Recently my colleague and I have been working on implementing an
enterprise logging solution with large amounts of data. We recently
moved to version 7 to fix some issues with network queues and are now
rewriting our config from version 5 to version 7. During this
conversion I have ended up with a few questions that I am hoping
somebody can explain. It seems like there is a lot of good
documentation out there; however, most of it I end up stumbling upon.
Q. What is the quantifier for IOBufferSize? The documentation say's
that 4K is the default, but what value size does the setting take?
Does IOBufferSize="4" indicate 4K?
Q. We are currently using $ruleset and it's really annoying. I have
seen examples of ruleset { } being used, but when I try this I get a
configuration error.
Q. certain messages that are coming across are generating SQL errors.
Because I get is the error and I am dealing with about 3000 messages a
second its impossible to tell what message caused the error. It would
appear that the error is possible being generated because certain
properties that should contain values do not or they contain a single
quote. Is there anyway to troubleshoot this?
Q. input(type="XXX" im.ruleset="blah") does not appear to work at all.
I get configuration errors when attempting this.
Q. Using the old config style trying to bind UDP/TCP messages to any
ruleset that is not called remote causes a segfault.
Q. if ($programname contains 'blah') causes a segfault -- if
($programname contains ['blah']) works fine.
Q. I noticed some traffic regarding pmlastmsg making last messages not
suck :) however, when I try and implement pmlastmsg in a ruleset it
appears to do nothing.
I understand that I have not posted my config but if necessary I can
post sections of it.
Thanks for any insight or direction.
Very Respectfully,
Stephen Bunn
[email protected]
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
