I have RepeatedMsgReduction set to on, and several rulesets forwarding logs in
different directions. Running rsyslog 7.4.5 on Ubuntu 12.04 LTS. A small sample:
ruleset(name=“mikesstream"){
action(type="omfwd"
name=“mikestreamstream"
target=“10.20.30.40"
port="1514"
protocol="tcp"
template=“MikesFormat"
)
stop
}
input(type="imtcp" port=“1514" ruleset=“mikesstream")
And then the regular more or less default save-to-local-file rulesets. The
problem is with repeated messages. If someone sends the same message repeated
several times to port 1514, rsyslog correctly detects that, but it doesn’t
forward that message using my ruleset, the message with "message repeated 2
times:” in it is now saved to local file. My assumption is that if rsyslog
catches multiple messages within a ruleset, it can add the “message repeated X
times:” in the message, but the rest of the ruleset should still apply. Is my
assumption correct?
The simple fix is to turn of RepeatedMsgReduction, but I’m hesitant to do so as
the senders can be quite noisy.
Thoughts?
thanks
mike
--
Michael Hart
Arctic Wolf Networks
M: 226-388-4773
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
