On 9 September 2015 at 14:50, Joe Blow <[email protected]> wrote:
> Is the sending system truncating things? Some versions of logger don't
> support sending very large messages.
>
> I've used this before to send massive messages to rsyslog:
>
> #!/usr/bin/python
>
> import syslog, fileinput
>
> def mainloop():
>
> for myline in fileinput.input():
>
> syslog.syslog("Authgateway|"+str(myline))
>
> if __name__=='__main__':
>
> mainloop()
>
>
> You could call that logger or logger.py and pipe your syslog data to that.
> Hope that helps.
>
> Cheers,
>
> JB
>
> On Wed, Sep 9, 2015 at 7:00 AM, Robert Gabriel <[email protected]>
> wrote:
>
> > Hi,
> >
> > We are receiving on TCP 514, FireEye syslog in XML concise format.
> >
> > Events appear to be truncated at different lengths.
> >
> > We have tried by increasing max message size but no joy.
> >
> > Please can we have some help?
> >
> > Thank you.
> >
> > $MaxMessageSize 512k
> > $MainMsgQueueSize 100000 # 100000 may be a value to handle burst traffic
> >
> > $RuleSet FIREEYE
> > $template FireEye,"%rawmsg%\n"
> > $InputTCPServerBindRuleset FIREEYE
> > $InputTCPServerRun 514
> > *.* /media/data/rsyslog/fireeye;FireEye
> > & ~
> > $RuleSet RSYSLOG_DefaultRuleset
> >
> > And the TCP trace from Wireshark showing entire XML event:
> >
> > http://pastebin.com/2L3UGWtB
>
Hi,
The sending host is good, we did a .pcap and TCP trace in Wireshark and the
entire events are there.
The sending host is a FireEye appliance that is locked down so no go on
Python and friends.
Thank you.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
