it
with #015 (following the standard rsyslog escape logic). This should be a pretty
trivial modification to the source to do this. I'll look at throwing together a
patch soon if someone else doesn't do it first.
David Lang
___
rsyslog mailing list
http
it can loose messages, a properly configured system can handle
messages at wire speed without loosing anything (unless a system is down, and
you can implement high availability on youre recieving servers to deal with
that).
David Lang
On Wed, 7 Nov 2012, Timur I. Bakeyev wrote:
Hi, Rainer
and not block unless the
disk is full?
David Lang
And configuration:
$MaxMessageSize 8k
$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support
# Store PID of the process in the log
$SystemLogUsePIDFromSystem on
# Rate limit for imuxsock
On Wed, 7 Nov 2012, David Lang wrote:
On Wed, 7 Nov 2012, Johan Gunnarsson wrote:
I'm having trouble making multiline messages survive when forwardning them
to a remote rsyslog host (both client and server running rsyslog 5.8.10).
I am using imfile and $InputFileReadMode 2 (for understandig
On Thu, 8 Nov 2012, Rainer Gerhards wrote:
-Original Message-
From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog-
boun...@lists.adiscon.com] On Behalf Of David Lang
On Wed, 7 Nov 2012, David Lang wrote:
On Wed, 7 Nov 2012, Johan Gunnarsson wrote:
I'm having trouble making
limitation is still set and just
not present in the pasted config).
this seems to be a partial config (based on the comment about local files)
another possible issue:
what happens when you hit the rate limit? does it drop messages or block them?
David Lang
Rainer
David Lang
more in the
queue today (at least I got some free time fort hat, so... ;))
Given how many things break when you handle line based logs with embedded
linefeeds in them, I doubt that putting this in without a config option will
break anything
David Lang
.
David Lang
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED
/ as the first hit.
this looks like it should answer your questions.
note that these require rsyslog 5.7.1 or newer
David Lang
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's
for example?
David Lang
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts
wire speed) and others have tested rsyslog up to 1M
messages/sec, so it's unlikely to be something fundamental to rsyslog, but it
could easily be some resource contraint you are running into.
can you post your full configuration?
what message rate are you seeing?
David Lang
are these two different configs (the sender and the receiver)?
a simple way to see the message rate is to do a
cut -f 1 -d ' ' logfiles |sort |uniq -c
to look at the timestamps and see how many timestamps you have in a second.
David Lang
On Fri, 9 Nov 2012, Luke Marrott wrote:
Date: Fri, 9
, which I am not seeing.
a couple thousand log messages/sec should not cause any problems.
David Lang
On Fri, 9 Nov 2012, Luke Marrott wrote:
Date: Fri, 9 Nov 2012 15:14:32 -0700
From: Luke Marrott luke.marr...@gmail.com
Reply-To: rsyslog-users rsyslog@lists.adiscon.com
To: rsyslog-users rsyslog
this you should be able to setup whatever graphing
you want.
you can even hve the first rule incrament multiple counters so that you can then
have calendar rules to report 5 minute, hourly, and daily numbers.
David Lang
On Sat, 10 Nov 2012, GNUbie wrote:
Hello all,
Can you recommend a good
This is not Ubuntu specific. There are very few distros that make newer versions
of packages available for older releases.
this is why RedHat 5.x is still shippping rsyslog 3.x (although 5.9 will include
a 5.x as an option)
David Lang
On Sun, 11 Nov 2012, David MZ wrote:
Is there a reason
all logs not from the local system to /syslog,
then discard all the messages you have logged there and log the rest to /var/log
remember that you log to every destination that matches the conditions, not just
the first.
David Lang
___
rsyslog mailing
a LOT better for you with the -c5
David Lang
:Luke Marrott
On Fri, Nov 9, 2012 at 5:02 PM, David Lang da...@lang.hm wrote:
I'm not sure exactly what will happen, but I suspect that all the logs
will end up in all the possible destinations. I don't think rsyslog really
will process all
also affect how things
work (at least we have seen that from time to time in the past - firewall
issues and such...).
test things like rebooting the firewalls while known logs are flowing so you can
see how much you loose, and how it recovers.
David Lang
odds are good that just downloading them and doing
dpkg -l list of .deb files
will work.
There is a chance that something is incompatible, but it's not very likely.
Rsyslog doesn't need very much from the underlying system.
David Lang
On Wed, 21 Nov 2012, Rainer Gerhards wrote:
Hi all
the old config file or upgrade to the new version? or does this only happen if
the old config file has been modified?
