Re: [rsyslog] omfile: Force instant write
Hi, the main problem was that for some reason I thought sending HUP would be enough to activate the configuration changes (maybe I was fooled by the message "lookup table ... reloaded from file" after sending HUP and by the fact that for some reason restarting rsyslogd will take ~3 minutes -- I think this is caused by ommysql but I still need to investigate). Once I really restarted rsyslogd logs where written like expected and I stopped investigating. -- Regards, Thomas Deutschmann / Gentoo Linux Developer C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5 ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] Parse & use date
On 2019-01-23 09:33, David Lang wrote: > Rsyslog does not yet have good date manipulation capabilities. We have > started it with parse_time() and format_time(), but they are currently > very limited. Yeah, extracting each value and creating a new date format like > template(name="iso8601date" type="list") { > property(name="$!year") > constant(value="-") > property(name="$!month") > constant(value="-") > property(name="$!day") > constant(value="T") > property(name="$!hours") > constant(value=":") > property(name="$!minutes") > constant(value=":") > property(name="$!seconds") > property(name="$!timezone") > } > > if ($parsesuccess == "OK") then { > # ...values are now extracted > > set $!timestamp = exec_template("iso8601date"); > > # ... > } works but... However I realized that even if I would receive messages with a date value supported by any date-* parser in liblognorm, I would be unable to transform the matched value just via > property(name="$!timestmap" dateFormat="rfc3339") later in rsyslog because the extracted value would just be string, not a date object, right? -- Regards, Thomas Deutschmann / Gentoo Linux Developer C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5 ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] Parse & use date
Hi, thank you, the links to the openshift repository were very helpful! I am now doing something like > lookup_table(name="normalize_month" > file="/etc/rsyslog.d/normalize_month.json") > action( > type="mmnormalize" > rulebase="/etc/rsyslog.d/my-application.rulebase" > ) > > if ($parsesuccess == "OK") then { > # if parsed, we extracted $!year, $!month, $!day ... > set $.lcmonth = tolower($!month); > set $.normmonth = lookup("normalize_month", $.lcmonth); > if $.normmonth == "unknown" then { > stop > } else { > reset $!month = $.normmonth; > } > unset $.lcmonth; > unset $.normmonth; > > # ... > } ...and the lookup table looks like > { "version" : 1, > "nomatch" : "unknown", > "type" : "string", > "table" : [ > {"index": "jan", "value": "01"}, > {"index": "feb", "value": "02"}, > {"index": "mar", "value": "03"}, > {"index": "apr", "value": "04"}, > {"index": "may", "value": "05"}, > {"index": "jun", "value": "06"}, > {"index": "jul", "value": "07"}, > {"index": "aug", "value": "08"}, > {"index": "sep", "value": "09"}, > {"index": "oct", "value": "10"}, > {"index": "nov", "value": "11"}, > {"index": "dec", "value": "12"}, > ] > } -- Regards, Thomas Deutschmann / Gentoo Linux Developer C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5 ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] omfile: Force instant write
Hi, mhh... looks like sending HUP signal isn't reloading complete configuration like expect. After restarting rsyslogd I'll get immediate output like expected. -- Regards, Thomas Deutschmann / Gentoo Linux Developer C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5 ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
[rsyslog] omfile: Force instant write
Hi, currently, while playing with lookup table, mmnormalize and templates, I need to test things. Therefore I created some omfile actions to write the current message. However, this doesn't really happen: I have to send HUP signal to rsyslogd to get anything written to that file. :/ My action: action( type="omfile" file="/tmp/debug.log" template="my-debug-template" ) The message I am sending via logger is very short, something like $ logger -t mytest "[21/Jan/2019:12:20:41 +0100] foo" I guess I am not filling the buffer enough. Is there a way to force a write on every message? Thought setting 'asyncWriting="on"' would trigger a write every second due to 'flushInterval="1"' but that's not the case. Also, setting 'ioBufferSize="1"' has not the effect I am looking for. -- Regards, Thomas Deutschmann / Gentoo Linux Developer C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5 ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] Parse & use date
Hi, On 2019-01-22 23:37, John Chivian wrote: > If I understand the need correctly, you could chop your $!timestamp (or > $msg) into pieces with the substring function, and then use the values > contained in the pieces. It's a way of "parsing" it yourself. This could be a workaround, yes. How would I translate %b value, i.e. the abbreviated month name into its numeric representation? 12 if clauses or is there a better way? -- Regards, Thomas Deutschmann / Gentoo Linux Developer C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5 ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
