On Wed, 24 Oct 2018, Peter Viskup via rsyslog wrote:
Interested in monitoring delay of message retrieval in syslog infrastructure.
What I do is that I wrap the original message in JSON on the first relay, and then each additional relay adds a timestamp as to when it processed it.
Then on the central collectors you can compare the timestamps and see how old the message is.
you need to make sure you really have time synced everywhere. In my experience this is far harder than people think, so I tend to limit my checking to the 'trusted' timestamps provided by the relays.
David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
