Thank you David, where exactly do I need to start rsyslog with -x? from the
init.d/rsyslog or the sysconfig/rsyslog ?
start() {
[ -x $exec ] || exit 5
umask 077
echo -n $"Starting system logger: "
# daemon --pidfile="$PIDFILE" $exec -x -i "$PIDFILE" $SYSLOGD_OPTIONS
daemon --pidfile="$PIDFILE" $exec -i "$PIDFILE" $SYSLOGD_OPTIONS
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch $lockfile
return $RETVAL
}
When I do it from init.d/rsyslog and I de-comment the daemon line and run -x
from there , no logs are written?
----- Original Message -----
From: David Lang
Sent: 08/30/13 03:47 PM
To: rsyslog-users
Subject: Re: [rsyslog] (no subject)
If things are working most of the time, but occasionally you are seeing lots of
dropped messages, I would be looking at DNS issues. One of the big reasons to
disable DNS lookups on UDP rsyslog servers is that DNS can take an unknown
amount of time to resolve (up to several seconds), and during that time,
additional new messages cannot be processed, if you don't have insanely large
buffers setup in the OS, this will cause you to loose messages. Try starting
rsyslog with -x (to disable DNS lookups) and see if you still have the problem
what version are you running? you should upgrade to 7.x and see if the problem
reamins (lots of improvements, including a DNS cache compared to 5.x and
earlier) David Lang On Fri, 30 Aug 2013, Robert Ortiz wrote: > Hey guys, > > So
currently I'm running a load of 50K mps and mostly retaining logs there are
random seconds where I drop 20K+ messages, I wanted to run rsyslog in debug
mode, and I wanted to run this: > > > "RSYSLOG_DEBUGLOG" (sample:
RSYSLOG_DEBUGLOG="/path/to/debuglog/") > > with this " LogFuncFlow" > > But I
am not sure where to do this from? Do I need to put this on the .conf file or
is this something that needs to be created? > > Sorry I don't understand the
instructions on the debugging site > > Thanks > > Currently this is my .conf
file: > > #### MODULES #### > > #module(load="imuxsock") # needs to be done
just once Robert 8-9-13 > #SysSock.FlowControl=(:"on") # enable flow control
(use if needed) Robert 8-9-13 > $ModLoad imuxsock # provides support for local
system logging (e.g. via logger command) > > #module(load="imklog") > $ModLoad
imklog # provides kernel logging support (previously done by rklogd) > $ModLoad
immark # provides --MARK-- message capability > > # Provides UDP syslog
reception > #module(load="imudp") # needs to be done just once Robert 8-9-13 >
#input(type="imudp" port="514") # Robert 8-9-13 > $ModLoad imudp >
$UDPServerRun 514 > #$UDPServerTimeRequery 1000000 > > > #### GLOBAL D
IRECTIVES #### > > # Use default timestamp format > $ActionFileDefaultTemplate
RSYSLOG_TraditionalFileFormat > > # File syncing capability is disabled by
default. This feature is usually not required, > # not useful and an extreme
performance hit > #$ActionFileEnableSync on > > # Include all config files in
/etc/rsyslog.d/ > $IncludeConfig /etc/rsyslog.d/*.conf > > # Set Buffer Size -
default is 4k > #$OMFileIOBufferSize 128k # - Gil 06/06/13 >
#$OMFileAsyncWriting on > #$OMFileFlushOnTXEnd off > #$OMFileFlushInterval 30 >
#$OMFileZipLevel 9 > $OMFileIOBufferSize 256k > > #Turn on Main Ruleset Robert
8-20-13 > #$RulesetCreateMainQueue on > > > # Set Main Message Queue Size -
default is 10000 > > $MainMsgQueueSize 200000 # Robert 8-9-13 > > #### RULES
#### > > # Log all kernel messages to the console. > # Logging much else
clutters up the screen. > #kern.* > # /dev/console > > #Specific ruleset for
remote messages > #$Ruleset <name> > > #*.* /var/log/test/f_all #Robert 8-21-1
3 > #Module (load="builtin:omfile") > #*.* action(type="omfile" > #
DirCreateMode="0700" > # FileCreateMode="0644" > #
File="/var/log/test/alllogs") > > > #switch back to default ruleset > #$Ruleset
