On Fri, 25 Sep 2015, Angel L. Mateo wrote:
Hello,
I'm having a problem with my systems when the remote central rsyslog
server is down for some reason.
In all my servers I have this configuration to send logs to two
remote
central syslog servers:
amateo_adm@xenon21:~$ sudo cat /etc/rsyslog.d/71_remote.conf
$ModLoad imuxsock
$ModLoad omrelp
$WorkDirectory /var/spool/rsyslog
$ActionQueueType LinkedList
$ActionQueueFileName syslog1_fwd
$ActionResumeRetryCount -1
$ActionQueueSaveOnShutdown on
*.* :omrelp:syslogserver1.mydomain.com:20514
$WorkDirectory /var/spool/rsyslog
$ActionQueueType LinkedList
$ActionQueueFileName syslog2_fwd
$ActionResumeRetryCount -1
$ActionQueueSaveOnShutdown on
*.* :omrelp:syslogserver2.mydomain.com:20514
Today, one of my syslog servers died for a while and my email servers
(which reports a lot of syslog messages) hanged. I could log into them,
but no log where logged to their local log files. I had to reboot them.
I have had to reboot them after the syslog server was up again.
Any idea?
You have told your system that you want to guarantee delivery of your logs to
the central server, if you can't deliver the logs, they will back up until the
queue is full, and then (per the syslog standard), refuse to accept any more log
messages because they can't deliver the ones they have.
Therefor, anything that tries to log will pause until the log server comes back
up, and rsyslog on your other servers detects it and delivers some of the log
messages.
Other than the fact that it may be that your disk queue may not be working
(which just affects how long it can go with the central server down before you
run into trouble), it's doing exactly what you told it to do.
First you need to check that the disk queue is working. does it create any files
in the workdirectory? you haven't said what version of rsyslog you are using,
which makes it hard to be more specific.
you should try starting rsyslog manually on a system with -dn (debug mode) to
get the huge number of startup messages. Look in them for anything about your
queue files (syslog[12]_fwd) or any errors (especially anything about disk
queues)
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
