> -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Marcin Miroslaw > Sent: Thursday, October 21, 2010 4:24 PM > To: rsyslog-users > Subject: [rsyslog] Could be message "imuxsock begins to drop messages" > be a little more verbose? > > Hello! > I found in message.log following messages:" > 2010-10-19T22:24:58.641707+02:00 localhost suhosin[1669]: ALERT - > script > tried to increase memory_limit to 268435456 bytes which is above the > allowed value (attacker '2001:470:1f0b:1ab > 3:1ce3:a6fc:750f:fde1', file '/dane/domeny/xxxxx', line 96) > 2010-10-20T09:23:28+02:00 localhost sshd[23129]: error: PAM: > Authentication failure for marcin from 127-goc-33.acn.waw.pl > 2010-10-20T09:23:30+02:00 localhost sshd[23129]: Accepted > keyboard-interactive/pam for marcin from 94.75.108.127 port 49875 ssh2 > 2010-10-20T10:27:54.593338+02:00 localhost kernel: [167143.457207] > deliver[667]: segfault at 48 ip 9af8c707 sp b220b910 error 6 in > libdovecot-storage.so.0.0.0[9af2f000+a3000] > 2010-10-20T15:37:25.404441+02:00 localhost rsyslogd-2177: imuxsock > begins to drop messages from pid 12703 due to rate-limiting > 2010-10-20T15:37:27.006681+02:00 localhost rsyslogd-2177: imuxsock lost > 147 messages from pid 12703 due to rate-limiting > 2010-10-20T15:37:28.850821+02:00 localhost rsyslogd-2177: imuxsock > begins to drop messages from pid 12703 due to rate-limiting > 2010-10-20T15:37:33.003283+02:00 localhost rsyslogd-2177: imuxsock lost > 462 messages from pid 12703 due to rate-limiting > " > > It's fine rate-limit cut off many messages, but is it possible that > imuxsock provide what message is dropped?
No, because that would force me to store the last message for every possible pid. The idea is that you have the pid, so you can check what was the last message from that pid inside the log file. Rainer > From this log i don't know > which application floods log (probably php-cgi) and what was the > message. Could be message from rate-limit extended with info about: > name > of pid and message? > E.g.: > "2010-10-20T15:37:28.850821+02:00 localhost rsyslogd-2177: imuxsock > begins to drop messages from pid 12703 due to rate-limiting, *last > mesasge was*: localhost suhosin[1669]: ALERT - script tried to > increase > memory_limit to 268435456 bytes which is above the allowed value > (attacker '2001:470:1f0b:1ab > 3:1ce3:a6fc:750f:fde1', file '/dane/domeny/xxxxx', line 96)" > > Regards! > > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