RSYSLOG DefaultRuleset > > # Begin action Robert 8-20-13 > #
$ActionOmrulesetRulesetName somename > > :hostname, contains, "pdc"
/var/log/test/f_ad > :hostname, contains, "fdfw" /var/log/test/f_fw >
:hostname, contains, "mail" /var/log/test/f_mail > :hostname, contains,
"networks" /var/log/test/f_networks > :hostname, contains, "shib"
/var/log/test/f_shib > :hostname, contains, "rout" /var/log/test/f_router >
:hostname, contains, "vm" /var/log/test/f_vm > :hostname, contains, "pix"
/var/log/test/f_pix > > > #if $hostname contains 'pdc' then /var/log/test/f_ad
> #& ~ > #if $hostname contains 'fdfw' then /var/log/test/f_fw > #& ~ > #if
$hostname contains 'networks' then /var/log/test/f_networks > #& ~#if $hostname
contains 'shib' then /var/log/test/f_shib > #& ~ > #if $hostname con
tains 'mail' then /var/log/test/f_mail > #& ~ > #if $hostname contains 'vm'
then /var/log/test/f_vm > #& ~ > #if $hostname contains 'pix' then
/var/log/test/f_pix > #& ~ > #if $hostname contains 'rout' then
/var/log/test/f_router > #& ~ > > #if $hostname startswith 'sws' then
/var/log/test/f_networks > #& ~ > #if $fromhost-ip == '10.0.0.10' then
/var/log/test/test_fromhost > #& ~ > #if $hostname == 'swserv1.networks' then
/var/log/test/test_swserv1 > #&~ > #if $hostname startswith 'virtserv' then
/var/log/test/test_virtserv > #&~ > #if $hostname contains 'virtserv' then
/var/log/test/test_virtserv1 > #& ~ > #if $fromhost-ip startswith '10.0.6' then
/var/log/test/test_10.0.6 > #& ~ > #if $fromhost-ip startswith '10.0.7.' then
/var/log/test/test_10.0.7_virtserv > #& ~ > > # Log anything (except mail) of
level info or higher. > # Don't log private authentication messages! >
#*.info;mail.none;authpriv.none;cron.none /var/log/messages > *.debug
/var/log/messages > > # The authpri
v file has restricted access. > authpriv.* /var/log/secure > > # Log all the
mail messages in one place. > mail.* -/var/log/maillog > > > # Log cron stuff >
cron.* /var/log/cron > > # Everybody gets emergency messages > *.emerg * > > #
Save news errors of level crit and higher in a special file. > uucp,news.crit
/var/log/spooler > > # Save boot messages also to boot.log > local7.*
/var/log/boot.log > > > # ### begin forwarding rule ### > # The statement
between the begin ... end define a SINGLE forwarding > # rule. They belong
together, do NOT split them. If you create multiple > # forwarding rules,
duplicate the whole block! > # Remote Logging (we use TCP for reliable
delivery) > # > # An on-disk queue is created for this action. If the remote
host is > # down, messages are spooled to disk and sent when it is up again. >
#$WorkDirectory /var/lib/rsyslog # where to place spool files >
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files >
#$ActionQueueMaxDiskS
pace 1g # 1gb space limit (use as much as possible) >
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown >
#$ActionQueueType LinkedList # run asynchronously > #$ActionResumeRetryCount -1
# infinite retries if host is down > # remote host is: name/ip:port, e.g.
192.168.0.1:514, port optional > #*.* @@remote-host:514 > # ### end of the
forwarding rule ### > > > > > Robert. >
_______________________________________________ > rsyslog mailing list >
http://lists.adiscon.net/mailman/listinfo/rsyslog >
http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow
https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts
are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO
NOT POST if you DON'T LIKE THAT. >
_______________________________________________ rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow ht
tps://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts
are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO
NOT POST if you DON'T LIKE THAT.
Robert.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
