Hi Geeks, We are using tcp protocol for sending logs from rsyslog to fluentd on same system. We also test tcp to send logs to other system on tcp. But problem is that rsyslog dont' send log complete.
On Sending server *.* action(type="omfwd" target="192.168.6.193" port="514" protocol="tcp" queue.filename="forwarding" queue.size="1000000 queue.maxdiskspace="5g" queue.highwatermark="900000" queue.lowwatermark= "200000" queue.type="LinkedList" ) On receiving server if ($fromhost-ip == '192.168.6.192') then /var/log/dccc.log & ~ But incomplete message is received. Sent Message Sep 10 11:26:41 192.168.6.197 AgentDevice=WindowsLog#011AgentLogFile=Security#011PluginVersion=7.2.2.959003#011Source=Microsoft-Windows-Security-Auditing#011Computer=WIN-C9JDK1MDI5G#011OriginatingComputer=#011User=#011Domain=#011EventID=5156#011EventIDCode=5156#011EventType=8#011EventCategory=12810#011RecordNumber=622562#011TimeGenerated=1441866149#011TimeWritten=1441866149#011Level=0#011Keywords=0#011Task=0#011Opcode=0#011Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 912 Application Name: \device\harddiskvolume2\windows\system32\svchost.exe Network Information: Direction: Inbound Source Address: 224.0.0.252 Source Port: 5355 Destination Address: 192.168.6.109 Destination Port: 50215 Protocol: 17 Filter Information: Filter Run-Time ID: 66094 Layer Name: Receive/Accept Layer Run-Time ID: 44 Received Message Sep 10 11:26:41 192.168.6.197 AgentDevice=WindowsLog#011AgentL Windows Filtering Platform has permitted a connection. Application Information: Process ID: 912 Application Name: \device\harddiskvolume2\windows\system32\svchost.exe Network Information: Direction: Inbound Source Address: 224.0.0.252 Source Port: 5355 Destination Address: 192.168.6.109 Destination Port: 50215 Protocol: 17 Filter Information: Filter Run-Time ID: 66094 Layer Name: Receive/Accept Layer Run-Time ID: 44 Thanks _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