[rsyslog] Parse & use date
Hi, tl;dr How can I parse and use a date? Long story: An application is writing a log file (/var/log/application.log). Each message starts with a date format like [%d/%b/%Y:%H:%M:%S %z] which resolves to [21/Jan/2019:12:20:41 +0100] for example. I am reading that file using imfile module (and then the rsyslog client will send that message to the centralized rsyslog server doing all the processing but this part doesn't matter for my question). For processing, I am using mmnormalize and my rule will start like version=2 rule=:[%timestamp:char-to:]%] Once the message was successfully parsed I want to write it to a 'dynamic' target (could be just a dynamic file, e.g. /logs/%YEAR/%MONTH...). In my case I have to specify a dynamic elasticsearch index, e.g. I would do something like template(name="es-index-name" type="string" string="myindex-%$YEAR%.%$MONTH%.%$DAY%") template(name="es-json" type="list") { ... } action(type="omelasticsearch" template="es-json" searchIndex="es-index-name" dynSearchIndex="on") However, $YEAR, $MONTH, $DAY will refer to a default message property, e.g. a value reflecting either the date when imfile read and created a syslog message from application log or when the centralized rsyslog server received or processed that message. But I need to access year/month/day value *from parsed* $!timestamp value (=the value from the originating log file). How can I do that? property(name="$!timestamp" dateformat="year") would be too easy ;-) I am using rsyslog-8.40 version. -- Regards, Thomas Deutschmann / Gentoo Linux Developer C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5 ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog 8.39.0 (v8-stable) released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, thank you all for another great release: > == Testsuite summary for > rsyslog 8.39.0 == # TOTAL: 487 > # PASS: 482 # SKIP: 5 # XFAIL: 0 # FAIL: 0 # XPASS: 0 # ERROR: > 0 - -- Regards, Thomas Deutschmann / Gentoo Linux Developer C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5 -BEGIN PGP SIGNATURE- iQGTBAEBCgB9FiEEExKRzo+LDXJgXHuURObr3Jv2BVkFAlveJp9fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDEz MTI5MUNFOEY4QjBENzI2MDVDN0I5NDQ0RTZFQkRDOUJGNjA1NTkACgkQRObr3Jv2 BVn8Hgf/XAP8dhTrE66UTAxjakVVJaApx2leyL5GqcGWHOq8N5TheTm7aBsLtHDb FelJ5NEZbV0Atph2A6PrPQdFwwi4RVPUr5y1uUPqm1ACBzre/eDzQ5pWNDOjL+Jx EH5LCBBC4iZ4nanZvnN4FMTh+cxtlgxng57SFHZypXHepsOaW6jWW+KIOfH+WaAO AkKu5fc+B+zsJ7RPFmhoCEwZIlLjSiXLHMuB3nLstRRjQq6bdLhUK3hoYKkh7PTI RmOBClYTVPkB8NKYkwDP6Fu9j14kSQQCWyIDlevSDB9HPgUsBaonL4Iah18ULiBh vvKNR7dVUBgTY8FqT9nS8HEmsupgfw== =QxGb -END PGP SIGNATURE- ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog 8.38.0 (v8-stable) released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi,, On 2018-09-18 17:33, Florian Riedl wrote: > Today, we release rsyslog 8.38.0. > > [...] > > There were also updated dependencies. The new release requires librelp > 1.2.18. Typo? I don't see a librelp-1.2.18 release yet and configure check [1] wasn't updated (still required >=1.2.14). See also: = [1] https://github.com/rsyslog/rsyslog/blob/v8.38.0/configure.ac#L1395 - -- Regards, Thomas Deutschmann / Gentoo Linux Developer C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5 -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQGTBAEBCgB9FiEEExKRzo+LDXJgXHuURObr3Jv2BVkFAluhYxBfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDEz MTI5MUNFOEY4QjBENzI2MDVDN0I5NDQ0RTZFQkRDOUJGNjA1NTkACgkQRObr3Jv2 BVlQbwf/XfWZKOOp/cMaOH4we6D9hbORzGcRF33kmR4YE6qGHIorXa6ZGchIlrNP QX9Mkp99Amx0sv88q+58BweBvd0SydLq1iosbHzAO46Uwn8k+4PeN5FpJIEgDCmX MpXBt/TDoMpKNlUXk6sEoTcQtGiAERQ/vSQzKKkwWj+ln9UR/YE5O+tGzqrdKp4p UpP9uagCfLhTYNgpWIcDSfD6x3sxHnuReiInvHV87OSTqoq0Ggu1yPC2rFT5pbzD anNQKurlZWJLFzujybmZaARkIASwLTm92OV6HnkjYzaLJDTDpcyaLEH7bpXeWUvR LV1+g5PcdJ9H5cka9JYwlzPd3QD0BA== =5Zhd -END PGP SIGNATURE- ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog 8.33.0 (v8-stable) released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-03-04 18:10, Michael Biebl via rsyslog wrote: > looks ok and builds fine on Debian. Yep, looks good and builds also fine on Gentoo. - -- Regards, Thomas Deutschmann / Gentoo Linux Developer C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5 -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQKTBAEBCgB9FiEEM8WEgsQCKS0uPFwGlwn5DDyW/8gFAlqcmgBfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDMz QzU4NDgyQzQwMjI5MkQyRTNDNUMwNjk3MDlGOTBDM0M5NkZGQzgACgkQlwn5DDyW /8hnng//USvlLHBe8B+jIktRb1QcwHF+L8XZKsOcKS3pDimlx/pqPRceTveJHGb0 RyGLorAYTvoZ3al5YkGOshQcfDk4+3OMstu84PxQMTT0GQh3rabUtBliRYivrls3 lOwv0JxRowZEStpbqcYbUZtflWtZsm7Cvf0n9ZG1MVxQs0DrLsh244LhYg8D0obV kMJ8a4uRHf6KXJKMrNjNOiZ6EZ3+wsm47bCbUkk6ATyf1mPKhfscv4qjGBMDQxQL Z7rR3DxPoEFJ/oJuNSdGFol82Y5SjHZrgpJdxa68QRTEP/ANd50lYB3q2qkKBXwh ZcgwlbHYRyLxklAAq5mzCCWqa/ZHnrvRtel62rvM/krbZIDArczWRVi7VMtuz7a1 UrOLNhIe9JAtLhRrpJnxpBfvwHsP0oQ+rUMjjy/m1S/7wiBiay1wmz4vtw2HHV1m /cf1aMx/eijWDT3jXfKEeSG3sLtrmdOEEygQTOzFK/63rqLG1zLFZEoXgoesJpXP Ipr6VDrY53oUg/nKfnJZVcIQ+0mDFMi/jQWcJmlJ+IDCS4RlaKI+qAr+R+h8+gwA D88NOoBFNI+ebYmhe+ffJsy0KIgSLa8vOUtGWxkljBhu/uYTc/O6spddnCtIM2JS GZWK3eEtsfY6tYDHwKEvro6X0TnaS4PUNXs8hDW2al4SuEELhfQ= =8yv3 -END PGP SIGNATURE- ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog 8.33.0 (v8-stable) released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, for those not following rsyslog's GitHub issue tracker closely: The current rsyslog-8.33.0 release tarball's content, available at rsyslog.com [1], doesn't match git's v8.33.0 tag. So you will end up with something between rsyslog-8.32.0 and rsyslog-8.33.0... but not the expected v8.33.0 code. So be careful. See Michael Biebl's diff [2] for details. See also: = [1] http://www.rsyslog.com/files/download/rsyslog/rsyslog-8.33.0.tar.gz [2] https://github.com/rsyslog/rsyslog/pull/2494#issuecomment-367529276 - -- Regards, Thomas -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQKTBAEBCgB9FiEEM8WEgsQCKS0uPFwGlwn5DDyW/8gFAlqOnapfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDMz QzU4NDgyQzQwMjI5MkQyRTNDNUMwNjk3MDlGOTBDM0M5NkZGQzgACgkQlwn5DDyW /8h/Hw//b1aE1qjXguY8i5NNJVo2PtcAzYnT6QM9s19k6aQAFPYBk9bEcw3YV9nk 9AWxT2+ixl1Pz40LwzxoAiszmcXVeRdEKhguvtTaaoosnNgxN99L3NzRReDdRFn/ Wcxt/7WQvZKSPeh6++ap/8V+UKGvhX7i65ix3GSoZt9NBfEuLE9/Geq7TQwxYeDI qLc2X9JNVxrQXGEFWOugOukT+lIE/d0i9DNKprJYlLbDkCeDkuiWj8XRfsfH7zFw g9RL3WVYc2jDF3gszKLSK4oEwCzHZGZvDx2WhnFkEVlDAWjcxn9IcwajWAr8OniW rq7Bpbu17G1Thby5BK6S75kEhRcAmW+QfrQVO0qyU0GhQBf/ze+WDsWDEalUT/hi Nfi2aHn4DMr95H9Q3rC6gGxAfr2tcBN2whXGKEcQ08pPHqAw8ZuLUBPakJ4zCBBc W48FL/7Axwd5yjaE6g2Y83W0LBqB9avh4OMV2F7oEGwps86mZU5+N5Ya4BWWHvhg 8zDLAec6qLvT+Aq5XJLhCDzV06vNjup8jghzWxb0z87iio1ng+4INoR3h/covPHu NGv4a3WeontaTFzyQAZwKAtLBBLkN7fR+4vDONAtnKxAY7hLnwbmirNj9dgMnaM6 H9J9eyYfxCFsU8axIVuAnD4xDENo+Y29M1SGpDK2jL9emLxE9sc= =qKRg -END PGP SIGNATURE- ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] Legacy FWD Failes on startup (v8)
Hi, no distribution will probably _require_ network for rsyslog per default because in the default configuration distributions are shipping, no network is required. Due to the fact that most init systems nowadays support parallel invocation it isn't that easy to depend on a working network setup. If you really do that, it will cause degradation for systems without network connectivity -- that's why you cannot do that per default in general. It is (and was!) the system administrator's responsibility to adjust dependencies if your configuration will _require_ network access. In rsyslog-8.27 there was a change due to rsyslog required network all the time but this was fixed in >=8.28 (https://github.com/rsyslog/rsyslog/commit/1a7d3a088969b47798bc1da712ca2 772f91a7c02). >From reading this bug and others it sounds like rsyslog is having a problem recovering from complete network outages including failed DNS resolution. Based on my own experience: When the omrelp target goes down it will take some time (especially if there was no new log message on the client) to re-establish a new connection to resume fwd action, but I haven't seen any rsyslog client yet which was unable to automatically resume after central logging server was rebooted for example. But based on the recent reports about the last 6 months this does require more testing. I.e. a verification what will happen if rsyslogd starts up but cannot resolve ommysql/omrelp target due to DNS error which will be fixed _after_ rsyslogd was fired up. Also, how does rsyslogd reacts if an already resolved DNS target will go down: Does rsyslog really tries to re-resolve the DNS name (i.e. picks up changed IP addresses -- and not only in case of an error: what will happen if TTL expires, does rsyslogd do proper lookups or only once at startup/error case) or not. Also, is there a different when DNS isn't reachable at all vs replying erroneously with NXDOMAIN for some time... Maybe it is just a problem in the resume logic of some modules. Testing error conditions is quite hard. -- Regards, Thomas ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog 8.30.0 (v8-stable) released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, build issue https://github.com/rsyslog/rsyslog/issues/1838: > imgssapi.c: In function ‘doRcvData’: > imgssapi.c:310:11: error: too few arguments to function ‘netstrm.Rcv’ >CHKiRet(netstrm.Rcv(pSess->pStrm, (uchar*) buf, piLenRcvd) != RS_RET_OK); >^ - -- Regards, Thomas -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQKTBAEBCgB9FiEEM8WEgsQCKS0uPFwGlwn5DDyW/8gFAlnmFdRfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDMz QzU4NDgyQzQwMjI5MkQyRTNDNUMwNjk3MDlGOTBDM0M5NkZGQzgACgkQlwn5DDyW /8iGSA/+LZ9W+c2JduozRqCmKJmlCjTQe/BDbptNI16DRODmzFnwqwjRo8ODM8PC 7G3cvTNcJ5M4+QH3+Rtfph874bKm7epbWU2aFwRtR1WhEaMF/Avu51wOHS9DhS2f OpOaPZl8boaZFtGAxtRmb0o6UlVy5EMuWldPsoAlUgwMa2gU37eH/h5mIQN6MEZH 2ZxWwCJ5XOrfmvq3NdIPNN59TkbDtd1uRQJc5rUFUdnn5rkDdlQONO7HrBhLPOmq rRrGiytrShfHVarv9jTIIXO2KHyYf+X84ZcYJ166+1xLTlqGbjs7HWcEXkXZRVey HjT2v45OZzWfTK1YZPn2tOg2HRK1xlSrlWyCP68EkeuEkoo9BCxrr+l9uyRCcITP RxUTTsFnLpCHdCNrU+8IRVAYXCzdFmQZpsvsiVV7+DbEOvCnnXPpyMmG4jeWojQ1 l/8Vd8PBSNSc12PRQMfh1JhdOSUr1BmkwBp7a5tVkXap2j18rNzF1sgIzpZFJx87 2LdNkfqS3NLWHFV7SPKgQkwCIDPpyDsV1tfXfoXh4AsL3M1mpuARkXOo+dO05MO3 qVOD+0hE2j+6WJA6xGo3n0yY1Xs6UBjUoJvcRGcDHHQ8SUzNdxR6kS0znqXPdmXd +L7F/y9HW4l4XmHDojy6q7oo4Aq/mRx9aKKk0Q+qd7czrCJzlAg= =37Kd -END PGP SIGNATURE- ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] Qualys scan against rsyslog causes it to segfault
