I see nothing in the config that delays processing. Creating a debug log may enlighten us. See here:
https://www.rsyslog.com/doc/master/troubleshooting/debug.html On-page search for "Enabling Debug via rsyslog.conf". When done, we can look at the debug log and see when and from where the message comes from, how it is processed and how the timing inside rsyslog is (the initial number in the lines is seconds). As few messages as possible should be processed during the run. HTH Rainer El mié, 16 dic 2020 a las 9:34, Yuri Bushmelev via rsyslog (<[email protected]>) escribió: > > Hello! > > Actually I saw a lot of similar complaints here and on github. So it seems > it's working this way by default. I have no idea what are defaults in old > rsyslog with legacy-style configuration though.. > > On Wed, 16 Dec 2020 at 16:19, Vitaly Repin <[email protected]> wrote: > > > Hello, > > > > Yes. But 5 minutes delay is hard to explain if journald is not involved. > > > > That's why I suggested to double check that messages are really coming > > from the network to rsyslogd and thereafter written to the disk by > > rsyslogd. > > > > Den ons 16 dec. 2020 kl 09:06 skrev Yuri Bushmelev <[email protected]>: > > > >> Hello! > >> > >> As I understand, the topic starter was talking about messages from the > >> network (I guess received on port 514/udp). There is no journald involved > >> in this case. > >> > >> On Wed, 16 Dec 2020 at 00:45, Vitaly Repin via rsyslog < > >> [email protected]> wrote: > >> > >>> Hello, > >>> > >>> Check which process listens to /dev/log at the destination server. It > >>> might > >>> be journald and not rsyslogd. > >>> > >>> Config file you shared does not have SystemLogSocketName. Probably it is > >>> somewhere in /etc/rsyslog.d/ > >>> This sets the name of the socket rsyslogd is listening to. > >>> > >>> Delay 2-5 minutes can be caused by journald. > >>> > >>> Den tis 15 dec. 2020 kl 16:09 skrev supertwisters via rsyslog < > >>> [email protected]>: > >>> > >>> > I'm using `rsyslog` to collect logs from multiple servers which are all > >>> > being > >>> > sent to a single server. > >>> > I've noticed that logs sometime appears with delay of 2-5 minutes in > >>> > `/var/log/messages` of the destination server. > >>> > > >>> > By using `tcpdump` on both source and destination servers, i saw that > >>> the > >>> > messages are being sent from the source server and being received in > >>> > destination server almost immediately. However, The messages appears > >>> with > >>> > delay in `/var/log/messages` of the destination server, and not at the > >>> same > >>> > moment as they received in the server according to `tcpdump`. > >>> > > >>> > What could be the issue? Please advise. > >>> > > >>> > Attached is my rsyslog.conf file. rsyslog.rsyslog > >>> > < > >>> http://rsyslog-users.1305293.n2.nabble.com/file/t396283/rsyslog.rsyslog> > >> > >> > > > > -- > > WBR & WBW, Vitaly > > > > > -- > Yury Bushmelev > _______________________________________________ > rsyslog mailing list > https://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
