Re: [rsyslog] System hangs when remote rsyslog is down

Wed, 30 Sep 2015 23:35:21 -0700 

El 25/09/15 a las 20:03, David Lang escribió:


You have told your system that you want to guarantee delivery of your
logs to the central server, if you can't deliver the logs, they will
back up until the queue is full, and then (per the syslog standard),
refuse to accept any more log messages because they can't deliver the
ones they have.

Therefor, anything that tries to log will pause until the log server
comes back up, and rsyslog on your other servers detects it and delivers
some of the log messages.


	When the queue is full, shouldn't it discard new messages instead of 
block all processes trying to log? Is there any way to configure it this 
way?



Other than the fact that it may be that your disk queue may not be
working (which just affects how long it can go with the central server
down before you run into trouble), it's doing exactly what you told it
to do.


	I want to preserve logs in case of a failure in my central log servers, 
but if this failure last longer, then I prefer discarding messages than 
hanging my servers.



First you need to check that the disk queue is working. does it create
any files in the workdirectory? you haven't said what version of rsyslog
you are using, which makes it hard to be more specific.


	Sorry. I'm using versions 5.8.6 (the one distributed in ubuntu 12.04) 
and 7.4.4 (ubuntu 14.04). In the client server I had the problem, it is 
5.8.6.



In the work directory files are created. In fact, there are still the 
files created when my system hanged last week:


-rw------- 1 syslog syslog 947K sep 25 11:19 syslog1_fwd.00000002
-rw------- 1 syslog syslog 507 sep 25 11:16 syslog1_fwd.qi
-rw------- 1 syslog syslog 944K sep 25 11:19 syslog2_fwd.00000002
-rw------- 1 syslog syslog 507 sep 25 11:17 syslog2_fwd.qi


you should try starting rsyslog manually on a system with -dn (debug
mode) to get the huge number of startup messages. Look in them for
anything about your queue files (syslog[12]_fwd) or any errors
(especially anything about disk queues)



--
Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información
y las Comunicaciones Aplicadas (ATICA)
http://www.um.es/atica
Tfo: 868887590
Fax: 868888337
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.






















					Reply via email to