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-10-06 07:45, deoren wrote: > Is this expected? I recall reading that rsyslog should be properly > firewalled to protect it from malicious traffic, but I couldn't > recall what would happen if it were exposed to scans: fall over vs > trash data logged. More details please. What kind of rsyslog service was exposed (imuxsock, imudp, imtcp, imrelp...)? Do have some details about the scan itself? Can you share steps how to reproduce? If it is true what you are saying "you" found a DoS vulnerability in rsyslog. No service should crash when receiving/processing invalid/malformed data. - -- Regards, Thomas -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQKTBAEBCgB9FiEEM8WEgsQCKS0uPFwGlwn5DDyW/8gFAlnXHK1fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDMz QzU4NDgyQzQwMjI5MkQyRTNDNUMwNjk3MDlGOTBDM0M5NkZGQzgACgkQlwn5DDyW /8j6HA/5AbSkSVWAhM28QiOHhd4UagZkvCYdtQiOmH8N1gTcsSDFhndIKJhnuVyd fESSiYuP1Llj3RAQzq49N/7LG6fteIRx4LpeJ0Qy1frLEFUzg9w39cpXSw6n+qRD A0dofjEwTEu8cdivWwnJ4nIfDP4949F367n8L/gsc18OFuJ5hCGDLX7qO8wxucoO 9SW++w0dp9m9U475myPwK/sXxvJS4tqhPH8Tp4yrCFBYpMONP+TFPY6C43jUqjaG X77z2hvIIQTtz0Z3Kfs/+zjUc1y5UVeYhW3ABPacG1xrFseBzbhr1o5UhyRrWoVo bMDFSPnXGDQNAhl7KojuuVEcC0hGb10Rs0721/VUk7s6q7glIcPetWUw+VSv2qW+ 2bayVpt3utzbYK5jwVoiR4AgvJb0wgtAkMlX2btsQ0gyhaUr9MoyMHVLDu2YznO9 CR2c5CDATul8w6YCsOQNOncQVAzlGQ0nu35CTZFYZRkqbfTC+tU/dhHF7MDkM/B7 nApHb+y+zCIQdAZeUqFiMa2SSDNp7wVMcUf9hogwBwNcx2IaJwDQ8vpYXZFQaEyZ 1JNpS0PGNV/CJK3VemvquxfkBLKk4i4jMnSBwiJuw/G1k00xFUkB70o2Q66d861d pyZKhNYaCIHxQMtACvnbhbSzAyoMSZEUZskpkIKsIKteNWg8K68= =RQHM -END PGP SIGNATURE- ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslogd 8.29.0 - crash when omrelp server port is not open + build error in imptcp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-08-21 13:21, Andreas Wehrmann via rsyslog wrote: >> actionProcessMessage() always returns RS_RET_ACTION_FAILED (which is >> -2123), >> meaning i will be decremented for re-submit and the loop starts all >> over again. But this is not the problem itself. It *should* retry. See action.resumeRetryCount and action.resumeInterval documentation [1]. > So I ultimately traced it down to this change: > https://github.com/rsyslog/rsyslog/commit/128214fffac7dcec69b5c8dffdb8222bbd29af27 > > > Reverting this makes everything seem to work as expected, > though it probably introduces the bug it was supposed to fix... This should only trigger the problem, not causing the problem. My current theory: _No_ msg can be delivered. Even internal messages nowadays [2]. This will eat up your memory until rsyslogd segfaults: For example, when rsyslogd launches it will already create a message like > rsyslogd: [origin software="rsyslogd" swVersion="8.29.0" x-pid="31213" > x-info="http://www.rsyslog.com;] start Now this message has to go through your queue. Once it reaches your omrelp action which is failing, rsyslogd will generate a > rsyslogd: action 'action 1' suspended, next retry is message. This message will also go through your queue and be processed by the still failing omrelp action (which will be skipped like you can see in your logs: next retry (if applicable): 966135869 [now 966135839]). Due to the small amount of memory you just need a small bunch of message to run out of memory. And don't forget about the main queue [3]. Do you get some core dumps when rsyslogd segfaults? Maybe you have to enable this first on your system. Or could you rsyslogd through gdb/valgrind? What's about your dmesg? Any messages indicating OOM killer activity? See also: = [1] http://www.rsyslog.com/doc/v8-stable/configuration/actions.html [2] http://www.rsyslog.com/rsyslog-error-reporting-improved/ [3] http://www.rsyslog.com/doc/v8-stable/concepts/queues.html - -- Regards, Thomas -BEGIN PGP SIGNATURE- Version: GnuPG v2.0 iQJ8BAEBCgBmBQJZnLq0XxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzM0M1ODQ4MkM0MDIyOTJEMkUzQzVDMDY5 NzA5RjkwQzNDOTZGRkM4AAoJEJcJ+Qw8lv/IGCQP/3rqvkkXxT2RL++kKawicJWc DanVorfO+wl94CQScTQZIf+p+DPb0H7QaPh6GvzHN5VO13546+eQgQRn7ndO0ZBR 29qXBf3l2jozaa0xyg2FDmGKrm8d1chzrYutbpWDQCpTlCdXWJYfZOT7SYvGj6LO Kvuj/pifz3r6DoV6luZIBAde9IcCyGe/JSvzbyEUHWB2jcVdRQShOGt7mFUYlBB6 YFW+CxaEXsC9Kzu7gHWxf6XtB1duNP0l9m1zL2xu4KtU8R1DVxKQeIvIk34JCNsS 9ng5A2e52/5vBeAHw4lgCXUbuNOxtJHtGEwqyE3Re0dgHqd347CqtKY7vx/mM76I +aXJjzPt4/qgj0t0mrLb/7YVr5tNSoK91aZaSvPLyb4nHMwAjUsjuYMjvfjgXxic 6GQ5m6y+bGLKDDXLi14DVMO7zO2Jv2WQNEvv7NQVTSg0LMv1NIUpCNmORIlLbpyJ H6LQJtv70e0jNNOOdWrAI6hNkArEKkUiT5fEpUGUUWywY9spKHr3m2iNC4zs8cNp Bm0uDTV9tVybb58+6paVUsAM+sMrxPBQ+rWvi1C2eLmb6VUaC97OPl0LC0MLPJh5 Eo5V6fI2llsVyjBc+tO/1H/HgusBaynNcwxVy1df9O1Az1ELFOyZFiHxYaO8EEG0 