Hi all,
I found rsyslogd occasionally produced corrupted log entries like
<6>1 2011-12-23T23:03:18.089938+08:00 db1 <D0>#001 D^kernel - -
device eth0 entered promiscuous mode
I believe that problem appeared in earlier versions including 5.8.2.
Looks like corruption never occur before hostname field. Is it a
reported bug? Any clue?
rsyslogd 5.8.6, compiled with:
FEATURE_REGEXP: Yes
FEATURE_LARGEFILE: No
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
Runtime Instrumentation (slow code): No
/etc/rsyslog.conf
$ActionFileDefaultTemplate RSYSLOG_SyslogProtocol23Format
$ActionForwardDefaultTemplate RSYSLOG_SyslogProtocol23Format
$ModLoad imklog
$ModLoad imuxsock
$ModLoad impstats
$SystemLogSocketIgnoreMsgTimestamp off
$SystemLogUsePIDFromSystem on
$PStatInterval 600
$PStatSeverity 7
$WorkDirectory /var/spool/rsyslog
$MainMsgQueueSaveOnShutdown on
$MainMsgQueueFileName mq
$MainMsgQueueMaxFileSize 5m
$ActionQueueType LinkedList
$ActionQueueSaveOnShutdown on
$ActionQueueFileName dbq
$ActionQueueMaxFileSize 10m
$ActionResumeRetryCount -1
*.* @@(o)10.2.3.4
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
Thanks,
Kaiwang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
