Well, honestly, this sounds like there is need to talk to each other or at
least to management... This is a loose-loose-loose (you, the others,
company) situation.
Rainer
Sent from phone, thus brief.
Am 25.10.2017 21:18 schrieb "Randall Diffenderfer" <
rdiffender...@proofpoint.com>:
> i am work
i am working with a backlevel version of rsyslogd, so i don't have any
hint of that in there. oh well...
the remote endpoint is, for all intents and purposes, a black hole; it can
be any number of different SIEM or log transport systems, but the main
limiter is the "default" 8k barrier. my json
k
message without loosing anything :-)
David Lang
On Wed, 25 Oct 2017, Randall Diffenderfer via rsyslog wrote:
Date: Wed, 25 Oct 2017 18:48:52 +
From: Randall Diffenderfer via rsyslog
To: Rainer Gerhards ,
rsyslog-users
Cc: Randall Diffenderfer
Subject: Re: [rsyslog] handling oversized
There was a recent config option to imfile to allow you to configure between
trucating the message and splitting the message to have more of it appear in
another message
There is no way for rsyslog to combine messages once they have been split, it
processes messages one at a time.
David Lang
iffenderfer via rsyslog
>> To: Rainer Gerhards ,
>> rsyslog-users
>> Cc: Randall Diffenderfer
>> Subject: Re: [rsyslog] handling oversized messages
>>
>> i suppose i deserved thatŠ :-)
>>
>> however, i have to interoperate with other folks who ca
Diffenderfer via rsyslog
To: Rainer Gerhards ,
rsyslog-users
Cc: Randall Diffenderfer
Subject: Re: [rsyslog] handling oversized messages
i suppose i deserved that… :-)
however, i have to interoperate with other folks who can't/won't increase N …
so, i am pegged at their "N
Rainer Gerhards
> Date: Wednesday, October 25, 2017 at 11:57
> To: Randall Diffenderfer
> Cc: rsyslog-users
> Subject: Re: [rsyslog] handling oversized messages
>
> Yeah but if they are too large... They are. Especially with json payload,
> what will you do against this?
&g
mailto:rgerha...@hq.adiscon.com>>
Date: Wednesday, October 25, 2017 at 11:57
To: Randall Diffenderfer
mailto:rdiffender...@proofpoint.com>>
Cc: rsyslog-users mailto:rsyslog@lists.adiscon.com>>
Subject: Re: [rsyslog] handling oversized messages
Yeah but if they are too large... They
Rainer Gerhards
> Date: Wednesday, October 25, 2017 at 11:33
> To: rsyslog-users
> Cc: Randall Diffenderfer
> Subject: Re: [rsyslog] handling oversized messages
>
> It may sound dumb, but: increase n! That's why this setting exists.
>
> Rainer
>
> Sent f
matic…
From: Rainer Gerhards
mailto:rgerha...@hq.adiscon.com>>
Date: Wednesday, October 25, 2017 at 11:33
To: rsyslog-users mailto:rsyslog@lists.adiscon.com>>
Cc: Randall Diffenderfer
mailto:rdiffender...@proofpoint.com>>
Subject: Re: [rsyslog] handling oversized messages
It may s
It may sound dumb, but: increase n! That's why this setting exists.
Rainer
Sent from phone, thus brief.
Am 25.10.2017 19:48 schrieb "Randall Diffenderfer via rsyslog" <
rsyslog@lists.adiscon.com>:
>
> given the global setting of "maxmessagesize=N", what is my recourse if i
> need to process a
given the global setting of "maxmessagesize=N", what is my recourse if i
need to process a message > N in imfile?
in other i/o modules? it appears the message is truncated at ~N, and not
split (which is what i thought i had seen in the past...)
___
r
12 matches
Mail list logo