Y/Hx7AtzsBD0yDFjhZjc =hon9 -END PGP SIGNATURE- ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslogd 8.29.0 - crash when omrelp server port is not open + build error in imptcp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-08-18 13:05, Andreas Wehrmann via rsyslog wrote: > Compiling 8.29.0 with the option "--enable-imptcp" breaks the > compilation process: > > CC imptcp_la-imptcp.lo imptcp.c: In function > 'AcceptConnReq': imptcp.c:831:2: error: 'pThis' undeclared (first > use in this function) imptcp.c:831:2: note: each undeclared > identifier is reported only once for each function it appears in > make[2]: *** [imptcp_la-imptcp.lo] Error 1 Can you please show us a complete build.log and give us some details about the embedded system? > However, instead of backing off for some time, it retries the > connection _immediately_, which fails almost immediately again > which in turn leads to an immediate retry and so it spins around > very quickly. No, I think your observations are wrong. Each action which is failing will be suspended and you can see in your logs that's the case for your setup as well: > 5839.353174748:main Q:Reg/w0 : iminternal.c: signaling new internal message > via SIGTTOU: 'action 'action 0' suspended, next retry is Sun Aug 13 03:04:29 > 2000 [v8.29.0 try http://www.rsyslog.com/e/2007 ]' I am not sure but I have the feelings you are just running badly out of memory which will cause the segmentation fault. - -- Regards, Thomas -BEGIN PGP SIGNATURE- Version: GnuPG v2.0 iQJ8BAEBCgBmBQJZluoUXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzM0M1ODQ4MkM0MDIyOTJEMkUzQzVDMDY5 NzA5RjkwQzNDOTZGRkM4AAoJEJcJ+Qw8lv/ILP4P+wfx7tRzBxRj5Dx+z/l3YlOq 4dHPvmpQdycADs/6cX3sd4jJRHE6QGV4/x8m3n/PP46hKEr4IY/qEzjTHJh+iapM NvXbq3KCYoQmytnx/K42+UjYh5hmDJRByN0EYk1fU9DGNumtrRCovGO5U2gWm8CS TbnZTpRD2n3x8RF5pyRhKGxCMxGbkc4McHHqya71GiSQm0x+HyIpk+F+o3E4A/8b XVZ79G1Dm4WECQL3JenSa2gzfISl8BzHaLJXARZ5VJOmkO8sv14T2v+tMUfytECe gA/URFMdOjhI6JH+wCbYNduveBtYhsJomYknc0lUBS/JjHFQ40KIqJLcsp1QaKaw 2MXaREyxZu4hOphv/Mi1cAPCg0DTWZry4vA7w1LyRZF1yAq/2WZ3XuKGNC/i4u5e MydVGCn7FA89VlFPD5r0gw74X21j0777NZtOoaskF3u8vz8qe2Rj8e3/YdhrpCeZ J1UbH3nvrdRq9HTlHGF3T8Nc3Zlj6kyFwtP4wDqsOCMlzkd/YoD7oFjJiGdvZgNX ERT601UlJb7jhfJ3Vazl+wM8BjmSie6Jo/uD29pReAVbp9AfIFYMYqjtieTVPOJc Scgotp6YONdbVxul5ggPA8UF5g/pAYHtTq2kva98Pi2Lr+ZjYy+6VMh4PwVDHdh4 TvLdKe+KUlzqgqVyoTgC =et4f -END PGP SIGNATURE- ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog limited to 2000 messages per second?How would i boost it to 1, 000, 000?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-08-17 08:46, senaps via rsyslog wrote: > Aug 17 11:13:50 HP-Test journal: Suppressed 722551 messages from > /user.slice/user-0.slice Your journald is rate limiting. Check your journald config file (typically /etc/systemd/journald.conf) for RateLimitInterval and RateLimitBurst. Like David already said: For best performance try to avoid/bypass systemd/journald completely. Remember that journald has to maintain a database... if you are processing logs with rsyslog, especially on a centralized syslog server, you don't want double processing. - -- Regards, Thomas -BEGIN PGP SIGNATURE- Version: GnuPG v2.0 iQJ8BAEBCgBmBQJZlijqXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzM0M1ODQ4MkM0MDIyOTJEMkUzQzVDMDY5 NzA5RjkwQzNDOTZGRkM4AAoJEJcJ+Qw8lv/ICI8P/04q9QaSn+GUoPs9Lj3bYFq0 hUnSwjJXvOlZ6aufMZhVwlxgTVHvlx4dJwSRTc314dyLsMLlAQHCRc6m/yNk+AEs Klbqdj5Tx/zD9ZcUutbpPpu6CZEkfgD8AUOeT7GdnGy8cNlMsyJSzOplwmcBMuFm juNGFQGlzZQdc5rTqOLdaaRS0+9p1T64UXetPltLUSTvxN8WOMiejltE1b2+jJ/l saNTsAbgMqO8rwIr0caBnH6CmbgwJA68aUOLM9zaROmcG9hMGL3OXzxZchkFf0Av AAhguPYlOEoanJ8hpMkyE+4qEska3n8IBRHMuHGm990wloCazJRiKOogxV1PHRHu 7r11gLkgv+yOPsFSHOAm1U3YVk+f/cc07CJVQDHHy3Rxdjrplr4VOOaf9d4PqODA 98DSwwT9LtBQ5Jz19oMYDY/Vxzfsh4gO4cBsEWbe3vFwjWtjs2ix1pJ5iQwjeL/1 2HZQZMI3m04fyAK+gmzdfmKBph5oMgmBKoH5kJK/yadX3XjkPJ8yOuc6zkH+e/3O wAgMCSBEZXWjVQMPSTQCiunX9iQ2yyAnkQ4AC5gRS7LJPr82MG2uSjOeo2CWXVMp p/wQhUb1Lg8Y4Bdg7g9YhlsR5YNfZupspRyPXfaLZkxiTGUhLY/VH3vh/am44LTU O0SRck88MJ30VMCNx6DV =hDqk -END PGP SIGNATURE- ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog 8.28.0 (v8-stable) released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, looks good. You maybe want to fix https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog#L28 - -- Regards, Thomas -BEGIN PGP SIGNATURE- Version: GnuPG v2.0 iQJ8BAEBCgBmBQJZUr1NXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzM0M1ODQ4MkM0MDIyOTJEMkUzQzVDMDY5 NzA5RjkwQzNDOTZGRkM4AAoJEJcJ+Qw8lv/IpCYQAJh/GozmIepk//qggrl3NhAR 4j0+3N0C/dgeb6Vchb2wdyEtyQeTLOpZYSjyIxzr9lwhq1X7o0UisdK25aK6UKBX 4TGwW9rU3H59Ky5nk6gRo3ywdAou5uhXdTclu64tlZEcuTxrnhmoeo3D5scfhL4c XADLHUpHp5YjUdsoaiBpXPprGkmz3FcAGxuSKbQgA8lhiCnIfiputMchBOwNTRH7 iCtbFofOBkqPSjINEx28eLzntXeCak83qdguawEKX8EOvXkGXRK3dDtUa+SjvM4K sRcJFYggSOxd50HtghpVuQu4Amv+YttaQxyBby4hFYC5MT8GuSeX0Y2YHghnFRZs FGFdpMPob8OKxjz7nFCKrLL+haEJu2opkCz/286xVMSj7lJ16T0P04lw4p60RaWP TmKxUJBojNR2JXLU3RN19o1HF86DFiOrszp45hQ7cE0VZQ5wexuHu2Je6ExlRURR g6U19Zi8Mgjtjw9x97nllzv84jIN+RjUsvDg9hQxlWV5pSac4Terpr0ZIJuOFoD7 1qa6ZyFUnYgypuNR5QVWDyya8mLnj0rFJ92pkRfgbS+RNOkfrWfiVMZ+gMvMbgvu TDEZ+POH4FxG/tn8AlZTBPfLrckThlyRPCqGWG0oWb0Mu3IXUeOn8Yzsn3hvhJYP s0C883Vjw657kH0DqIHf =1WR8 -END PGP SIGNATURE- ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] Stopping rsyslogd takes time when using queue.type="LinkedList"
