Hello, Check which process listens to /dev/log at the destination server. It might be journald and not rsyslogd.
Config file you shared does not have SystemLogSocketName. Probably it is somewhere in /etc/rsyslog.d/ This sets the name of the socket rsyslogd is listening to. Delay 2-5 minutes can be caused by journald. Den tis 15 dec. 2020 kl 16:09 skrev supertwisters via rsyslog < [email protected]>: > I'm using `rsyslog` to collect logs from multiple servers which are all > being > sent to a single server. > I've noticed that logs sometime appears with delay of 2-5 minutes in > `/var/log/messages` of the destination server. > > By using `tcpdump` on both source and destination servers, i saw that the > messages are being sent from the source server and being received in > destination server almost immediately. However, The messages appears with > delay in `/var/log/messages` of the destination server, and not at the same > moment as they received in the server according to `tcpdump`. > > What could be the issue? Please advise. > > Attached is my rsyslog.conf file. rsyslog.rsyslog > <http://rsyslog-users.1305293.n2.nabble.com/file/t396283/rsyslog.rsyslog> _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
