I guess you have lost a couple of updates. I have been working pretty aggressively on bugs the past two to three weeks. Those issues that I knew are closed now (except one dangling with ommysql, which I cannot reproduce and currently get not more data on). Please grab the latest 5.7.8 and see if the problem persists. If it does, please open a bug tracker, so that we can work together to find the culprit and fix it :)
Thanks, Rainer > -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Anders Synstad > Sent: Thursday, March 10, 2011 3:37 PM > To: [email protected] > Subject: Re: [rsyslog] Problem with "corrupt" log message > > Hello, > > On 01/20/2011 01:21 PM, Rainer Gerhards wrote: > >> -----Original Message----- I'm running latest Rsyslog 5.6.2. I > >> pretty much came to the same conclusions as you. > >> > >> I doubt I can reproduce it. Out of several gigabytes of logs each > >> day, this is the first time I've seen it. > > > > Yup... Maybe this helps: I got some reports from folks who have a bit > > of a problem with 5.6.2 and a very good report came in yesterday. I > > am about to look at it. It could be that all of this has a common > > reason. But other than that, I do not have any advise right now... > > > > Did these reports give any results regarding this issue? > > I've been trying to dig a bit more in our logs, and I've seen it happen > more than once now. It's however a bit hard to locate these corrupt > lines in the logs as they differ slightly. > > I also did a quick attempt at some tcpdumping, but without knowing a bit > more what I'm looking for, it's too much data going thru the system at > the moment to be just staring at it. > > The bits of configuration related to these logsfiles are: > > $ModLoad imudp # Standard input module for UDP > $ModLoad imtcp # Standard input module for TCP > > $template t-network,"/var/log/network.%$myhostname%.log" > $template bf-default,"%timegenerated:::date-rfc3339% %fromhost% > %rawmsg:::drop-last-lf%\n" > > # Ruleset: network > $Ruleset network-udp-10514 > $RulesetCreateMainQueue on > *.* -?t-network;bf-default > > $RuleSet network-tcp-10514 > $RulesetCreateMainQueue on > *.* -?t-network;bf-default > > $InputUDPServerBindRuleset network-udp-10514 > $UDPServerRun 10514 > > $InputTCPServerBindRuleset network-tcp-10514 > $InputTCPServerRun 10514 > > > > I'm using load balancing (active/passive) and different vips on the LB > to point logs from different systems to different ports on my central > loghost. And all in all, this is working very nicely :) > > But as you can see, both tcp and udp is logged to the same file, and I > almost willing to bet my right pinky that the problem is related to this. > > Another example of a broken log: > > 2011-03-08T12:50:45.973537+01:00 > > osl3-lb05b-v2011-03-08T12:50:46.126028+01:00 > > some.fw.net <164>Mar 08 2011 12:50:46: > > %ASA-4-106023: Deny tcp src outside:x.x.x.x/6000 dst > > some.lb-lnk:x.x.x.x/3389 by access-group > > new-test-fw-lb-lnk_out [0x4da29309, 0x0] > > > > > Regards, > Anders Synstad > Basefarm AS > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