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 *ping* Anyone? -BEGIN PGP SIGNATURE- Version: GnuPG v2.0 iQJ8BAEBCgBmBQJZUGC1XxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzM0M1ODQ4MkM0MDIyOTJEMkUzQzVDMDY5 NzA5RjkwQzNDOTZGRkM4AAoJEJcJ+Qw8lv/IX6gP/jAfER26CTlH5ev9Z3ShUtNp DL2MrH4b8NnnLh7OmRunDxTxFMBV6pKqtYjgeEnNFc3/RpL3wGFPuA/0w4miV//J FK5xmAns9Eo+mYghKVcDDLtxEIZQmqG89FPDWLqYBWgcJift0SpDJQL0gMnuatoo 0Z3WfguVF55+ytbJMZGaxrIAIc+N6/0jYQuP3U1W6CIvJZuOQP+IEqq1mj7fvgYU Qqi5FmROv3qxgNoECxA+pXLcr3P2b5No5rO5CZdTo677P024wMpLGHT/Z0OcDhHN eMykMTKWjFTETyDtCd8co2FdVOUY9KgeVl/5Pv06TLbToZ6sfkX00Smp49r3s6KX wGgtc2dtTc/YrlPNUa15oicGT8HAWeceHOY1w1TStoqn87HFIOzjkWeWgCM4O/EI VFi3TvtNejrtiGtt7vhgXhjFAN9VD/OXdLbBlKUkp8njShk0eN1253MVdzlDO5S/ Tsnsj5br5mCFsBM/iX3p8PHqHPlo5ULjGBF1LvaAySwnD0ftKISx0nblO3M2EFcX fLy20BD4gu4radeoN06hGrKtfV8RqKGk/JI84y+yJJcsEStxWAQXzD91QgveAWNG 6B9gb+Fws2F4rImupyd02CXvSr4pzJhUgzLp3Yhl1v/WZtDAusiRWjqNjs2qtAHI d+Sj4P6CEmHjdAllFEUu =4BlG -END PGP SIGNATURE- ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
[rsyslog] Stopping rsyslogd takes time when using queue.type="LinkedList"
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, I just noticed that stopping rsyslogd took quiet a while when using queue.type="LinkedList". Here's a reduced configuration showing the problem: > $WorkDirectory /var/spool/rsyslog > $Umask 0022 > > module( > load="impstats" > interval="10" > severity="7" > log.syslog="off" > log.file="/tmp/rsyslog_stats.log" > ) > > module(load="imuxsock") > > module(load="omrelp") > *.* action( > type="omrelp" > queue.type="LinkedList" > action.resumeRetryCount="-1" > target="localhost" > port="20514" > ) > > module(load="imrelp") > input( > type="imrelp" > port="20514" > ruleset="writeRemoteData" > ) > > ruleset( > name="writeRemoteData" > queue.type="fixedArray" > queue.size="25" > queue.dequeueBatchSize="4096" > queue.workerThreads="4" > queue.workerThreadMinimumMessages="6" > ) { > *.* action( > type="omfile" > file="/var/log/remote.log" > ioBufferSize="64k" > flushOnTXEnd="off" > asyncWriting="on" > ) > } 5sec after I started rsyslog issued the stop command: > # time systemctl stop rsyslog > > real1m30.116s > user0m0.000s > sys 0m0.004s ...and /tmp/rsyslog_stats.log: > Fri Jun 16 13:03:39 2017: global: origin=dynstats > Fri Jun 16 13:03:39 2017: imuxsock: origin=imuxsock submitted=8 > ratelimit.discarded=0 ratelimit.numratelimiters=0 > Fri Jun 16 13:03:39 2017: action 0: origin=core.action processed=8 failed=0 > suspended=0 suspended.duration=0 resumed=0 > Fri Jun 16 13:03:39 2017: action 1: origin=core.action processed=8 failed=0 > suspended=0 suspended.duration=0 resumed=0 > Fri Jun 16 13:03:39 2017: imrelp[20514]: origin=imrelp submitted=8 > Fri Jun 16 13:03:39 2017: resource-usage: origin=impstats utime=8000 > stime=4000 maxrss=5012 minflt=475 majflt=0 inblock=0 oublock=8 nvcsw=33 > nivcsw=6 > Fri Jun 16 13:03:39 2017: action 0 queue: origin=core.queue size=0 enqueued=8 > full=0 discarded.full=0 discarded.nf=0 maxqsize=8 > Fri Jun 16 13:03:39 2017: writeRemoteData: origin=core.queue size=0 > enqueued=8 full=0 discarded.full=0 discarded.nf=0 maxqsize=8 > Fri Jun 16 13:03:39 2017: main Q: origin=core.queue size=0 enqueued=8 full=0 > discarded.full=0 discarded.nf=0 maxqsize=7 > Fri Jun 16 13:05:19 2017: global: origin=dynstats > Fri Jun 16 13:05:19 2017: imuxsock: origin=imuxsock submitted=12 > ratelimit.discarded=0 ratelimit.numratelimiters=0 > Fri Jun 16 13:05:19 2017: action 0: origin=core.action processed=12 failed=0 > suspended=0 suspended.duration=0 resumed=0 > Fri Jun 16 13:05:19 2017: action 1: origin=core.action processed=12 failed=0 > suspended=0 suspended.duration=0 resumed=0 > Fri Jun 16 13:05:19 2017: imrelp[20514]: origin=imrelp submitted=12 > Fri Jun 16 13:05:19 2017: resource-usage: origin=impstats utime=8000 > stime=4000 maxrss=4864 minflt=457 majflt=0 inblock=0 oublock=8 nvcsw=62 > nivcsw=11 > Fri Jun 16 13:05:19 2017: action 0 queue: origin=core.queue size=0 > enqueued=12 full=0 discarded.full=0 discarded.nf=0 maxqsize=5 > Fri Jun 16 13:05:19 2017: writeRemoteData: origin=core.queue size=0 > enqueued=12 full=0 discarded.full=0 discarded.nf=0 maxqsize=6 > Fri Jun 16 13:05:19 2017: main Q: origin=core.queue size=0 enqueued=12 full=0 > discarded.full=0 discarded.nf=0 maxqsize=5 Is this normal? 