what version of rsyslog are you running? Is there anything in
/etc/rsyslog.d/*.conf?
are these log losses common, very rare?
I'm not seeing anything obvious here, but one thing that could be the case if
you are running an older version is that when you restart rsyslog to rotate a
file (send it a HUP), older versions did a full stop and start, which would
loose logs. Newer versions just close and reopen the output files. For a while
there was a HUPisRestart parameter to control this until the default was
changed.
David Lang
On Wed, 9 Oct 2013, Mayur Patil wrote:
Date: Wed, 9 Oct 2013 11:05:57 +0530
From: Mayur Patil <[email protected]>
To: David Lang <[email protected]>, rsyslog-users <[email protected]>,
Mahesh V <[email protected]>
Subject: Re: [rsyslog-users] Wireshark is capturing but rSyslog not logging
Thanks David sir for quick help and sorry for late reply because my setup
is in college :)
what does a log message that is lost (i.e. something that wireshark sees
but doesn't get written to the logs) look like?
In wireshark it appears as http://fpaste.org/45338/
how's it formatted,
The export format setup by snort application is LOG_AUTH LOG_ALERT
what IP is it from, etc?
it is from rsyslog client machine[on which snort is installed] i.e. *
172.20.54.211*
Seeking for guidance,
Thanks!!
*--
*
*Cheers,
Mayur
*
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
