP events are now coming in
> > malformed afte
I'm seeing cases where many of my large TCP events are now coming in
malformed after moving my MaxMessageSize parameters into the global()
configuration stanza and was digging through the net to find that people
were remediating the issue by placing MaxMessageSize prior to the module
load for IMTCP
ve set up a link from the legacy doc set the the rsyslog-doc one
> for that page.
>
> Rainer
>
> Sent from phone, thus brief.
> Am 24.05.2014 20:04 schrieb "Nick Syslog" :
>
> > ok, pull request submitted, I think...maybe...
> >
> > I'm not ent
ok, pull request submitted, I think...maybe...
I'm not entirely sure what links to what, so I was only able to update the
file here:
https://github.com/rsyslog/rsyslog-doc/pull/83
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/doc/master/rainerscript/queue_parameters.html
On Sat, May 24, 2014 at 1:16 AM, Rainer Gerhards
wrote:
> http://www.rsyslog.com/doc/queues.html
>
> Sent from phone, thus brief.
> Am 24.05.2014 00:34 schrieb "Nick Syslog" :
>
> > I was curious what t
I was curious what this actually does (and when) since I couldn't find any
direct documentation on this switch.
(Is this the option where a .qi file is created at instantiation of queue?)
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo
I've seen this error before but was not sure it was tied to a particular
issue with TLS.
In my case I was running on a VM and have on occasion seen this error
during startup but have not monitored it continuously and considered it
innocuous (as I have seen errata stating that error is due to a mis
On this same subject, has anyone worked with pstats in either Graphite or
Splunk?
On Wed, May 7, 2014 at 1:33 PM, David Lang wrote:
> On Wed, 7 May 2014, Dan Finn wrote:
>
> I’m looking into getting some better metrics around our logging
>> environment. We have about 300 servers which are send
My team and I are working on new methods for monitoring our disk assisted
queues and additionally look for failures within these queues.
Typically with a 'healthy' DA queue I will see an associated .qi file with
the queue files, my question is this: is a .qi file always generated by
rsyslog at the
Anxiously anticipating the RHEL/CentOS RPMs for 7.6 :o)
Hooray for pstats!
On Wed, Feb 12, 2014 at 8:32 AM, Florian Riedl wrote:
> Hi everyone.
>
> This is the first release of rsyslog 7.6 in the v7-stable branch.
>
> Since 7.4 a lot of new functions have found their way into rsyslog. With
> 7
I haven't tested this yet, but is there any reason why IncludeConfig
wouldn't work encapsulated within an ruleset () {} ?
I ask because I'm interested in segmenting out a few extremely large
ruleset files I presently have into much smaller more manageable (for us)
sub configs/rulesets.
I'd assume
reminds me of a jellyfish
On Thu, Jan 23, 2014 at 12:41 PM, Mike Hoskins (michoski) <
micho...@cisco.com> wrote:
> -Original Message-
> From: robert s
> Reply-To: rsyslog-users
> Date: Thursday, January 23, 2014 at 2:26 PM
> To: rsyslog-users
> Subject: Re: [rsyslog] New logo draft
>
Would it be possible/feasible to consider adding some sort of queue
alerting features to the server in order to more closely monitor when
queuing could potentially get out of control? (or maybe this has already
being suggested...)
Something along the lines of the following (parameter options in
pa
e it in the
> > rsyslog-pkg-rhel-
> > > centos repo.
> > >
> > > - James
> > >
> > > -Original Message-
> > > From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog-
> > > boun...@lists.adiscon.com] On Behalf Of Rainer Ger
Rainier when you have time please submit, it's going to take a bit more
effort to understand where to submit patches, etc. and I'm currently off my
lunch break :)
On Tue, Jan 14, 2014 at 9:45 AM, Nick Syslog wrote:
> I still need to GIT my legs for that :) (Unsure how to sub
hus brief.
> Am 14.01.2014 17:36 schrieb "Nick Syslog" :
>
> > in checking /etc/init.d/functions (thanks Chip) it was noted that "-t" is
> > not a valid option for killproc in RHEL, the correct syntax is "-d XX"
> >
> > I replaced the -t30 with -d
ent) that any
script using -t will not work correctly or not obey the delay imposed.
On Tue, Jan 14, 2014 at 9:07 AM, Nick Syslog wrote:
> I should rephrase and say "...after removing the -t30 OPTION", not line.
>
>
> On Tue, Jan 14, 2014 at 9:06 AM, Nick Syslog wrote:
cesses up till this point.
On Tue, Jan 14, 2014 at 9:12 AM, Rainer Gerhards
wrote:
> On Tue, Jan 14, 2014 at 5:06 PM, Nick Syslog
> wrote:
>
> > Comparing the init.d/rsyslog scripts between 7.4.7 and 7.4.8 I found:
> >
> > 7.4.7 (Line 51):
> > killproc -p &quo
I should rephrase and say "...after removing the -t30 OPTION", not line.
On Tue, Jan 14, 2014 at 9:06 AM, Nick Syslog wrote:
> Comparing the init.d/rsyslog scripts between 7.4.7 and 7.4.8 I found:
>
> 7.4.7 (Line 51):
> killproc -p "$(PIDFILE)" $exec
&g
>
> > are you using the init scripts from the adiscon repository or from
> > somewhere else?
