I am just starting down this road, so please forgive my ignorance and any ill-conceived assumptions.
I want to centralize logging of multiple hosts to a single host. There is one artifact of doing so (and in fact it's not even particular to forwarding -- it seems to happen on a single node) that I want to resolve and that's the intermingling of log messages in the middle of what should be multiline kernel messages. Think stack traces. The kernel dumps a few dozen lines onto /dev/kmsg which in reality represent a single messages. It happens with the OOM killer but probably, the most common case is stack traces, which each line in the trace is logged as a separate syslog line with a date and time and host stamp, etc. The problem is that it's possible for other messages to be printed in between these multiple lines/messages from the kernel. I'd like to try to atomize these kernel messages so that they are guaranteed to be together in the log without other messages interspersed in them. Is this something that's realistic to achieve or is it fraught with to many problems to be able to do reliably? Thanx, b.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
