I use rsyslog and the imfile module to watch some application logs and send to a central syslog server. imfile is sporadically sending messages to the remote server. On a few servers it works as expected but it isn't consistent.
I receive about 191 new events (lines) per minute and its only sending a few messages every couple of minutes. A tcpdump confirmed the all messages are not being sent from the host. rsyslog-5.10.1-4.el5.centos.x86_64.rpm ReadMode 2 works indented and not 1 not like the doc says. http://www.rsyslog.com/doc/imfile.html Is it possible that it can't keep up? I watch the state files and it doesn't seem like they update at all after they are created. #Sample Config $ModLoad imfile #Watch java app log with multiline support $InputFileName /logs/app1.log $InputFileReadMode 2 $InputFileTag app1-log: $InputFileStateFile state-app1-log $InputFileFacility local6 $InputFileSeverity debug $InputRunFileMonitor #Watch app access log $InputFileName /logs/app1-access.log $InputFileTag app1-access: $InputFileStateFile state-app1-access $InputFileFacility local7 $InputFileSeverity debug $InputRunFileMonitor *.* @syslog:5144 _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
