See rsyslog.conf questions below: On Tue, Feb 16, 2016 at 2:32 PM, helices <[email protected]> wrote:
> > On Tue, Feb 16, 2016 at 2:20 PM, Damiano Verzulli <[email protected]> > wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Il 16/02/2016 20:53, helices ha scritto: >> > [...] The delay problem may be better; but, it remains unacceptable: >> > >60 seconds to logfile write. I can accept 10-15 seconds; but, no >> > longer. >> >> Three considerations: >> >> 1 - it's not easy (...and error-prone) to (try to) guess what happens, in >> your scenario, without giving a look to the "rsyslog.conf" configuration >> files. Please, post them (eventually, with sensitive data/secions >> obfuscated); >> > > [ROOT@hermes ~ ] # grep -v "^\s*\(#\|$\)" /etc/rsyslog.conf > $ModLoad imjournal # provides access to the systemd journal > $ModLoad imklog # reads kernel messages (the same are read from > journald) > $ModLoad immark # provides --MARK-- message capability > $ModLoad imuxsock # provides support for local system logging (e.g. via > logger command) > $ModLoad ommysql.so # load MySQL output driver > $ModLoad imudp # network reception > $UDPServerRun 514 > $WorkDirectory /var/lib/rsyslog > $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat > $IncludeConfig /etc/rsyslog.d/*.conf > $OmitLocalLogging on > $IMJournalStateFile imjournal.state > ftp.* /var/log/vsftpd.log > *.info;mail.none;authpriv.none;cron.none /var/log/messages > authpriv.* /var/log/secure > local6.* /var/log/sftp.log > mail.* -/var/log/maillog > cron.* /var/log/cron > *.emerg :omusrmsg:* > uucp,news.crit /var/log/spooler > local7.* /var/log/boot.log > $AddUnixListenSocket /vol1/chroot/dev/log > if $programname == 'sshd' then /var/log/sftp.log > if $programname == 'sshd' then ~ > if $programname == 'internal-sftp' then /var/log/sftp.log > if $programname == 'internal-sftp' then ~ > $ActionQueueFileName dbQueue # set file name, also enables disk mode > $ActionQueueSaveOnShutdown on # save messages to disk on shutdown > $ActionQueueType LinkedList # use asynchronous processing > $ActionResumeRetryCount -1 # infinite retries on insert failure > *.* @@172.31.128.52 > *.* @@192.168.151.99 > ftp.* :ommysql:172.31.128.125,vsftplog,hermesvsftplog,___PASSWORD___ > > [ROOT@hermes ~ ] # ls -l /etc/rsyslog.d/*.conf > -rw-r--r-- 1 root root 49 Sep 15 08:21 /etc/rsyslog.d/listen.conf > > [ROOT@hermes ~ ] # cat /etc/rsyslog.d/*.conf > $SystemLogSocketName /run/systemd/journal/syslog > As noted previously, we are now running: rsyslog-8.16.0-3.el7.x86_64 However, I did NOT change rsyslog.conf after upgrade. The default rsyslog.conf for rsyslog-8.16.0-3.el7.x86_64 is this: # grep -v "^\s*\(#\|$\)" /etc/rsyslog.conf.rpmnew module(load="imuxsock") # provides support for local system logging (e.g. via logger command) module(load="imklog") # provides kernel logging support (previously done by rklogd) $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $IncludeConfig /etc/rsyslog.d/*.conf *.info;mail.none;authpriv.none;cron.none /var/log/messages authpriv.* /var/log/secure mail.* /var/log/maillog cron.* /var/log/cron *.emerg :omusrmsg:* uucp,news.crit /var/log/spooler local7.* /var/log/boot.log NOTE: This does not use: imjournal Based on this new rsyslog.conf, how do you suggest that I configure my running conf file? Please, advise. Thank you. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
