On Mon, 7 Oct 2013, Pol Hallen wrote:
Howdy :-)
I've configured correctly a log server (over internet)
on a client I've:
$DefaultNetstreamDriverCAFile /etc/ssl/rsyslog/ca.pem
$DefaultNetstreamDriver gtls # use gtls netstream driver
$ActionSendStreamDriverMode 1 # require TLS for the connection
$ActionSendStreamDriverAuthMode anon # server is NOT authenticated
*.* @@(o)ip:port
Now the problem: this server from this morning has many problems: if I try
to restart some services (dhcp, mysql, etc.) they're fails... :-O
So I discovered that main log server has gone down.
Why if the main log server goes down the client server has this problems?
because you have configured the client to use reliable delivery, so if the
server goes down the client will queue up the messages that are destined to go
to the server. When the queue fills up, rsyslog on the client can no longer
accept new messages and so processes on the client that try to log will block
waiting for rsyslog to accept the message
no matter how large a queue you put on the client (including configuring the
client to use disk space for the queue), you run the risk of the queue filling
up. To address this, you would need to configure rsyslog on the client to start
throwing away logs when it's queue gets too full, look at thie high watermark
configuration options for how to do that.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
