working in a container env, the ask is to have a single rsyslog process
"concentrate" logs from disparate processes and spit them out to STDOUT.
what's the *right way* to do this?
___
rsyslog mailing list
i am working with a backlevel version of rsyslogd, so i don't have any
hint of that in there. oh well...
the remote endpoint is, for all intents and purposes, a black hole; it can
be any number of different SIEM or log transport systems, but the main
limiter is the "default" 8k barrier. my json
gt;there is no generic answer to the question of how do I put 10k of data
>into a 1k
>message without loosing anything :-)
>
>David Lang
>
> On Wed, 25 Oct 2017, Randall Diffenderfer via rsyslog wrote:
>
>> Date: Wed, 25 Oct 2017 18:48:52 +
>> From: Ran
ffender...@proofpoint.com<mailto:rdiffender...@proofpoint.com>>
Subject: Re: [rsyslog] handling oversized messages
It may sound dumb, but: increase n! That's why this setting exists.
Rainer
Sent from phone, thus brief.
Am 25.10.2017 19:48 schrieb "Randall Diffenderfer via rsyslog&
iffender...@proofpoint.com>>
Subject: Re: [rsyslog] handling oversized messages
It may sound dumb, but: increase n! That's why this setting exists.
Rainer
Sent from phone, thus brief.
Am 25.10.2017 19:48 schrieb "Randall Diffenderfer via rsyslog"
<rsyslog@lists.adiscon.com<
given the global setting of "maxmessagesize=N", what is my recourse if i
need to process a message > N in imfile?
in other i/o modules? it appears the message is truncated at ~N, and not
split (which is what i thought i had seen in the past...)
___
6 matches
Mail list logo