> >
> > David Lang
> >
> > On Mon, 13 Jan 2014, Nick Syslog wrote:
> >
> > Date: Mon, 13 Jan 2014 14:16:29 -0700
> >> From: Nick Syslog
> >> Reply
og maintains the scripts instead of the distro.
>
> are you using the init scripts from the adiscon repository or from
> somewhere else?
>
> David Lang
>
> On Mon, 13 Jan 2014, Nick Syslog wrote:
>
> Date: Mon, 13 Jan 2014 14:16:29 -0700
>> From: Nick Syslog
Has anyone else noticed that the service/init starts on version 7.4.8
typically don't obey standard protocol for starting and stopping the
service?
Most often I use 'service rsyslog restart' and in my recent cases in
development and elsewhere I am seeing that the service STOPS but I have to
manual
people
> >> like, though they can tweak quite a bit themselves.
> >>
> >> I actually use rsyslog for an entirely different use case (high volume
> >> application logs), but was thinking the above could be
> >> modified...inserting rsyslog in the middle s
I'm also interested in this solution as I'm about to implement something
similar in our enterprise as well...
Either that or work on paying to develop something native to rsyslog to
accept the traffic and redistribute it.
On Fri, Jan 10, 2014 at 11:51 AM, Mike Hoskins (michoski) <
micho...@cisco
i, Dec 6, 2013 at 7:38 AM, Rainer Gerhards >wrote:
>
> > On Thu, Dec 5, 2013 at 11:09 PM, Nick Syslog >wrote:
> >
> >> it just doesn't make sense, why would the first two items work in the
> >> array
> >> but not the third?
> >
> >
&g
>
> David Lang
>
>
> On Thu, 5 Dec 2013, Nick Syslog wrote:
>
> More information, I am using libestr-01.5-1 from the repositories for
>> RHEL/CentOS, I started testing as suggested and adding elements to the
>> array one at a time and the data stopped filtering at
filtered at all.
On Thu, Dec 5, 2013 at 12:54 PM, Nick Syslog wrote:
> Using the repo versions for 7.4.6
>
> (my version of libestr is 0.1.5-1)
>
>
> On Thu, Dec 5, 2013 at 10:40 AM, Rainer Gerhards > wrote:
>
>> one thing occured to me (I could not yet have a look at
re was a bug that could affect
> array-evaluation. However, rsyslog builds require the correct version, but
> better double-check...
>
> Rainer
>
>
> On Thu, Dec 5, 2013 at 6:27 PM, Nick Syslog
> wrote:
>
> > Debug logs are in your email Rainier!
> >
&
te:
> Can you send me the debug log?
>
> Sent from phone, thus brief.
> Am 04.12.2013 20:16 schrieb "Nick Syslog" :
>
> > So I've finally gotten back around to this and I've ran into some issues,
> > any assistance or advice would be appreciated.
> &
values in fromhost-ip are identical to the values being supplied within the
array. Debug logs forthcoming rainier
On Thu, Dec 5, 2013 at 2:14 AM, David Lang wrote:
> On Wed, 4 Dec 2013, Nick Syslog wrote:
>
> So I've finally gotten back around to this and I've ran into
the action OUTSIDE of the conditional
IF statement actually creates data. Debug logs have not been much
assistance in this case or I am not correctly reading them.
On Fri, Nov 15, 2013 at 12:39 AM, Rainer Gerhards
wrote:
> On Fri, Nov 15, 2013 at 2:34 AM, Nick Syslog
> wrote:
>
> >
more details.
On Thu, Nov 14, 2013 at 3:49 PM, David Lang wrote:
> On Thu, 14 Nov 2013, Nick Syslog wrote:
>
> I have a recent implementation that cannot use separate ports outside of
>> the standard 514 and I'm looking for a creative way to filter many many
>> device
I have a recent implementation that cannot use separate ports outside of
the standard 514 and I'm looking for a creative way to filter many many
devices to their respective hosts. In my particular case, the most
'accurate' way to filter these hosts is via IP but this can be remarkably
inefficient a
have you looked into leveraging pstats at least in the interim and
potentially restarting your rsyslog server at the 00:00 mark for counter
reset for the following day?
On Thu, Nov 7, 2013 at 5:37 PM, G Jones wrote:
> One of the things we would like to have is a report generated from our
> Rsys
Cool, it's good to know this is something that could in fact be considered
:o)
Will keep the list posted with any contributions made towards getting
either of these described modules developed!
On Mon, Nov 4, 2013 at 9:27 AM, Rainer Gerhards wrote:
> On Mon, Nov 4, 2013 at 2:23 AM, Jacob Stein
> what message rate are you thinking of in terms of netflow messages?
>>
>>
>>
>>
>> I would be thinking in terms of having the syslog message be a JSON
>> formatted message containing all the pieces needed to recreate the original
>> message, and the output
Rainer/David,
I was curious if the 600$ development costs for an "open" effort would be
possible for something like netflow/snmp inputs and outputs?
Have had a lot of conversations lately with co-workers about the
possibility of having SNMP and Netflow routed via rsyslog but I know that
both of t
52 matches
Mail list logo