David Lang
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's
that allowed block filters, you would do
if condition then{
action
~
}
note that there is no needed
This is functionally equivalent to doing
if condition then action
~
David Lang
Rainer
errors, complaining about the conditional. It does send logs to the
remote
server, presumably
On Wed, 21 Nov 2012, Michael Biebl wrote:
Hi David,
2012/11/21 David Lang da...@lang.hm
These are all issues with the default config file.
If you use an appropriate config file is there any reason to believe that
the packages will have any problems?
In any case, if you install a new
to setup a parser for each message code.
The good news is that the messages are well behaved at that point, so once you
identify the %ASA number, you know exactly what the rest of the message means.
David Lang
___
rsyslog mailing list
http
what version are you running?
I seem to remember bumping into this several years ago when I was using an old
version of rsyslog with a new kernel (or vice-versa) and the mechanism for
getting logs from the kernel changed.
David Lang
On Sat, 24 Nov 2012, David MZ wrote:
/var/log/syslog
related
David Lang
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts
which fields are you wanting extracted? lots of them could be considered
'security fields'
David LAng
On Thu, 29 Nov 2012, jdguingao wrote:
Date: Thu, 29 Nov 2012 10:52:53 -0800 (PST)
From: jdguingao guingao.j...@gmail.com
Reply-To: rsyslog-users rsyslog@lists.adiscon.com
To: rsyslog
Type.
the bold letters are not getting through to me (either in my text mail reader or
my webmail reader)
Ok, looking at the post you are referring to, it is splitting the fields on tabs
%msg:F:3% in a template says to put the third field from the message into this
spot.
David Lang
.
David Lang
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED
29, 2012 at 11:12 AM, David Lang da...@lang.hm wrote:
any errors :-)
go ahead and past pieces inline.
David Lang
On Thu, 29 Nov 2012, Luke Marrott wrote:
Which parts of the debug would be the most beneficial? Should I attach it
or paste pieces inline?
:Luke Marrott
On Mon, Nov 19, 2012
format tricks like the example
you listed does.
David Lang
On Thu, 29 Nov 2012, jdguingao wrote:
Thanks for the help David and Dan. What I am thinking now is to use the
pmsnare module to test if I can extract that field but my installation of
rsyslog does not have it. I use the RPM that the rsyslog
it
to handle the non-escaped characters, but you would then need to compile your
own copy (until the next release)
David Lang
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services
like there is something else that's starting rsyslog, other than the
scripts you are showing below.
David Lang
Killing rsyslogd and starting it again will start to log our project entries
into the syslog!
Does someone out there encountered the same problems? Do someone have an idea
why
the research
time :-)
David Lang
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list
step of
uploading each new version to launchpad.
David Lang
On Fri, Nov 30, 2012 at 9:59 AM, David Lang da...@lang.hm wrote:
On Fri, 30 Nov 2012, Andre Lorbach wrote:
Hi all,
a few month ago we made our own RPM repository available for testing, and
it has been a great help for users
is a few less steps (and has marketing type
advantages)
David Lang
One thing I am not clear on about this new repository is it for the
-devel branch or -stable.
On the page it says it is for -stable.
Please note that the Ubuntu Repository is open for testing at the
moment, and contains only
in the
rsyslog documentation for the dynafile templates.
another approach you can do is have apache log to a local named pipe and have a
process listen on that named pipe and tagging/reformatting the log file and pass
it to your syslog server.
David Lang
Any comments/suggestions?
I am sure others
gig-E wire speed), and others have used rsyslog in
environments where they have tested it to 1M lines of logs per second.
However, reliable is a relative term. reliability and performance tend to be
opposed and you have to make tradeoffs between the two.
David Lang
On Mon, 10 Dec 2012, Keller, Eric wrote:
-Ursprüngliche Nachricht-
Von: rsyslog-boun...@lists.adiscon.com
[mailto:rsyslog-boun...@lists.adiscon.com] Im Auftrag von David Lang
Gesendet: Freitag, 30. November 2012 18:56
An: rsyslog-users
Betreff: Re: [rsyslog] [empty syslog] after
not to have anything like this, and I have log servers processing
10's of thousands of logs/sec that stop basically instantly.
David Lang
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services
What did you try to do? I suspect that you need a bunch more items for each of
the additional entries.
David Lang
On Mon, 10 Dec 2012, Abdulnasir Shash wrote:
When I did that I can only read the first input file and the rest of the input
files have been ignored
?
David Lang
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED
with this vendor.
My gut reaction is that not requiring the : isn't likely to misparse many logs
that are otherwise parsed.
