Hi, I had similar issue, but i had miss-configured sending to elastic. On Mon, 19 Mar 2018 at 18:55 deoren < [email protected]> wrote:
> On 3/19/2018 11:49 AM, Carsten Lange via rsyslog wrote: > > Dear all, > > > > currently I am facing an issue with empty LOG entries. > > I have setup a rsyslog server with TLS receiving events via the internet > from a cloud provider. > > The rsyslog server is behind a load balancer which is doing some NAT. > > I do get the event from the remote system in my log file. But for every > real event I get an "empty" event containing only the current timestamp and > the internal IP of the load balancer. > > > > Has anyone seen such behaviour? Any idea or advice what to do? > > > > Kind regards > > > > Carsten :) > > There may be a better way, but I'd suggest enabling debug logging in > your configuration. > > action( > name="rsyslog-debug-local" > template="RSYSLOG_DebugFormat" > type="omfile" > file="/var/log/rsyslog-debug-local.log" > ) > > Put that early in your configuration or if you're using rulesets, place > that specifically in the ruleset tied to the input that is receiving > messages from the load-balancer. > > The content in the file should help confirm what you're actually receiving. > > Last but not least, run the most current stable version of rsyslog that > you have access to. There are stable packages for CentOS, RHEL, Ubuntu, > Alpine and experimental support for Debian provided by the rsyslog team. > Debian provides newer versions of rsyslog via the backports repo > (assuming I have the name right). > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > -- Ruslanas Gžibovskis +370 6030 7030 RHCE: 130-192-255 _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
