Hello,
My team is currently working on a new plugin off of the master-elasticsearch
branch. There very well could be something faulty in our config but for some
reason whenever we define expression-based filters rsyslogd segfaults.
The rules do work for the brief period of time rsyslog runs. When we block
inbound syslog traffic (via iptables rules) it stays running. When we run
rsyslog with the rules commented out it stays running as well.
Here are a few rules we have defined in rsyslog.conf:
# Linux Tomcat logs
if ( ( $programname == 'local4' ) and ( $hostname contains_i '-int' or
$hostname contains_i '-uat' ) ) then { action(type="omfile" file="/v
ar/log/preprod/log4j") }
& ~
if ( ( $programname == 'local4' ) and not ( $hostname contains_i '-int' or
$hostname contains_i '-uat' or $hostname contains_i 'logstore1'
) ) then { action(type="omfile" file="/var/log/prod/log4j") }
We're running CentOS 6.2 with 4 cpus & 4 GB of ram.
We have debug output too if that'd be useful.
Thanks!
-Lars
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
