Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

Rainer, Apparently, I wasn't explicit enough when submitting the debug log. You asked: Did something (systemd) steal the log socket? I don't know. How could I know? How can I find out? Please, advise. Thank you. ~ Mike On Thu, Oct 19, 2017 at 1:18 PM, Rainer Gerhards

Re: [rsyslog] If messages are stuck in a queue, do you have any option other than nuking the queue file(s)?

On Thu, 19 Oct 2017, deoren wrote: On 10/18/2017 8:10 PM, David Lang wrote: On Wed, 18 Oct 2017, deoren wrote: On 10/18/2017 3:15 PM, David Lang wrote: On Wed, 18 Oct 2017, deoren wrote: On 10/18/2017 1:36 PM, David Lang wrote: On Wed, 18 Oct 2017, deoren wrote: Since the sender and

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

I think David can probably answer that better. You need to check systemd and journal conf. But you said it works with an older version. Can you create a Debug log with that one as well so that I can compare? That would probably be useful. Again (due to time zone differences) I can look at this at

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

It would be great to have it as similar as possible. Sent from phone, thus brief. Am 19.10.2017 20:57 schrieb "Mike Schleif" : > Rainer, > > Yes, I respect your time. Since it is running with 8.29, I can keep this > running as-is for a week or so; but, I do need

Re: [rsyslog] If messages are stuck in a queue, do you have any option other than nuking the queue file(s)?

Am 19.10.2017 21:55 schrieb "David Lang" : On Thu, 19 Oct 2017, deoren wrote: On 10/18/2017 8:10 PM, David Lang wrote: > >> On Wed, 18 Oct 2017, deoren wrote: >> >> On 10/18/2017 3:15 PM, David Lang wrote: >>> On Wed, 18 Oct 2017, deoren wrote: On 10/18/2017 1:36

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

Well it would have helped to have this information before wading through the log ;-). Now it needs to wait till tomorrow or Monday. Did something (systemd) steal the log socket? Räuber Sent from phone, thus brief. Am 19.10.2017 19:53 schrieb "Mike Schleif" : >

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

Rainer, Yes, I respect your time. Since it is running with 8.29, I can keep this running as-is for a week or so; but, I do need the update fixes asap. For debug log from working system, do you need any system reboot? If not, I can turn on debug in rsyslog.conf, then simple restart rsyslogd.

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

Look at line: 32697 - That is the LAST line of debug as the system booted up. Now, look at the next line: 32698 - That is the first line after the sysadmin pressed Enter after typing "reboot." I don't understand the time encoding prior to the first colon (:) of each line; but, this host was up

Re: [rsyslog] If messages are stuck in a queue, do you have any option other than nuking the queue file(s)?

On 10/19/2017 3:12 PM, Rainer Gerhards wrote: Am 19.10.2017 21:55 schrieb "David Lang" : RELP has it's place, but most of the time I'm willing to loose some logs under rare failure conditions and so haven't bothered to use it. large maxmessagesize leads to wasted memory in

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

2017-10-19 16:14 GMT+02:00 Mike Schleif : > Rainer, > > Debug attached. Full reboot follows each update and roll back. > > It looks like nothing under /var/log/ gets written to after reboot > complete, except lastlog and wtmp. mmhhh... I see at least writes to

Re: [rsyslog] If messages are stuck in a queue, do you have any option other than nuking the queue file(s)?

On 10/18/2017 8:10 PM, David Lang wrote: On Wed, 18 Oct 2017, deoren wrote: On 10/18/2017 3:15 PM, David Lang wrote: On Wed, 18 Oct 2017, deoren wrote: On 10/18/2017 1:36 PM, David Lang wrote: On Wed, 18 Oct 2017, deoren wrote: Since the sender and receiver in this are both the latest