David Lang
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional
On Mon, 17 Dec 2012, John Miller wrote:
On 12/17/2012 05:02 PM, David Lang wrote:
My guess is that something is interrupting the TCP connection and logs
then stop (possibly a firewall or NAT timeout), logs are then buffered
until something gets restarted and they start flowing again.
Right
with the fromhost-IP of the box that
sent the message.
If you still need to run omudpspoof, you have my sympathies.
David Lang
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up
to
these files. disk spools are very slow (especially in pre 7.2 versions, they got
a significant improvement at that time)
by setting it to save to disk on shutdown, rsyslog can be slow to shutdown.
David Lang
David Lang
___
rsyslog mailing list
wrong ?
that insert will fail, but since you have retrycount set to -1 it will try again
rather than discarding the message (and do so forever)
I could be mistaken on this, Rainer can confirm this.
David Lang
___
rsyslog mailing list
http
when the queue starts filling up.
David Lang
I'm using rsyslog 5.8.6 on Ubuntu 12.04.
Thank you for your help.
Regards,
Thomas Miedema
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional
with something encoded in
the string saying where to break it, you would be better off with a JSON snippet
along the lines of
command:string {param1:string, param2:string}
David Lang
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo
as an IP address? etc.
David Lang
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing
troubleshooting 101
can you ping the destination?
what happens if you try and telnet to that destination on port 514?
does rsyslog log any errors (locally)?
does rsyslog say anything if you start it in debug mode?
what does a tcpdump show is happening on the network?
David Lang
...
Yes, it will. later versions allow gathering significantly more (and more
reilaible) information, as well as dealing with structured logs so that you can
add metadata (like what app, business unit, etc) without it getting mixed up
with the log data.
David Lang
of the v7 syntax anywhere?
The rsyslog documenation has a lot of v7 config examples. I haven't seen a
direct v5 to v7 config translater, but there was a post on how v7 syntax could
help simplify configs that may help
http://www.rsyslog.com/filter-optimization-with-arrays/
David Lang
On Thu, 31 Jan 2013, Gary Foster wrote:
I can easily break it down into the relevant fields with the rsyslog property
replacer and mmnormalize… I can get the timestamp referring URL, etc all out
of it. I can also build a basic CEE'ish sort of output using a template.
However, what I really
please restate your question, I don't understand what you are asking.
David Lang
On Tue, 5 Feb 2013, Abdulnasir Shash wrote:
Date: Tue, 5 Feb 2013 08:13:41 -0800 (PST)
From: Abdulnasir Shash amsh...@yahoo.com
To: rsyslog@lists.adiscon.com rsyslog@lists.adiscon.com
Subject: [rsyslog] Number
at this, is there anything showing
up in a debug run?
David Lang
On Tue, 5 Feb 2013, Brian Harris wrote:
I use rsyslog and the imfile module to watch some application logs and send
to a central syslog server.
imfile is sporadically sending messages to the remote server. On a few
servers it works as expected
with a local firewall or SELINUX config blocking your access to a
non-standard port.
David Lang
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https
is that the order of multiple include files has always been
undefined. you should not rely on interaction between different files that are
included to always be in a particular order, either amoung the files or in
relation to entries in the main file.
David Lang
, it was a legacy option that said what version of the config file
to use, and it never really worked unless you told it the current version, so
now rsyslog just reads and parses the config without you having to try and tell
it what version of config language you are using.
David Lang
one problem you will have is that the text in the messages sometimes includes
commas.
how are you getting the logs to your program? could you just insert sed into the
path? I don't know of a way to do this inside rsyslog without a small custom
module.
David Lang
On Mon, 25 Feb 2013
does this mean you solved your problem?
David Lang
On Tue, 26 Feb 2013, root wrote:
Date: Tue, 26 Feb 2013 10:05:50 +0800
From: root r...@cnmoker.org
Reply-To: rsyslog-users rsyslog@lists.adiscon.com
To: rsyslog rsyslog@lists.adiscon.com
Subject: Re: [rsyslog] if -c options can not use
that the FQDN is not in the message you are recieving in the first
place, please log with RSYSLOG_DebugFormat so we can see what data is in the log
message.
David Lang
On Thu, 28 Feb 2013, root wrote:
no,i want ask quetions like this
http://lists.adiscon.net/pipermail/rsyslog/2010-March
, then eliminating it and having rsyslog push the traffic to
elasticsearch can help, but if the bottleneck is in elasticsearch, then you need
to speed it up.
David Lang
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http
I actually see very
few of these as the longest log messages are cut off by being over Apache's
8192 byte request limit or by /sbin/logger
you can set rsyslog to have a much larger limit (I know I've seen 32K)
David Lang
___
rsyslog mailing list
http
that include the modules you need.
David Lang
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL
http://www.rsyslog.com/doc/build_from_repo.html
On Mon, 4 Mar 2013, Chris Roberts wrote:
If rsyslog is currently installed on Ubuntu Server by default, how would I
compile it again?
On Mon, Mar 4, 2013 at 2:26 PM, David Lang da...@lang.hm wrote:
On Mon, 4 Mar 2013, Chris Roberts wrote
several of your errors have to do with thread related issues. This could be that
the libc you are using doesn't include pthread support. Rsyslog heavily uses
threads and won't work if you don't have pthread support available.
what libc are you using?
David Lang
On Mon, 4
Mar 2013, Ashish
to the current development version after it's written.
David Lang
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL
. But rsyslog is still running in the process
table with its -d flag.
when rsyslog stops, what shows up in the debug logs?
David Lang
4) we tried to configure rsyslog to use imtcp on port 514 instead of imrelp on
port 514 or whatever other port. Here, it never loose its ability to accept
connections
[PID] in the name, and they expect that to be part of
the syslog tag, not the message.
David Lang
Thank you,
Ignas K.
On 2013.03.18 23:03, Rainer Gerhards wrote:
My mail server is a bit sluggish today, makes my comments a bit out of
sync. ;-)
Truncation after char 32 is absolutely correct
don't know what version they are dealing with, but what about the
removal of the BSD block configs as options, are they aware of that change?
David Lang
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
this config option have the effect I expected' boil down to this type of
problem.
David Lang
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https
Version 7 has added the ability to set variables that you can use later, earlier
versions do not have that capability.
now, exactly _how_ to set it from a regex is something I would have to dig
further on.
David Lang
On Wed, 20 Mar 2013, Gary Foster wrote:
Date: Wed, 20 Mar 2013 14:30:17
and see where you have so many files.
ls |while read dir; echo -n $dir ; find $dir |wc -l ; done
then cd to the directory with the most files in it and repeat until you rind
what's useing so many inodes.
David Lang
On Thu, 21 Mar 2013, EXT-Edge, Sean wrote:
Date: Thu, 21 Mar 2013 06:52:35
to get you operational again.
David Lang
On Thu, 21 Mar 2013, EXT-Edge, Sean wrote:
David,
Perhaps I wasn't clear in my initial email. I know what inodes are and I know
where the majority of them are in use, my rsyslog spool directory. There are
891185 files (only 971040 total inodes available
output (which would watch for the
appropriate input on stdin and rotate the logfile). This is essentially writing
a one-function version of SEC
David Lang
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
of what it does in those conditions.
David Lang
On Mon, 25 Mar 2013, Gregory Patmore wrote:
Date: Mon, 25 Mar 2013 14:46:52 -0400
From: Gregory Patmore greg.patm...@appssavvy.com
Reply-To: rsyslog-users rsyslog@lists.adiscon.com
To: rsyslog-users rsyslog@lists.adiscon.com
Subject: [rsyslog
Gary, I thought to set the contents of $!foo you had to use something like like:
set $!var = something
so wouldn't what you are trying be:
set $!foo = %msg:R,ERE,0,DFLT:rg_counter--end%
note $!foo on the left side and msg on the right side.
David Lang
On Tue, 26 Mar 2013, Gary Foster wrote
in $!var1, the second in $var2
David Lang
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing
On Wed, 27 Mar 2013, Jiann-Ming Su wrote:
Is there a version of rsyslog that can properly use distributed filesystems
like GlusterFS? For example, I have two nodes each running rsyslog but also
sharing a GlusterFS filesystem. Can those independent rsyslog processes
running on different
On Thu, 28 Mar 2013, David Lang wrote:
On Wed, 27 Mar 2013, Jiann-Ming Su wrote:
Is there a version of rsyslog that can properly use distributed filesystems
like GlusterFS? For example, I have two nodes each running rsyslog but
also sharing a GlusterFS filesystem. Can those independent
larger than block size (if message size is set large enough), and
it can output multiple messages at once, so I would not expect that rsyslog
would work well in these conditions.
David Lang
On Thu, 28 Mar 2013, Gregory Patmore wrote:
seems glusterfs 'should' handle the races with its locking
Given that postgres 8.4 is rather old, can you confirm that this is still needed
(and still works) with current versions?
8.4.16 is still supported, but it's the oldest version supported.
