Re: [rsyslog] Caping the log entries per second

On Wed, 16 Dec 2015, masoom alam wrote: Hi Every one, What is the decent way of capping the log entries per second that Rsyslog can receive, store them in the queue ...and after a certain limit is crossed it will start discarding the received log entries. Is this possible through queues only?

Re: [rsyslog] Rsyslog using huge amounts of memory

Hi, I created an issue as recommended by Rainer: https://github.com/rsyslog/rsyslog/issues/709 @David, please find the full config here, but probably this can be reproduced with a much simpler config: https://gist.github.com/hakman/44afddaf4eb67cda28c6 Thanks, Ciprian -- Performance Monitoring

Re: [rsyslog] rsyslog 8.15.0 (v8-stable) released

2015-12-17 15:57 GMT+01:00 Michael Biebl : > Hi Rainer > > 2015-12-17 15:30 GMT+01:00 Rainer Gerhards : >> This happens under travis and so is run for each commit. This should >> avoid any such problems in the future. In fact, it worked so well that >>

[rsyslog] Every log written in syslog

Hi Guys, I have a rsyslog server which is receiving logs from different sources and then sending to fluentd. Problem is that our rsyslog sending logs to fluentd and also writing all logs in syslog file which increases to 20GB. I don't want to write coming logs in syslog. How can i achieve my

Re: [rsyslog] rsyslog 8.15.0 (v8-stable) released

Hi Rainer 2015-12-17 15:30 GMT+01:00 Rainer Gerhards : > This happens under travis and so is run for each commit. This should > avoid any such problems in the future. In fact, it worked so well that > it detected one more missing file ;) Do you think you could release a

Re: [rsyslog] Every log written in syslog

We put our "send to remote" action first, then add matching "stop" actions for keeping things that are not local. E.g. if ($fromhost-ip != "127.0.0.1" and $fromhost-ip != "10.16.28.160" and $fromhost-ip != "192.168.10.34" and $fromhost-ip != "172.18.40.134" and $fromhost-ip != "192.168.122.1")

Re: [rsyslog] rsyslog 8.15.0 (v8-stable) released

2015-12-17 7:38 GMT+01:00 Rainer Gerhards : > 2015-12-17 2:04 GMT+01:00 Thomas D. : >> Hi, >> >> Michael Biebl wrote: >>> The test-suite fails here: >>> >>> make[5]: *** No rule to make target 'json_null_array.sh', needed by >>> 'json_null_array.sh.log'.

Re: [rsyslog] rsyslog 8.15.0 (v8-stable) released

FWIW, I agree with Rainer, don't issue a new source tar ball unless we have an emergency. Even then, you need to keep the original around, so that distributions that rely on it, still have access to it. Thanks, -peter On Thu, Dec 17, 2015 at 10:53 AM, Peter Portante

Re: [rsyslog] rsyslog 8.15.0 (v8-stable) released

2015-12-17 16:47 GMT+01:00 Thomas D. : > Hi, > > I agree with Michael. > > While I understand Rainers concerns in general this is different: For > you there are only test files missing. But for distributions there is no > working v8.15 release (tests are really important for us).

Re: [rsyslog] rsyslog 8.15.0 (v8-stable) released

Hi, I agree with Michael. While I understand Rainers concerns in general this is different: For you there are only test files missing. But for distributions there is no working v8.15 release (tests are really important for us). So you don't push a code bugfix, you just push a fixed tarball.

Re: [rsyslog] rsyslog 8.15.0 (v8-stable) released

At least for Fedora, CentOS, and RHEL, we take the original tar ball, apply the patches we need to get things working correctly in that environment, and then the RPMs are built from there. See my COPR repo for 8.14 that adds the namespace changes:

Re: [rsyslog] Every log written in syslog

On Thu, 17 Dec 2015, Muhammad Asif wrote: Hi Guys, I have a rsyslog server which is receiving logs from different sources and then sending to fluentd. Problem is that our rsyslog sending logs to fluentd and also writing all logs in syslog file which increases to 20GB. I don't want to write

Re: [rsyslog] rsyslog 8.15.0 (v8-stable) released

Hi, Rainer wrote: > Can't you apply a patch? I remeber well in that long discussion over a > year ago that you were on of the strong proponents of "it's easy to > patch if something is a small nit"? Of course I can do that and I am already doing that if necessary. > I just want to understand

Re: [rsyslog] Every log written in syslog

Dear David, Please see my rsyslog configs below. Pastbin is not open here so i use email page. # /etc/rsyslog.conf Configuration file for rsyslog. # # For more information see # /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html # # Default logging rules can be found in

Re: [rsyslog] Caping the log entries per second

no, look at: queue.dequeueslowdown number number is timeout in microseconds (100us is 1sec!), default 0 (no delay). Simple rate-limiting! The thread delivering messages from the queue will sleep this amount of time after processing each batch of requests. David Lang On Thu, 17 Dec

Re: [rsyslog] Every log written in syslog

the config you list has only one action, sending to localhost on TCP 5170 there's nothing in this config that writes to anything else, did you forget to include something? the error messages that you show talk about '~', but it doesn't appear anywhere in the config you provided. does the

[rsyslog] rsyslog coredumps when sd_journal_get_data() returns <0

Hello, We have observed several coredumps of rsyslogd (imjournal plugin), receiving signal SIGSEGV. The reason appears to be that that sd_journal_get_data() returns <0 when trying to retrieve the MESSAGE field. As I saw it, the flow was: Starting at imjournal.c:247 : if (sd_journal_get_data(j,

Re: [rsyslog] rsyslog coredumps when sd_journal_get_data() returns <0

8.15 fixes a number of bugs, including at least one where referencing an undefined variable causes problems. I don't know if that fixes this, or if this is separate (I think it may be separate, but I wanted to let you know of the other changes) we've also identified another bug in json-c

Re: [rsyslog] Every log written in syslog

1- There are about 13000 files of 1.1 MB accumulated to 13 GB on disk. When I remove low and high water marks on main and action queue to make it only In-memmory queues, it still create these files. Why is that? what makes the disk queues isn't the watermark settings, but the fact that you

Re: [rsyslog] Caping the log entries per second

Dear David, I am using the following parameters 1000/sec. I could not understand "dequeue delay" . Which one should be used. *queue.fulldelaymark* *queue.lightdelaymark* number action(type="omfwd" target="127.0.0.1" port="5170" protocol="tcp" template="msgonly" queue.filename="forwarding"

Re: [rsyslog] Every log written in syslog

Thanks for you reply sir, [image: Inline image 1] 1- There are about 13000 files of 1.1 MB accumulated to 13 GB on disk. When I remove low and high water marks on main and action queue to make it only In-memmory queues, it still create these files. Why is that? 2- How about if rsyslog receive at