On Mon, 11 Apr 2016, Ashish Barmase wrote:
Rsyslog version v.5.8.10 (sorry using amazon linux)
I have below setup to monitor the log file /var/log/mongodb/mongod.conf
The message to remote graylog server goes fine, however, the same message is
get written to /var/log/message. Not sure why, when I have a disacard option
set (~).? Please help!!
When you use include files, the results are not always obvious. Using include
files does the same thing as if you had done a cut-n-paste of the contents of
those files into /etc/rsyslog.conf. There have been some versions of rsyslog
that had a bug that included the files in the wrong order.
In this case, what's happening is that it's being written out to
/var/log/messages before the /var/rsyslog.d/22-graylog-mongod.conf stuff gets
invoked. Without seeing all your files and knowing if the ancient 5.8.10 version
is one that had the reverse order bug, it's impossible to know exactly what is
going to happen with a particular log message.
you can run rsyslog in debug mode (rsyslogd -dn) and from the output there you
can trace exactly what happens to a particular meesage, but I hope that the info
above gives you enough hints to be able to understand your config.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
