Thanx Sir, we all group people love you. My issue is solved by using appropriate severity level.
On Tue, May 27, 2014 at 5:29 PM, Rainer Gerhards <[email protected]>wrote: > On Tue, May 27, 2014 at 1:45 PM, Muhammad Asif <[email protected]> > wrote: > > > This issue is not happen by using LOIC or tcpflood but it happen using > > "kiwi syslog sender". Actually kiwi syslog sender is comparatively exact > > that other tools. > > > > # rsyslog configuration file > > # note that most of this config file uses old-style format, > > # because it is well-known AND quite suitable for simple cases > > # like we have with the default config. For more advanced > > # things, RainerScript configuration is suggested. > > > > # For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html > > # If you experience problems, see > > http://www.rsyslog.com/doc/troubleshoot.html > > > > #### MODULES #### > > > > module(load="imuxsock") # provides support for local system logging (e.g. > > via logger command) > > module(load="imklog") # provides kernel logging support (previously > done > > by rklogd) > > #module(load"immark") # provides --MARK-- message capability > > > > # Provides UDP syslog reception > > # for parameters see http://www.rsyslog.com/doc/imudp.html > > module(load="imudp") # needs to be done just once > > input(type="imudp" port="514") > > > > # Provides TCP syslog reception > > # for parameters see http://www.rsyslog.com/doc/imtcp.html > > module(load="imtcp") # needs to be done just once > > input(type="imtcp" port="514") > > > > #### GLOBAL DIRECTIVES #### > > > > # Use default timestamp format > > $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat > > > > # File syncing capability is disabled by default. This feature is usually > > not required, > > # not useful and an extreme performance hit > > #$ActionFileEnableSync on > > > > # Include all config files in /etc/rsyslog.d/ > > $IncludeConfig /etc/rsyslog.d/*.conf > > > > > nothing in here? > > > > > > #### RULES #### > > > > # Log all kernel messages to the console. > > # Logging much else clutters up the screen. > > #kern.* /dev/console > > > > # Log anything (except mail) of level info or higher. > > # Don't log private authentication messages! > > *.info;mail.none;authpriv.none;cron.none /var/log/messages > > > > # The authpriv file has restricted access. > > authpriv.* /var/log/secure > > > > # Log all the mail messages in one place. > > mail.* /var/log/maillog > > > > > > # Log cron stuff > > cron.* /var/log/cron > > > > # Everybody gets emergency messages > > *.emerg :omusrmsg:* > > > > > judging from what you write and assuming I see the full config, I would > guess that the kiwi tool emits emergency messages. If so, either remove > this rule or make Kiwi use a decent severity. > > > > # Save news errors of level crit and higher in a special file. > > uucp,news.crit /var/log/spooler > > > > # Save boot messages also to boot.log > > local7.* /var/log/boot.log > > > > > > # ### begin forwarding rule ### > > # The statement between the begin ... end define a SINGLE forwarding > > # rule. They belong together, do NOT split them. If you create multiple > > # forwarding rules, duplicate the whole block! > > # Remote Logging (we use TCP for reliable delivery) > > # > > # An on-disk queue is created for this action. If the remote host is > > # down, messages are spooled to disk and sent when it is up again. > > #$WorkDirectory /var/lib/rsyslog # where to place spool files > > #$ActionQueueFileName fwdRule1 # unique name prefix for spool files > > #$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as > possible) > > #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown > > #$ActionQueueType LinkedList # run asynchronously > > #$ActionResumeRetryCount -1 # infinite retries if host is down > > # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional > > #*.* @@remote-host:514 > > # ### end of the forwarding rule ### > > *.* @Remote-Server:514 > > > > > As a side-note, if that is your sole config, the main queue is definitely > not tuned for a high message rate. The default setting is far too low. > > Rainer > > > > > On Tue, May 27, 2014 at 4:16 PM, Rainer Gerhards > > <[email protected]>wrote: > > > > > There seems to be something totally wrong with your config. Please post > > the > > > complete rsyslog.conf (and all included files, if any). > > > > > > Rainer > > > > > > > > > On Tue, May 27, 2014 at 12:56 PM, Muhammad Asif <[email protected] > > > >wrote: > > > > > > > Hi! Everyone, > > > > > > > > I am using "kiwi syslog sender" to send logs on rsyslog server. But > > > problem > > > > is rsyslog start showing logs on consol even in ssd terminal. I > cancel > > it > > > > but it again starts. I can,t do anything during this time. Is it > > possible > > > > to avoid it because it also reduce rsyslog performance. I can't write > > > > receiving logs in files. I just listen receive logs on UDP port and > > > forward > > > > to remote server. > > > > > > > > > > > > Regards > > > > M.Asif > > > > _______________________________________________ > > > > rsyslog mailing list > > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > > http://www.rsyslog.com/professional-services/ > > > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > > myriad > > > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > you > > > > DON'T LIKE THAT. > > > > > > > _______________________________________________ > > > rsyslog mailing list > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > http://www.rsyslog.com/professional-services/ > > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > myriad > > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > > > DON'T LIKE THAT. > > > > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > > DON'T LIKE THAT. > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
