Hi. Just some quick notes.
Upgrade if you can. 5.8.5 is way too old.
On 05/22/2012 03:56 PM, Juan Jose Pavlik wrote:
Right after the queues filled up, it stoped sending logs to the second log
server too.
My guess was that is hangs on one action which fills the main queue
which slows message processing. But forwarding would be the one to
suspect if other outputs are just plain files.
in my centralized logging server and im getting some troubles i'd really
love to figure out. I've around 170 servers/switches/otherthings logging on
this server, most of them just send auth.* logs, some apaches sending the
access and error logs, and switches sending warns and errors. Sometimes the
rsyslog queues get complettly filled up and it stops writing logs to disk,
this is the exact logs of what happened:
Stops completely or just writes them incredibly slowly?
Once *size* reaches 10000 (the default max as far as i know) things get
complicated, rsyslog starts to drop logs and misbehave. The rsyslog
Dropping is a default action in case of congestion, do you really see
some misbehavior?
configuration write a per host files into /var/log/servidores/, it also
sends some logs to another rsyslog server and a postgress database running
in another server. 2 weeks ago, i disabled sending logs to the postgress
databse, because i had this same problem and we lost too many hours of
logs. Most of the servers are sending logs by TCP and a few servers and
other devices use UDP.
Is there a way i can avoid this problem? should i increase the mainqueue
size? use other queues? Any help will be great. Thanks
Any particular size of a queue (or available ram) is finite. If you can
identify the output that blocks the processing, put it in a separate
queue and configure enqueuing to have a short timeout. This should
mitigate the issue to some degree, not to be an ideal solution.
e.g.
$ActionQueueTimeoutEnqueue <milisec>
This could also be a bug, but I can't recall all the issues all the way
back to 5.8.5. Do you encrypt the forwarded logs?
Tomas
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
