On 2007-08-31, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > could you please provide some more info on your configuration? > Configuration file,
################################################################################# $ grep -v ^# /etc/rsyslog.conf|grep -v ^$ $template DailyPerHostLogs,"/var/log/syslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%.log" *.* -?DailyPerHostLogs $template MaillogTemplate,"%timegenerated::fulltime% %HOSTNAME% %syslogtag%: %msg%\n" $template HourlyMaillog,"/var/log/syslog/maillog/%$YEAR%/%$MONTH%/%$DAY%/maillog-%$YEAR%%$MONTH%%$DAY%%$HOUR%.log" mail.* -?HourlyMaillog;MaillogTemplate $template precise,"%timegenerated::fulltime% %HOSTNAME% %syslogfacility-text%/%syslogseverity-text% %syslogtag% %msg%\n" *.* -/var/log/syslog/everything;precise mail.* ~ $template PerAppLogs,"/var/log/syslog/apps/%programname%.log" *.* -?PerAppLogs :msg, contains, "ServeRAID" -/var/log/syslog/apps/serveraid.log :HOSTNAME, !isequal, "loghost1" ~ *.info;mail.none;authpriv.none;cron.none /var/log/messages authpriv.* /var/log/secure mail.* -/var/log/maillog cron.* /var/log/cron *.emerg * uucp,news.crit /var/log/spooler local7.* /var/log/boot.log ################################################################################# > options used, $ grep -v ^# /etc/sysconfig/rsyslog SYSLOGD_OPTIONS="-m 0 -r514" KLOGD_OPTIONS="-x" SYSLOG_UMASK=077 > log entries preceding the crash, ... It's a quite busy log server, with about 70 active old style syslog servers sending logs to it. The second it crashed it wrote 111 log-messages.. (273 the second before), mostly various postfix daemons, and I'd need to anonymize them before sharing.. Can't see anything special. > If logging forwarded messages, is the remote logger also rsyslog? No, all are RHEL3/4/5 with their default syslogd server. -jf _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog
