Scenario:
I'm working with a central rsyslog server (latest 8.x version) with a
common ruleset (e.g, "remote") bound to the imrelp, imudp and imptcp
inputs. That ruleset calls another ruleset (e.g., "notify-rules") to
perform omemail actions as appropriate.
This central receiver also
On 8/8/2017 1:10 PM, rsyslog-users-lists.adiscon@whyaskwhy.org wrote:
On 8/8/17 2:30 AM, Rainer Gerhards wrote:
>>
Check what APP-NAME, PROCID and MSGID contain, which are derived from
the tag.
RFC5424 tells you where these parts are to be placed in the header.
It appears that this
On 7/11/17 1:33 AM, mostolog--- via rsyslog wrote:
It's implicit, AFAIK
On 11/07/17 07:48, deoren wrote:
Here is some pseducode based off of another recent thread:
ruleset(name="remote-rules"){
action(
...
)
On 7/11/17 2:59 AM, David Lang wrote:
unfortunantly, this is a gap in rsyslog's capabilities. What you can do
is assign a ruleset to all remote inputs, and then what's left is the
/dev/log (and rsyslog internal) logs
you can also test the input of a log message and call a ruleset
Thanks. I
On 7/11/17 2:47 AM, Rainer Gerhards wrote:
yup ... for this case. Processing stops when there is .. no more
processing to do. Usually, this means end of ruleset. But if the
ruleset is called from another ruleset, processing will go back to the
caller if there is no stop statement. In the given
On 7/11/17 3:36 AM, Jiří Vymazal via rsyslog wrote:
Well, you have to specify on which socket imuxsock will listen,
otherwise it cannot know where to listen. You are not creating any
socket by this, unless you explicitly configure otherwise.
I guess I incorrectly assumed that these two
On 7/10/17 5:28 PM, David Lang wrote:
On Mon, 10 Jul 2017, deoren wrote:
Hi David,
My comment wasn't as clear as it should have been. The
/usr/lib/tmpfiles.d/var.conf file targets specific directories and one
of those is /var/log. By default /var/log is set to 0755, so if
rsyslog
On 7/10/17 5:13 PM, David Lang wrote:
On Mon, 10 Jul 2017, deoren wrote:
I checked Debian 9 and that release appears to be handling the rsyslog
configuration the same way as CentOS 7: run as root, do not attempt to
drop privileges. Ubuntu's rsyslog package on the other hand does make
On 7/8/17 10:19 PM, deoren wrote:
Running the same command on the SSD copy of that VM I see about 220ms
startup time. I'm also new to systemd, so I might be misinterpreting the
values, but it appears that the slower load time for rsyslog is giving
the system sufficient time to load all
While researching permission issues on /var/log, I realized that the
rsyslog package from the Ubuntu PPA doesn't provide an override for
/usr/lib/tmpfiles.d/var.conf (which has a rule that sets /var/log to
0755). I submitted #1655 via GitHub for that, thinking that the problem
was likely
Is the policy to wait a bit between releasing a new stable release and
then building it for the PPA to make sure there are no issues with the
new release?
https://launchpad.net/~adiscon/+archive/ubuntu/v8-stable
Thanks.
___
rsyslog mailing list
On 7/10/17 6:58 PM, David Lang wrote:
On Mon, 10 Jul 2017, deoren wrote:
Without an override in place, the permissions are being reset on boot
for the /var/log directory to 0755, ownership of root:syslog. The
/usr/lib/tmpfiles.d/00rsyslog.conf file overrides the systemd default
configuration
On 7/10/17 3:00 PM, David Lang wrote:
no, there are sometimes delays between the release and the PPA, but they
are not the result of a deliberate policy
I'm a new user of the PPA, so I wasn't sure what to expect re release
timeline. Thanks for confirming that it's variable.
On 7/10/17 3:07 PM, David Lang wrote:
> I've been using rsyslog since 2006 and never seen /usr/lib/tempfiles.d
From what I've learned it's systemd specific and really came into play
with Ubuntu 15.04, but I only learned about with recent system upgrades
from 14.04 to 16.04 LTS.
> I don't
Hi,
If I want to use a ruleset named "local" for an input that handles the
default local unix socket, how would I define the module and input
entries to reflect that?
I thought this would do it:
module(load="imuxsock")
input(type="imuxsock" ruleset="local")
but rsyslog complains like so:
On 7/7/17 2:28 AM, deoren wrote:
First of all, thank you for reading this and thanks to the devs for
rsyslog.
Admittedly, my configuration is likely at fault as I'm still learning
how to configure a rsyslog client installation for reliable remote logging.
Environment (client & se
On 7/8/17 9:23 PM, David Lang wrote:
On Sat, 8 Jul 2017, deoren wrote:
Looking around I learned of these two directives:
$DebugLevel 2
$DebugFile /var/log/rsyslog-debug.log
I added those, rebooted the VM and quickly had lots of debug info to
work with. In the file I found these entries
I've setup a ruleset that is applied to messages arriving from remote
systems via imrelp. One action within that ruleset matches on auth
facility messages and places them into a "combined" auth log file.
Additionally an alert is generated via ommail for matching patterns (SSH
logins).
In
On 7/20/17 7:38 PM, David Lang wrote:
On Thu, 20 Jul 2017, deoren wrote:
Thanks David. So if I attach the rulesets directly to the inputs, is
there any other way to combine auth facility messages into a single
file? Should I instead not attach rulesets to the inputs and instead
call
>> On Jul 19, 2017, at 8:37 AM, deoren wrote:
>>
>> I've setup a ruleset that is applied to messages arriving from
remote systems via imrelp. One action within that ruleset matches on
auth facility messages and places them into a "combined" auth log file.
Additional
On 7/20/17 6:54 PM, David Lang wrote:
On Thu, 20 Jul 2017, deoren wrote:
# /etc/rsyslog.conf
input(type="imuxsock" socket="/dev/log" ruleset="local")
input(type="imrelp" port="2514" KeepAlive="on" ruleset="remote")
The ru
On 6/27/17 9:54 AM, Florian Riedl wrote:
Hi all,
We have released rsyslog 8.28.0.
Any estimate re availability of the 8.28.0 version via the Ubuntu PPA?
https://launchpad.net/~adiscon/+archive/ubuntu/v8-stable
Thanks.
___
rsyslog mailing list
On 8/4/17 12:10 PM, David Lang wrote:
when you stop rsyslog, it attempts to save the data in the queues to
disk and write the .qi file so that it will be able to read the disk
queue files on next startup. But many distros have a short timeout that
if the program doesn't finish shutting down
On 8/4/17 3:32 PM, David Lang wrote:
what init system do you have
systemd from Ubuntu 16.04.
you would need to change systemd settings, and I
don't know if this is in a file shipped with the distro or something
provided by the adiscon PPA.
Me either, but I'll look into it. Thank you for
I've recently converted all of our nodes from forwarding messages from
the default forwarding format to using the
'RSYSLOG_SyslogProtocol23Format' format.
I only did light research beforehand (so I can only blame myself), but
when our relay nodes log in either 'RSYSLOG_TraditionalFileFormat'
On 8/5/17 10:59 PM, deoren wrote:
I've recently converted all of our nodes from forwarding messages from
the default forwarding format to using the
'RSYSLOG_SyslogProtocol23Format' format.
I only did light research beforehand (so I can only blame myself), but
when our relay nodes log
On 8/5/17 11:28 PM, David Lang wrote:
on the receiver, write a log with the format rawmsg or use the
RSYSLOG_DebugFormat and look at the rawmsg line there. Let's see exactly
what is being sent to see if the data is being lost at transmit or on
reception.
Personally, I have my senders
On 8/5/17 11:42 PM, deoren wrote:
On 8/5/17 10:59 PM, deoren wrote:
I've recently converted all of our nodes from forwarding messages from
the default forwarding format to using the
'RSYSLOG_SyslogProtocol23Format' format.
I only did light research beforehand (so I can only blame myself
I've setup a central rsyslog instance (sawmill1) that receives messages
from all nodes. I consider this node a primary or production node. That
same node passes a copy of all messages to a second instance (sawmill2)
where I test configuration changes and then pipe into a prototype
Graylog
For example, I am trying to troubleshoot why messages arriving in one format
are not saved as expected, even though the debug formatted output shows
properties populated as expected.
Thanks.
___
rsyslog mailing list
Most of what I'm coming across is geared towards sending into another
product like mongodb or elasticsearch.
I'm really new to this aspect, so the more newbie friendly the better.
In particular, I'd like to find a barebones template for replicating
forwarding of content using
On 9/13/2017 6:12 PM, deoren wrote:
Currently I have all of the clients setup to use DNS A record to connect
to the central system. That A record has a TTL of 300 seconds.
I plan to down the central server and then move it to a new hosting
environment with a totally different IP. That move
Currently I have all of the clients setup to use DNS A record to connect
to the central system. That A record has a TTL of 300 seconds.
I plan to down the central server and then move it to a new hosting
environment with a totally different IP. That move will take more than
the 300 seconds
2017-10-06 8:27 GMT+02:00 deoren
<rsyslog-users-lists.adiscon@whyaskwhy.org>:
On October 6, 2017 1:03:32 AM CDT, Thomas Deutschmann via rsyslog
<rsyslog@lists.adiscon.com> wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2017-10-06 07:45, deoren wrote:
Is this
On 10/2/2017 8:58 AM, senaps via rsyslog wrote:
[Journal]
Storage=volatile
Compress=no
RateLimitInterval= 0
RateLimitBurst= 10
MaxRetentionSec=5s
#Storage=auto
#Compress=yes
#Seal=yes
Are you attempting to have rsyslog process this? That looks to be the
format that systemd uses for its
On October 6, 2017 1:03:32 AM CDT, Thomas Deutschmann via rsyslog
<rsyslog@lists.adiscon.com> wrote:
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA512
>
>On 2017-10-06 07:45, deoren wrote:
>> Is this expected? I recall reading that rsyslog should be properly
>>
Is this expected? I recall reading that rsyslog should be properly
firewalled to protect it from malicious traffic, but I couldn't recall
what would happen if it were exposed to scans: fall over vs trash data
logged.
___
rsyslog mailing list
In my limited experience I've managed to use both in similar ways,
though by passing '$!' to a remote node I understand[1] that I'm not
including the local variables. Those values are stored within '$.' instead.
For setting values within a configuration for reference within
templates,
On 9/28/2017 6:37 AM, Joan via rsyslog wrote:
I am using rsylog to read (imfile) some logfiles and forward them to
graylog in syslog format RFC5424.
I would like to add an attribute with the filename, I explored doing it by
modifiing the template (such as this
>2017-08-19 0:20 GMT+02:00 deoren
><rsyslog-users-lists.adiscon@whyaskwhy.org>:
>> For example, I am trying to troubleshoot why messages arriving in one
>format are not saved as expected, even though the debug formatted
>output shows properties populated as expected.
For example, here is a small block that I'm using to route rsyslog
related messages to the local /var/log/rsyslog.log file:
if ($programname == 'rsyslogd' or $syslogfacility-text == 'syslog') then {
action(
name="rsyslog-messages"
type="omfile"
On 8/25/2017 4:26 PM, David Lang wrote:
you can put in an action that writes a different template, and that
template can be fixed text.
Thank you! That makes sense. I appreciate the quick response also.
___
rsyslog mailing list
On 10/6/2017 4:42 PM, David Lang wrote:
On Fri, 6 Oct 2017, deoren wrote:
I'm going to retest soon, one port at a time to see if the segfault is
specific to one of the inputs.
Once I determine that I'll likely setup a vanilla installation of
rsyslog with imudp, imptcp and imrelp enabled
On 10/7/2017 5:25 AM, Rainer Gerhards wrote:
2017-10-07 7:57 GMT+02:00 deoren
<rsyslog-users-lists.adiscon@whyaskwhy.org>:
As I dig more into this, I'm beginning to think the only thing the Qualys
scan did was aggravate an existing problem and cause rsyslog to tip over
more quickly.
On 10/18/2017 3:15 PM, David Lang wrote:
On Wed, 18 Oct 2017, deoren wrote:
On 10/18/2017 1:36 PM, David Lang wrote:
On Wed, 18 Oct 2017, deoren wrote:
Since the sender and receiver in this are both the latest versions
of rsyslog (with the plan for the setup to remain that way), can I
scale
On 10/18/2017 5:02 PM, deoren wrote:
On 10/18/2017 3:22 PM, Rainer Gerhards wrote:
The queue errors are bad. Anything else in regard to that queue?
After discussing it on this thread, I stopped rsyslog yesterday and
moved all content from /var/spool/rsyslog to a different directory,
hoping
Refs:
https://github.com/rsyslog/rsyslog/issues/1782
Scenario:
* rsyslog v8.30.0 (Ubuntu PPA)
* Ubuntu 16.04
* rsyslog sender setup to forward via omrelp (with a DA queue) to a
remote receiver
* nearly 1 GB of held message content in /var/spool/rsyslog
There are 1272152 messages
On 10/17/2017 3:36 PM, David Lang wrote:
you can copy the queue files somewhere else (best done with rsyslog
stopped), and then configure a copy of rsyslog,conf to not have any
inputs, but have the queue files and the rules for what to do with them.
You can then run a second copy of rsyslog
On 10/17/2017 3:45 PM, Rainer Gerhards wrote:
Errno 11 seems to be EAGAIN, more a status than a warning. The full Debug
log may reveal details.
Is the debug on demand log file sufficient or should enabling debug mode
at startup the better route?
On a different note, will rsyslog accept a
On 10/18/2017 12:02 PM, deoren wrote:
On 10/18/2017 11:51 AM, deoren wrote:
On 10/17/2017 6:57 PM, David Lang wrote:
Yes, rsyslog will accept messages it can't deliver, the accepting of
messages is decoupled from the delivery.
if a message is too long, it will get ttruncated, even if it's
On 10/18/2017 11:51 AM, deoren wrote:
On 10/17/2017 6:57 PM, David Lang wrote:
Yes, rsyslog will accept messages it can't deliver, the accepting of
messages is decoupled from the delivery.
if a message is too long, it will get ttruncated, even if it's json
(at that point it's a string
On 10/17/2017 6:57 PM, David Lang wrote:
Yes, rsyslog will accept messages it can't deliver, the accepting of
messages is decoupled from the delivery.
if a message is too long, it will get ttruncated, even if it's json (at
that point it's a string of bytes, rsyslog has no way of knowing that
On 10/18/2017 1:36 PM, David Lang wrote:
On Wed, 18 Oct 2017, deoren wrote:
I checked and sawmill1 is having trouble sending the messages on to
the "downstream" receivers (sawmill2, sawmill3). Based on the "... at
least 232 byte larger than max msg size ..." lo
On 10/7/2017 10:44 AM, deoren wrote:
On 10/7/2017 5:25 AM, Rainer Gerhards wrote:
2017-10-07 7:57 GMT+02:00 deoren
<rsyslog-users-lists.adiscon@whyaskwhy.org>:
As I dig more into this, I'm beginning to think the only thing the
Qualys
scan did was aggravate an existing problem and
On 10/23/2017 7:11 PM, David Lang wrote:
do you have a tcpdump or info from Qualys saying what it sends as part
of the scan?
David Lang
Thankfully (for troubleshooting purposes), the problem isn't specific to
the Qualys scan. I later learned that messages coming from our ESXi
hosts
On 10/23/2017 7:38 PM, deoren wrote:
On 10/23/2017 7:11 PM, David Lang wrote:
do you have a tcpdump or info from Qualys saying what it sends as part
of the scan?
David Lang
Thankfully (for troubleshooting purposes), the problem isn't specific to
the Qualys scan. I later learned
On 10/23/2017 7:51 PM, deoren wrote:
On 10/23/2017 7:38 PM, deoren wrote:
On 10/23/2017 7:11 PM, David Lang wrote:
do you have a tcpdump or info from Qualys saying what it sends as
part of the scan?
David Lang
Thankfully (for troubleshooting purposes), the problem isn't specific
On 10/18/2017 12:34 PM, Rainer Gerhards wrote:
2017-10-18 1:14 GMT+02:00 deoren
<rsyslog-users-lists.adiscon@whyaskwhy.org>:
On 10/17/2017 3:45 PM, Rainer Gerhards wrote:
Errno 11 seems to be EAGAIN, more a status than a warning. The full Debug
log may reveal details.
Is the
On 10/18/2017 3:22 PM, Rainer Gerhards wrote:
The queue errors are bad. Anything else in regard to that queue?
After discussing it on this thread, I stopped rsyslog yesterday and
moved all content from /var/spool/rsyslog to a different directory,
hoping to have rsyslog come back online with
This is a tangent of another issue I was dealing with a few weeks back, but it
appears that problem was related to checking whether a non-existent $!variable
was empty.
Is the expected behavior for that check to fail?
This is with v8.29.0 and I have not tested with 8.30.0 yet, but I am more
On November 14, 2017 10:49:06 PM CST, "Войнович Андрей Александрович via
rsyslog" wrote:
>Thank you, David
>
>We have upgraded our linux box to the latest available (Debian 9) and
>now rsyslog version is 8.24 (the newest from deb repo), but we still
>experience the
On 11/30/2017 5:28 PM, deoren wrote:
Is that parameter used to specify the replacement for /dev/log or is
that parameter used to specify another socket that is in addition to
/dev/log as an input source?
I assume that SysSock.Use defaults to /dev/log, but if SysSock.Name is
specified, does
Is that parameter used to specify the replacement for /dev/log or is
that parameter used to specify another socket that is in addition to
/dev/log as an input source?
I assume that SysSock.Use defaults to /dev/log, but if SysSock.Name is
specified, does SysSock.Use now refer to using that
On 12/14/2017 8:19 PM, Rory Toma wrote:
I have put in
$ModLoad imklog
$klogLocalIPIF eth0
in my rsyslog.conf file (8.30.0) However,
rsyslogd: invalid or yet-unknown config file command 'klogLocalIPIF' -
have you forgotten to load a module? [v8.30.0 try
http://www.rsyslog.com/e/3003 ]
I noticed this commit focused on fixing the case in the source code for
comparison purposes:
https://github.com/rgerhards/rsyslog/commit/b9cda4602b26a4778fdfec4990a62b6faf2bc86b
which leads me to ask:
Are configuration parameters case sensitive?
For example, are these all equivalent?
global
On 11/17/2017 11:05 AM, Rainer Gerhards wrote:
2017-11-17 18:04 GMT+01:00 deoren
<rsyslog-users-lists.adiscon@whyaskwhy.org>:
I noticed this commit focused on fixing the case in the source code for
comparison purposes:
https://github.com/rgerhards/rsyslog/
On 11/10/2017 9:33 AM, dchappelle via rsyslog wrote:
Thanks for all of the info deoren. I do have the file you speak of installed
on my system:
dchappelle@L164:~$ cat /usr/lib/tmpfiles.d/00rsyslog.conf
# Override systemd's default tmpfiles.d/var.conf to make /var/log
writable
which actually have set it to a couple of
MB (and occasionally use it).
Rainer
2017-11-09 17:25 GMT+01:00 deoren
<rsyslog-users-lists.adiscon@whyaskwhy.org>:
On 11/9/2017 10:24 AM, Scot Kreienkamp wrote:
I have it set at 128k now... I thought I read in the list archives that
was
On 11/9/2017 10:24 AM, Scot Kreienkamp wrote:
I have it set at 128k now... I thought I read in the list archives that was the
maximium value?
https://github.com/rsyslog/rsyslog/issues/1741
Looks like it (for now).
___
rsyslog mailing list
On November 9, 2017 10:21:04 PM CST, dchappelle via rsyslog
wrote:
>Apologies for not including the config. Here is
>/etc/rsyslog.d/10-example.conf:
>
>dchappelle@L164:/etc/rsyslog.d$ cat 10-example.conf
>local0.* /var/log/test.log
On 11/9/2017 4:08 AM, Thomas Deutschmann via rsyslog wrote:
Hi,
no distribution will probably _require_ network for rsyslog per
default because in the default configuration distributions are
shipping, no network is required. Due to the fact that most init
systems nowadays support parallel
On November 9, 2017 6:47:11 PM CST, dchappelle via rsyslog
wrote:
>I am running a vanilla install of Ubuntu 16 and my rsyslogd is not
>creating
>new log files for me. I added a new filter rule and restarted rsyslogd.
>After doing so and generating log messages for
https://github.com/rsyslog/rsyslog/issues/1656
See if that matches what you are fighting with.
On November 7, 2017 9:51:51 AM CST, "matthew.gaetano"
wrote:
>Queue's aside, regardless of the order rsyslog loads (before or after
>network) its retry function should not
On 11/7/2017 10:31 AM, matthew.gaetano wrote:
With the exception of the relation to storage, yes, for the most part. We
encountered the issue on a physical server using SCSI/SATA drives. Our
secondary tester were in vmware.
I initially emphasized the boot speed from running the Ubuntu 16.04 VM
On 11/7/2017 12:25 PM, deoren wrote:
On 11/7/2017 10:31 AM, matthew.gaetano wrote:
With the exception of the relation to storage, yes, for the most part. We
encountered the issue on a physical server using SCSI/SATA drives. Our
secondary tester were in vmware.
I initially emphasized the boot
Is this something that the Rsyslog team manages or is it someone at the
Read the Docs team that manages the content?
I ask because it appears that the version of the docs (stable, latest)
available there are outdated and I wanted to make sure to report the
issue to the correct place.
On 10/25/2017 4:18 PM, Naftuli Kay via rsyslog wrote:
So would I do "set $deploy_env = getenv('DEPLOY_ENV')"? How would I then
reference this variable? I'm still trying to learn more about rsyslog
variables and how to use them in templates.
I'm still learning myself, so I completely
On 10/25/2017 3:48 PM, Naftuli Kay via rsyslog wrote:
I have a few environment variables that I'd like to include in my log
messages that I'm formatting in JSON format. I have a service that runs on
boot which generates /etc/sysconfig/ec2 which contains variables like
EC2_INSTANCE_ID,
On 10/19/2017 6:58 PM, deoren wrote:
On 10/19/2017 3:12 PM, Rainer Gerhards wrote:
Am 19.10.2017 21:55 schrieb "David Lang" <da...@lang.hm>:
RELP has it's place, but most of the time I'm willing to loose some logs
under rare failure conditions and so haven't bothered to
On 10/31/2017 12:42 PM, matthew.gaetano wrote:
Hello,
I'm not sure this is an issue considering Legacy format shouldn't really be
used in version 8, however it seems that when using legacy forwarding (as
described in the default rsyslog.conf file) rsyslog suspends the actions and
never retries.
On 10/31/2017 4:05 PM, matthew.gaetano wrote:
Seems like your on the right track. We changed the dns names in the conf to
the destination IPs and this somewhat resolved the issue.
Rsyslog would still suspend the two destination actions however once the
system settled the actions were resumed.
I originally sent this as part of another thread, but I think this got
buried and lost among the noise the rest of my notes generated. Posting
a cleaner version here in case others know the answer.
I'm trying to avoid using legacy configuration options where I can, but
just in case the order
parameter messages that were previously "stuck", flow once more.
On 10/29/2017 1:22 PM, Rainer Gerhards wrote:
quick answer: I guess you ran into this
https://github.com/rsyslog/rsyslog/issues/1741
Let me know if more info is needed.
Rainer
2017-10-29 19:15 GMT+01:00 deoren
<
On 10/19/2017 3:12 PM, Rainer Gerhards wrote:
Am 19.10.2017 21:55 schrieb "David Lang" :
RELP has it's place, but most of the time I'm willing to loose some logs
under rare failure conditions and so haven't bothered to use it.
large maxmessagesize leads to wasted memory in
On 10/18/2017 8:10 PM, David Lang wrote:
On Wed, 18 Oct 2017, deoren wrote:
On 10/18/2017 3:15 PM, David Lang wrote:
On Wed, 18 Oct 2017, deoren wrote:
On 10/18/2017 1:36 PM, David Lang wrote:
On Wed, 18 Oct 2017, deoren wrote:
Since the sender and receiver in this are both the latest
On 10/23/2017 7:55 PM, deoren wrote:
On 10/23/2017 7:51 PM, deoren wrote:
On 10/23/2017 7:38 PM, deoren wrote:
On 10/23/2017 7:11 PM, David Lang wrote:
do you have a tcpdump or info from Qualys saying what it sends as
part of the scan?
David Lang
Thankfully (for troubleshooting purposes
On 10/27/2017 5:19 PM, Naftuli Kay via rsyslog wrote:
Can anyone shed any light on how to set global variables? Environment
variables won't change over the lifetime of the process so it would make
sense to not have to allocate for every log message.
Thanks,
- Naftuli Kay
I've not used them
On 12/20/2017 4:24 AM, deoren wrote:
> On 12/14/2017 8:19 PM, Rory Toma wrote:
>> I have put in
>> $ModLoad imklog
>> $klogLocalIPIF eth0
>>
>> in my rsyslog.conf file (8.30.0) However,
>> rsyslogd: invalid or yet-unknown config file command 'klogLoca
On 12/21/2017 1:10 PM, Andrew Akins via rsyslog wrote:
> I was wondering if anyone had seen this. I’m running rsyslog on Alpine Linux,
> deployed as a container. Rsyslog was built from source, and is version 8.31.0
>
> Basically, initialization of a omkafka message is failing:
>
>
On 12/22/2017 9:52 AM, Luigi Tagliamonte via rsyslog wrote:
> Hi there!
> What are the tunable parameters for this module, like:
> - an option to increase the number of threads for kafka processing
> - number of messages to process per req.
> - etc..
> Regards
> L.
Module docs:
*
Hi all,
I'd like to get your feedback on some proposed formatting changes to the
imuxsock module doc. I mention my preference below, but the end goal is
to standardize the formatting and make the docs easier to work with, so
my personal preferences can take a backseat in the scheme of things. ;)
s in place. Everything from
typos, to clarifications of content to adding missing coverage.
I'm still learning the ins/outs of everything (including Git), but I'd
be happy to answer any questions that I'm able to. Just mention me
(e.g., "@deoren") on whatever GitHub issue/PR you work o
On 1/8/2018 3:30 AM, Simon Lundström wrote:
On Sun, 2018-01-07 at 23:56:27 -0600, deoren wrote:
Hi all,
I'd like to get your feedback on some proposed formatting changes to the
imuxsock module doc. I mention my preference below, but the end goal is
to standardize the formatting and make
On 1/8/2018 9:22 AM, deoren wrote:
On 1/8/2018 9:11 AM, Andrew Griffin via rsyslog wrote:
This looks great, I love it!
Can someone refresh my memory on the process for contributing to the
documentation? I’d like to chip in
Andrew Griffin
Thanks for the feedback. Do I understand your
[mailto:rsyslog-boun...@lists.adiscon.com] On Behalf Of
deoren
Sent: Friday, January 26, 2018 4:36 PM
To: rsyslog@lists.adiscon.com
Subject: Re: [rsyslog] Can a single logfile be part of multiple imfile configs?
On 1/26/2018 3:29 PM, Scot Kreienkamp wrote:
Hi everyone,
My basic question: Can the same logfile
On 1/26/2018 3:29 PM, Scot Kreienkamp wrote:
Hi everyone,
My basic question: Can the same logfile be used in two imfile inputs?
There may be other ways of doing this, but this comes to mind:
1. A single input object which specifies the file you want to monitor.
2. Attach a single ruleset to
I'm looking through the docs and I haven't spotted it.
Thanks.
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE
On 2/2/2018 5:41 AM, Simon Lundström wrote:
Thank you for your feedback!
> I like mailinglists and IRC but the most important for me is that the
> questions are answered, be it by employees or the community
I completely agree with this. Seeing how spread out the current
community is between
@Rainer
+1 for logo 1 out of the provided options (also voted using the provided
poll)
On 2/2/2018 1:27 AM, Ciprian Hacman wrote:
> Nice. Logo 1 from me also (voted). Seems the cleanest one.
>
> Ciprian
>
> --
> Performance Monitoring * Log Analytics * Search Analytics
> Solr & Elasticsearch
On 2/1/2018 6:27 AM, Radu Gheorghe wrote:
Hi,
Today we just published what I hope to be a quite complete eBook about
centralizing logs with rsyslog. The destination I had in mind was
Elasticsearch, but I think it should apply to many other use-cases.
Here's the blog post with more details on
1 - 100 of 154 matches
Mail list logo