On 3/19/2018 11:49 AM, Carsten Lange via rsyslog wrote:
Dear all,
currently I am facing an issue with empty LOG entries.
I have setup a rsyslog server with TLS receiving events via the internet from a
cloud provider.
The rsyslog server is behind a load balancer which is doing some NAT.
I do get the event from the remote system in my log file. But for every real event I get
an "empty" event containing only the current timestamp and the internal IP of
the load balancer.
Has anyone seen such behaviour? Any idea or advice what to do?
Kind regards
Carsten :)
There may be a better way, but I'd suggest enabling debug logging in
your configuration.
action(
name="rsyslog-debug-local"
template="RSYSLOG_DebugFormat"
type="omfile"
file="/var/log/rsyslog-debug-local.log"
)
Put that early in your configuration or if you're using rulesets, place
that specifically in the ruleset tied to the input that is receiving
messages from the load-balancer.
The content in the file should help confirm what you're actually receiving.
Last but not least, run the most current stable version of rsyslog that
you have access to. There are stable packages for CentOS, RHEL, Ubuntu,
Alpine and experimental support for Debian provided by the rsyslog team.
Debian provides newer versions of rsyslog via the backports repo
(assuming I have the name right).
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
