> > > On Fri, 28 Feb 2014, Tanky Woo wrote: > >> A few days before, Some machines I just deployed all have problems, the >> rsyslog is running, but can?t log to file. >> >> I change a little in configuration, the main config is: >> >> *.* @syslog.xxx.com:514 >> >> And others (include Main Queue) use default configuration. >> >> Because syslog.xxx.com is our intra domain, and resolve by our name server , >> the vpn is not running, so can?t resolve this domain, and just block the >> queue. >> >> Then I started openvpn, and it just wait, can?t write to log caused it also >> blocked. >> >> I add syslog.xxx.com to /etc/hosts. and restart openvpn, the openvpn and >> rsyslog is ok. >> >> Now I want to imitate the situation that day, but I can?t. >> >> Does anyone now how to imitate the queue blocked in rsyslog, my version is >> 5.8.6? > > add an iptables rule that blocks outbound port 514 to the destination > syslog.xxx.com. that should cause things to back up. > > David Lang > > ———————————————
But rsyslog can’t resolve the syslog.xxx.com, I think after resolved, it will try to send log by 514 port. and I just add iptables rule: [0:0] -A OUTPUT -p udp -d x.x.x.x --dport 514 -j DROP and x.x.x.x is syslog.xxx.com’s ip. but the queue is still work right now. I use impstats module to watch the queue, but I don’t know how to judge the queue is blocked. just can’t write log into file? Is there any other way? _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