David Lang
On Thu, 28 Mar 2013, Tomas Heinrich wrote:
Date: Thu, 28 Mar 2013 16:26:11 +0100
From: Tomas
, so when the COMMAND= is in the line, that's going to
override the default detection
David Lang
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https
.
David Lang
On Tue, 2 Apr 2013, Marcelo
Veglienzone wrote:
Thank you David.
What would be the best way to circumvent this issue? I was thinking of
replacing %app-name with something custom but this is the first time I've
worked with rsyslog to this extent so I'm really at a loss here.
On Tue
.
David Lang
On Tue, 2 Apr 2013, Josh Bitto wrote:
Hello Everyone,
Ok so I have been working with rsyslog for a couple of weeks now. I've been assigned to
create a syslog server and all that funky stuff. I have a central syslog server setup
with rsyslog basically receiving port 514 udp traffic
to seperate your logs.
After that we can talk about the syntax needed to implement the policy that you
want.
David Lang
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up
On Tue, 2 Apr 2013, Josh Bitto wrote:
David,
No I can't see the logs in the messages file that pertain to the windows logs.
Ok, I'm not understanding how you know that the windows box is sending the logs
out at all.
David Lang
Josh
P.S. I can see however messages from a client linux
by the template FILENAME.
*.* ?FILENAME
This is a more advanced feature that will create a different file for each
sending system, but before you try to do something fancy, we need to make sure
you are actually getting the logs sent to your central server.
David Lang
To my rsyslog.conf on my syslog
, there are CentOS/RHEL packages at
http://www.rsyslog.com/rhelcentos-rpms/ Add the appropriate repository here to
your yum configuration and you can then essentually forget that these aren't in
the base RHEL repository.
David Lang
uname -a
Linux hostname 2.6.18-308.24.1.el5 #1 SMP Wed Nov 21 11:42:14
to existing server
-Original Message-
From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog-
boun...@lists.adiscon.com] On Behalf Of David Lang
Sent: Wednesday, April 03, 2013 10:06 AM
To: Chris Bartram; rsyslog-users
Subject: Re: [rsyslog] trouble adding relp to existing server
On Tue, 2 Apr
numbers of files that
accumulate when trying to figure out what to work on.
David Lang
-Original Message-
From: rsyslog-boun...@lists.adiscon.com
[mailto:rsyslog-boun...@lists.adiscon.com] On Behalf Of David Lang
Sent: Wednesday, April 03, 2013 2:58 PM
To: rsyslog-users
Subject: Re
Try starting rsyslog with the -x option to disable DNS lookups. If that solves
your problem, check that you have reverse DNS working well. Rsyslog will try to
lookup the IP address of the system sending the logs to it.
David Lang
On Thu, 4 Apr 2013,
ulrich.her...@t-systems.com wrote
If you are upgrading anyway, you should see how far you can upgrade. The current
version is 7.2 (with 7.4 due shortly based off the current 7.3)
There are a lot of cleanups and a new config language that can significantly
clarify more complex configurations in the new versions.
David Lang
(for UDP forwarding), adjust for other forwarding methods if needed)
and then throw away logs I don't care about later. I find that too many times
logs that nobody thinks are important end up being critical to figuring out some
problem. So it's just easier to send and archive everything.
David
Then, unless you have something throwing logs away before that (some line
matching the logs with a destination of ~), the logs will be forwarded.
David Lang
On Thu, 4 Apr 2013, Josh Bitto wrote:
Date: Thu, 4 Apr 2013 14:44:23 -0700
From: Josh Bitto jbi...@onlineschool.ca
Reply-To: rsyslog
have
rules that anything with local5 or local7 that has http as the program name will
be thrown away before you get down to the *.* @dest rule
David Lang
-Original Message-
From: rsyslog-boun...@lists.adiscon.com
[mailto:rsyslog-boun...@lists.adiscon.com] On Behalf Of David Lang
In general, upgrading a package should not change your configuration files,
especially if you have customized them.
Rsyslog packages should not change the config file.
David Lang
On Thu, 4 Apr 2013, Josh Bitto wrote:
When I installed the stable version of rsyslog from the yum package
...its set to
warning and above on local3 facility.
if you just log *.* somewhere, do the logs show up in that file?
David Lang
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's
' \
and \
$programname != 'httpd' \
and \
$syslogfacility-text == 'local7' \
then?httpderror
The access one works...but the error log does not. Any ideas?
is it because of the difference between == and !=?
David Lang
Should this be working?
it depends on what the logs look like. If they are logs generated from the
imfile config above, I think they probably will, although I'll point out that
doing mixed case on commands if and then is highly questionable at best.
David Lang
1 - 100 of 3636 matches
Mail list logo