1min30 to stop? Tested with rsyslog-8.24.0 from Debian Stretch and latest rsyslog-8.27.0 from Gentoo. - -- Regards, Thomas -BEGIN PGP SIGNATURE- Version: GnuPG v2.0 iQJ8BAEBCgBmBQJZQ72zXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzM0M1ODQ4MkM0MDIyOTJEMkUzQzVDMDY5 NzA5RjkwQzNDOTZGRkM4AAoJEJcJ+Qw8lv/IN0wP/3Uq05jg4rZe5UmVa19iai89 eATJONmCN8H+n08s4G/jt2t7Yl2niAQ67O2DzJ8G2b8bct9mmvdo1Af4TRz/bDov zIc3znaPeTNzWtO3N4XJyjoco6Hh04dWUhkoTaUvArl9cxHTUSSx8E9x+bEus3Hx MmZ/udDlwJ8WX7mD3mosXUSKou5GDd/taUEFA40eo6hemsOphHjddHnGiE1jhrBe sEDPgAW9isUTdrx6zEttIYQ7ABvh9H3MeSP9ag3wDW1mG4xC0nYQGahTrRPG8IKX EiDxRtAOy0dwv6RwO8M5r4Irn7pBEaAPLRPhFRZ6YK4Yb4LomfKlwNi6DkfX3kns 53wMFmZ/MpqC2tvbrEUxwrQbjpvqaEZ4Ki/49bkhuTuzSG8nN2cyZqFeWR3rbz3G c/g35DCHsoUR7FO3C5sjW/Ghwh8c/cZv7FPFVrqA18JZrRk/2rgTB8j6RQ4BHBbO 3cnSz28CIc1kUWIE1fcvyoVxy0U7HemxWWU0PfkGaKPkxqb+rIOL7uo69baVLKJT ryxBt/YZHzETtO6r7NipoJ7B82D629BwrbRv1WVhorHZEZ/90x60T9hUU8BrQEmY mM/PGTHUS3ScwxpgwbSNZUAW1Azz4ts25y9wk1xt7ir0+xwgfGKbNZEqOFUcKi6R xQ1G/hyfmSN5jCpov3ls =d0f2 -END PGP SIGNATURE- ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] libfastjson 0.99.5 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, can you please push changes/tag to GitHub? Thanks! - -- Regards, Thomas -BEGIN PGP SIGNATURE- Version: GnuPG v2.0 iQJ8BAEBCgBmBQJZC08tXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzM0M1ODQ4MkM0MDIyOTJEMkUzQzVDMDY5 NzA5RjkwQzNDOTZGRkM4AAoJEJcJ+Qw8lv/I9UUQAIGy6zMbA6oASx9plVeG6r/+ i7JnW89Kqqn6b85b9XDFhYHwKp/5NU/w490y+34UNm8ehZr7Hujv+FNS/lpHbmnE GhQoBGEe6vgrfL2YqwjIjXPWxRjgrAWbt3/Bi7Xg9zUAKxGVA4KjVV+H6Rlu0FLg U159XvffZhG1PYJ7oGikG30cYHLlZLOjedj5psB/3seISVdWB/DcDoPtMB77AxUK d2k5eCfizqQeNytr+RDv26436Yw0N/co34PHx7gi0BggavgJ0ArzK/DSr4XmWJ5p aXSof+Qemfp9rOfgmIFxhYIwsMTQfrRCfBWrL6n4DfPN/941rOjEsA08E4Wsj2xs tanciQRUyutvG59lYhbvPdUTTHCni+59sgflFunsWDyWM71fVy+YQcX41szxDl0s 5sTc/Yu4WnbhEjDDadzPJtsBI7gaKmJ5BM3/imsxDNjg1+SzXOO/ICJPBUrdjTQ7 CHBJjuvTKghp8KsJDO/JiqaPZktak+To6mLi2RNrnG+8YSN2ROix5gFRKH9RWRia 5Heqo7WDlCGyQrosBC7zHZp9uJWD2TGkwdzte/D565XPNwxqyv43v0wPU2qwnMih RK6l0FgchljwMKETcaudDZG5js+wvh28VusiLlkmNKsYwCvqFY0OhJWeZ+sHU60h 5q0JMQ73vPzJs7BWMrjL =at6M -END PGP SIGNATURE- ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog 8.26.0 (v8-stable) released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-04-06 14:13, Florian Riedl wrote: > Fixed. Thanks! Release passed all build/runtime tests. Thanks to the rsyslog team and all contributors for another great release. - -- Regards, Thomas -BEGIN PGP SIGNATURE- Version: GnuPG v2.0 iQJ8BAEBCgBmBQJY5lokXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzM0M1ODQ4MkM0MDIyOTJEMkUzQzVDMDY5 NzA5RjkwQzNDOTZGRkM4AAoJEJcJ+Qw8lv/IhwIQAKVOGCuFMkXyqnk2ryeXYFN1 E9guXuurF7XaKBNF5mGeO3v9TvVkjwacrS5gIy1Q+Ew3SLL8JE/8Rc/G+Xj02lav VKnFo7NV9cXhfyAv+0LtXCt4G/1mlqzOwoQ37+hOUOz4YNTfJZ3uy53lqaQ4mGKD 3KDulnCC61UduRXZSiPFSrAvWCxx0nVo2u84QC4w9AZD4/BKD77MUlCQDwgqArz/ OWhr1GW14NrMo2Fzmf/w4xNSt8hmaVyP6x4ZamPkuVRZFXZgbtRK5zOTWfPC374Z zqCTTY7Fc5ONOe4jFN7CHsvTJAbgQnUxf8zmGl1BxVWGxQGSxVE8j1I+d+xuRQ3s c3bQ9ey4I5omF1kyby+XON0eMGQ/RD/s3sZ7egtVY3LAOd+RbK3+aRTPfWeJII5f UGbkrcb7wOoPIA6Qz38/bkgompxiRvpptQoKcKXeJimhPdX4DQ85HtWVwc3UBoQU 1BZ86NB2nK5yxNdeTyzrUzlSTsrTIO66RmBWXjUteAzjZsWUrwCUyYF35n33BM8M /yx/grOVkk/XA13BGayslqsUuKV5/ioG1FOjPMn9vq6WG6r/bpM1160bCGo5Eeqf AUx9lGBIMBBry7gkOE33pe+YyAQ9cPZXVWLcTmoSKK8coa5wVp6V3VMjbETIopg3 F9fGYXvPYKJMi6EefJIB =71Zm -END PGP SIGNATURE- ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog 8.26.0 (v8-stable) released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, maybe it is time to change release workflow? 3rd release in row where docs are missing ;) -> Downloading 'http://www.rsyslog.com/files/download/rsyslog/rsyslog-doc-8.26.0.tar.gz' > --2017-04-06 12:39:10-- > http://www.rsyslog.com/files/download/rsyslog/rsyslog-doc-8.26.0.tar.gz > Resolving www.rsyslog.com (www.rsyslog.com)... 2a01:4f8:c17:44a6::2, > 138.201.116.127 > Connecting to www.rsyslog.com (www.rsyslog.com)|2a01:4f8:c17:44a6::2|:80... > connected. > HTTP request sent, awaiting response... 404 Not Found > 2017-04-06 12:39:10 ERROR 404: Not Found. - -- Regards, Thomas -BEGIN PGP SIGNATURE- Version: GnuPG v2.0 iQJ8BAEBCgBmBQJY5hvoXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzM0M1ODQ4MkM0MDIyOTJEMkUzQzVDMDY5 NzA5RjkwQzNDOTZGRkM4AAoJEJcJ+Qw8lv/IKzcP/04gHs+ZThaexO0mXFHAn2VI EZBSpC5Y7p04XZlryH7Wup3QGk8ihhTf21XHJmdTb554ebHLWJKQIsaKq0Fykcub HFYv2iH36l/df3qV7Xm+9NnHU2sY8FDhweC7v/JW7szMoJZnb1QyE7ZkdBZvlZ0E 6TiWUUAIj0klNJyBE5ZVmTVKGEwQ31LYdAmR1a74aXJ/mpFcjS7hNEBAdG2q57Bq Rm4AnL/xIPfMa1zmzcG1Bp81Xopt15foLhKcVZgbThrlQGNfeKeytc1uoofIUCIL cVRiVIfZHU5L4v70sINyu0zy//FVG5GkI2von9X7GHT+qyN18NU7uzp1zs13lb6v A4sspQLH2UjjtYC6VpTSdatPYQDGU2TvaP9uGxbNv5MJeY3biMov334P9in2WdFe mbERI/nH/wWuj2QQtujaIX2Ml2D1gFJd8mGF9++1MCawJ6nkvIZeTVkoBC6n8my+ /QuYAlf10DbbVp6944ghULU3hbtaluk3fit6guDDmFmJ3MINWZogy5HK/NSDx8KD hD5NZmkSjSmHODATV+Sj8EtZdyTCggu+SEWKBPdbOTfWV+hOpjs/OXFlCFSKo6gT 9nvNJ2U0Ici24TUn+fuPnl0IjappoDNV+ZWhgNjtdd2oNp5amAl5UEzhkh6Z6HxL ERY71zF+85jPsiiiBdlp =ouJ5 -END PGP SIGNATURE- ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] Monitoring (Nagios) on Rsyslog server TCP port
