Re: [rsyslog] [Maybe OFF-TOPIC] Add TAG in syslogd/klogd

Hello! If you can change the remote syslog port on your sender side, then there is another way. You can create a dedicated rsyslog input listening on a port (imptcp/imtcp/imudp), bind it to a ruleset, then assume that every message in the ruleset is from that expected sender (just do not use that

Re: [rsyslog] Capturing shutdown logs

Hello Atilla! You can limit the persistent journald storage in size with SystemMaxUse option. Just find a value which is good enough for you to save all the messages while rsyslog is down. I guess 1Gb should be more than enough. On Wed, 20 Mar 2024 at 12:17, Attila Lakatos via rsyslog <

Re: [rsyslog] New Doc Effort

Hi Rainer! FINALLY! That's great news! As I'm unemployed at the moment I can do some volunteering also. Feel free to reach me directly if anything! Thank you! On Thu, 4 Jan 2024 at 20:31, Rainer Gerhards via rsyslog < rsyslog@lists.adiscon.com> wrote: > Hi all, > > happy new year to everyone!

Re: [rsyslog] Repeated 111 to rsyslog UDS from nginx

Hello! Does the timing match with rsyslog restarts (manual or logrotate-initiated)? On Mon, 18 Sept 2023 at 00:39, TG Servers via rsyslog < rsyslog@lists.adiscon.com> wrote: > Hi, > > ever since I started logging to a UDS from my nginx I get the occasional > 111 in my nginx error logs. > As I

Re: [rsyslog] Filtering message types in rulesets

Hello! It's the same as without ruleset I'd say.. As long as the source sets severity right you should be able to use this: ruleset(name="vcsa20525" queue.type="linkedlist" queue.workerThreads="4" queue.workerThreadMinimumMessages="3000"){ if $syslogseverity-text != ['info', 'debug'] then {

Re: [rsyslog] High performance TLS logging

Hi Marcin! I haven't tried imtcp in production.. but a few years ago I had quite a loaded rsyslog infra setup. So from my memories 1M msg/min is not that high.. it's just 17k msg/s. I'd expect even RELP should be able to process this on a single core. Though my infra was baremetal Xeon servers.

Re: [rsyslog] rsyslog as an AWS Markteplace Application

Hello! I'd suggest extending the offer to Azure cloud too.. it shouldn't be really different from the AWS case (I'd expect just a bit different `packer` config to create the image).. Thank you! On Wed, 22 Mar 2023 at 15:30, Rainer Gerhards via rsyslog < rsyslog@lists.adiscon.com> wrote: > Hi

Re: [rsyslog] Effective way to cut a field from event?

Hi Mariusz! I'd suggest you try with mmfields first ( https://www.rsyslog.com/doc/v8-stable/configuration/modules/mmfields.html). If no luck then I'd go for mmnormalize. This way you can extract all the fields required and then use a template to put just fields you need back into a message. I

Re: [rsyslog] field.number as a range

Hello! If you need multiple fields and those are single-char-separated then using mmfields action might be more profitable: https://www.rsyslog.com/doc/master/configuration/modules/mmfields.html. In more complicated case I'd suggest to engage mmnormalize instead:

Re: [rsyslog] Forward to multiple syslog servers with TLS protocol (multiple sets of CA/cert/key)

Hi! Another workaround is to use RELP which is able to configure TLS settings per-action ARAIR. On Wed, 6 Apr 2022 at 06:12, David Lang via rsyslog < rsyslog@lists.adiscon.com> wrote: > up until at least very recently this was not possible. There has been work > to > make the connection