[rsyslog] imptcp not processing rulesets

Wed, 06 Apr 2016 13:04:50 -0700 

I am trying to setup a generic syslog forwarder that accepts messages on
tcp & udp.  Using imptcp, I see messages come in, but no rulesets are
processed.  My ruleset, right now, is set to take tcp messages and just
output them to file (for troubleshooting).  UDP works fine.

Here is what I see in debug mode:
2594.333580185:7fd29ab2b700: imptcp: epoll returned 1 events
2594.333594886:7fd29ab2b700: imptcp: new connection on listen socket 9
2594.334657804:7fd29ab2b700: imptcp: added socket 15 to epoll[8] set
2594.334670004:7fd29ab2b700: imptcp going on epoll_wait
2594.334673904:7fd29ab2b700: imptcp: epoll returned 1 events
2594.334686204:7fd29ab2b700: imptcp: new activity on session socket 15
2594.334692604:7fd29ab2b700: imptcp: data(131072) on socket 15: <5>Apr 6
15:56:34 user.name: hello world 2594.334701804:7fd29ab2b700: imptcp:
removing socket 15 from epoll[8] set 2594.335235814:7fd29ab2b700: imptcp:
session on socket 15 closed with iRet 0. 2594.335240814:7fd29ab2b700:
imptcp going on epoll_wait

Here is my config:
module(load="imptcp")

input(
 type="imptcp"
 port="514"
 ruleset="remote"
)

ruleset(
 name="remote" queue.workerthreads="4"
 queue.filename="srvrfwd"
 queue.type="LinkedList"
 queue.syncqueuefiles="on"
 queue.maxdiskspace="10g"
 queue.saveonshutdown="on"
 queue.size="10000000"
) {
  action(
    type="omfile"
    file="/var/log/debug"
  )
}

I've also tried the sample config from the website:
input(type="imptcp" port="10514" ruleset="writeRemoteData")
ruleset(name="writeRemoteData" queue.type="fixedArray" queue.size="250000"
queue.dequeueBatchSize="4096" queue.workerThreads="4"
queue.workerThreadMinimumMessages="60000" ) { action(type="omfile"
file="/var/log/remote.log" ioBufferSize="64k" flushOnTXEnd="off"
asyncWriting="on") }

Same issue.

Any thoughts?

Thank you,
Dave
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Reply via email to