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-03-13 14:17, Wiebe Cazemier wrote: > We're having the issue that sometimes, the rsyslog server stops > working (properly), and all remote clients start hanging when > their queues are full > > [...] > > When I loose messages it's merely a bummer, but as long as they > don't pile up in queues. If your logs aren't critical and if it OK for you to lose messages instead of a blocked clients, you can configure the rsyslog client to discard messages in such an event. You would still need rsyslog monitoring because you want to notice such events but at least your clients continue operating... - -- Regards, Thomas -BEGIN PGP SIGNATURE- Version: GnuPG v2.0 iQJ8BAEBCgBmBQJYx9X+XxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzM0M1ODQ4MkM0MDIyOTJEMkUzQzVDMDY5 NzA5RjkwQzNDOTZGRkM4AAoJEJcJ+Qw8lv/IurMP/RO9iBvWM1vxhGyb05zZbapd QcymTyDgU3eO6Zbg5j1lp0kCtuZmg2dBYl2RoG9PUyiqAi1cc+2a7rPHInmYAdta 7I5R/0aW2j1CLHllUe1BXvHdYV0ftqlyvv5rCwXfRaBopbc4ihB0o5GuN7GEmIqs qEZg6lRgsl+KQlFZm/LPKuIyj2WddJ7OvtloPwtoBVll/AAScdvzTIcESy8S+7L4 RoGN2e9cwGRkNUksuzt/2c9StfaMJu6zVFKJdU/C5GqcLLNxDoqIoOYyvLiT9hRd i1/HlcS5lMYQfdMBp0A5I8hjGJR+J2YLnxYQDSNNDelEzlMTY91Jmuu1L4Y2hslH aQS/CUVKxvr+3DKlNu6N/KFRjQcf7zCfvBlffg5j+aYFgRDIrQ3pCMWWFvEVCCpf 82d5qRhQBy6MHTmXh58MoPc7LTR8cJ4RMNe5azQ4zocmoeJEAt72zgT4dB8LDMTr eox6lkmarSoK1cYF0H6gT4c8G+d/ryN0c9rRsLbWrKhOOibZD/tOl4qtKRZfa1Va /p3XnHCPK2dsAAobv/ydqj9lQCjH/eV7wzxwoAwoBZPScYHzwGck0ac7DJuLLgxa O+UWaWNyd3Up/m1c5WI5S1kmRI8olbhbgaGL3p5ald5ncS9uHLq/rF+Brk9J50yo oibX9hhihC8xwp0Gp9fQ =iug0 -END PGP SIGNATURE- ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog 8.25.0 (v8-stable) released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-02-23 17:54, Thomas Deutschmann via rsyslog wrote: > the DOC tarball [1] is missing. > > > [1] > http://www.rsyslog.com/files/download/rsyslog/rsyslog-doc-8.25.0.tar.gz *ping* - -- Regards, Thomas -BEGIN PGP SIGNATURE- Version: GnuPG v2.0 iQJ8BAEBCgBmBQJYtr9aXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzM0M1ODQ4MkM0MDIyOTJEMkUzQzVDMDY5 NzA5RjkwQzNDOTZGRkM4AAoJEJcJ+Qw8lv/Im28QAKgVBWof08waKp3ThFM4w60Z kCfhCCu2vXi3tlpO4J++un1VzPTFG63nU01857l7LADfNEEkhaPMXjY/eNe4CaR/ hhq+PqNyY3Vy+kBozgYMI4T33NP4SQ/2q13yhu0hcXGlmUGrmsLN7PpqcA2HjL4h w3tVZC4aqQTCh2PgjaNd2LGcpAr7t6m01YMGbFCHkcj/PzvnBcdeIrBYhyb0HJeg V4GHGg14nPzTkfqxK89o5wGser/hZkW5VnpKW4pG9OiEfIpI1mtkyBP4eWnc0mjK je38RWueqJTFMSYixxKYEWI5S3pA7q1Cx5ofdbo9XlR0U8qS7Mrklu6rh6lwS3nB WVIWldRtUp8Tm3DxDLmu73CrZ7UyafY2P2Z55MYXrpxC4TmF6AsObAQHgTP9QxPD jd4DjL4ZkgY6X5vQSwgtv3L9pRLh7OV09h4famYHW796/hOErbJm+SKy0ObIT0jG Jvcsg6BXvlAYs5IhlsODKw55KFxuENwUnXvd24d/ZCaXQ+P4JUj6u7S62SD87HEi IApZnm5kWIlU2zqXfkRBbBTprNIzMuTF9x6VSMy+U417T36Wjfl901K8wKPtd9jZ MTBnXSXko1sYeV4vFvb2fesiJTtQemtjjgOs99YGDfljPejpzrjHkKBfrJkHcrz6 6Z4NImJOeoWPOTHDJas4 =S9kp -END PGP SIGNATURE- ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog 8.25.0 (v8-stable) released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, the DOC tarball [1] is missing. [1] http://www.rsyslog.com/files/download/rsyslog/rsyslog-doc-8.25.0.tar.gz - -- Regards, Thomas -BEGIN PGP SIGNATURE- Version: GnuPG v2.0 iQJ8BAEBCgBmBQJYrxOtXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzM0M1ODQ4MkM0MDIyOTJEMkUzQzVDMDY5 NzA5RjkwQzNDOTZGRkM4AAoJEJcJ+Qw8lv/Ipv8P+wYxNkTSxUGzgf2RYzz5YlWv ZhLG95W9MvXG4pV+pJMgwfP7wUCENn2Z297VFzb7rJttYIw35YiPykdqRe8GFoaC 8hyYGdMRcsMG4WnvfKX5fnmkCv/9MKBdrNDJSVni3YbjGXxzoBsDI1M+jPnXOpKD 36Ce3unmr87hgEoSN9Vj0bA2lBlOevjo85gJoK9iBR+8L1xDr08R4zIQ9G7ju1Fy /rzjorvS57R1/X20pOWWGhsjpwOWI9WNPI7HCAt8ShU173w5HCkdRq0P0f18+fMW HDvxJR2Sww3sYhC2N7oO5MNWIben8d7gnBeGTw23r7teQqAkoCtEZTOtSuCYPksH mfybd9HWrCKP2a00PuH1ENLCu2zJ5hPbqY11SOIEBHDIBQKg8MIxENRG0CbmNPEt XkPiu07nQOXTZAmkab1W6z6s+0bXhm93Wcq5RBfX0P/nrFDsCZGS7gFGhjJrv7+E KrBN4KfjB0MZxkHIro8UeMJfno8Bby6uC1Mt7UUGCdaA79YMm3zjDbF+XmtvLu72 GUoz0dePZShiQorMvI3frTK7/EVZ6iDtXviKXw1bWE/wJjc05boYKqhDudD+cnw7 HUU4cQcwlugftGTTTlnwv3AF4NfHU1XGzR92/muRLmz0Jtdvz4j1f4LVe1wp9yad dlnFEOZF4X6wh3xnMnEw =ZGCy -END PGP SIGNATURE- ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog 8.24.0 (v8-stable) released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, thanks for the release and happy new year to Adiscon and all rsyslog users/contributors! New mmdblookup module doesn't build. Was it ever tested before you merged? I filed an issue, https://github.com/rsyslog/rsyslog/issues/1355 Rest looks good, all test passed: > > Testsuite summary for rsyslog 8.24.0 > > # TOTAL: 293 > # PASS: 285 > # SKIP: 8 > # XFAIL: 0 > # FAIL: 0 > # XPASS: 0 > # ERROR: 0 > - -- Regards, Thomas -BEGIN PGP SIGNATURE- Version: GnuPG v2.0 iQJ8BAEBCgBmBQJYdXE4XxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzM0M1ODQ4MkM0MDIyOTJEMkUzQzVDMDY5 NzA5RjkwQzNDOTZGRkM4AAoJEJcJ+Qw8lv/IA8cP/R+gpY1qz3cTNgOnnok6lNLL iQHe9O61P8wD4PJyZX/eDdKCkUC3D7iQfP6CPtnzh1DVKj5GUAf6nP6eiYDxfQ3N y8VLLdtXPEZNmCSd7OaXj+ngDFePws/zWsOTtiLmCZYjGHhIWudYideFGI2ELBul UicQ8egoKbXyvua/2Vm8JLlT1oB+pejZtayRJwXtXwRTxFSBwwpvFNUk0Hdcgahk ePAErCdyoR7IrW5kYvQdoPjvtwztpcfxAZVXYw9BA8jk7L2FzItM8q1oU4Xn2OgJ fIfnsooOw8HeApR0sEDqw7REzirQV6hpJjXvS5qYDyt7LKeRkOY00abOaNsz5gHu dc0Lh8L1qiocuvtBGc/OjoMOvoLlve0Bz4Xj3tGUXaZSml+JNPmzUwqMfWRaTCWo vPErWWeE+cXkVtoA5UGLfzuiNgk6OHMA5bQJdHS+wzhvaBP/llPxRyhFQvy3x7Qv wEMhjemNX9OMsmlX2nVvTbNkBqSI82wYYJoy/oTlZMnrdy397DfLqMtZgrRGbTNf xCJXs9VMyfBgo8jTvJntGhLowfk195fPKVYaLDsNxqLXjSu8Hc63ppPU6LJAiYZZ DKeMTZs+AsQjkFZu5DfeNQtjpEo9CoOucrPoIhSCK6VKBofQnHGR0BXK7dtaQeKs hDkx6sFsRa/34xio1l01 =S+Kq -END PGP SIGNATURE- ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.