[rsyslog-notify] Forum Thread: Unexpected behavior upon restart - (Mode 'post')
noreply at adiscon.com
noreply at adiscon.com
Mon Aug 11 17:20:58 CEST 2014
User: tgadbois
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24823#p24823
Message:
----------
Hi,
We're running rsyslog with the following version/settings:
rsyslogd 5.8.10, compiled with:
FEATURE_REGEXP: Yes
FEATURE_LARGEFILE: No
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
Runtime Instrumentation (slow code): No
On RHEL 6.4. The rsyslog instance acts as a central aggregator, writing out
data from various hosts into corresponding output directories. We're using
DynFile templates with parameters such as %HOSTNAME%, %FROMHOST-IP%,
%YEAR%/%MONTH%/%DAY% etc. We have a bunch of filters in the format of
:source , startswith , "123.456" ?OurCustom_DynFile
& ~
where ?OurCustom_DynFile looks like:
$template
OurCustom_DynFile,"/var/application_name/%HOSTNAME%/%$YEAR%-%$MONTH%-%$DAY%.log"
In the steady-state this approach seems to work. However, when we restart
rsyslog with the "service rsyslog restart" command, a strange thing
happens: we get some files briefly written into the wrong output directory,
i.e. they get written to an "application_name" directory that they
shouldn't based on their host or IP.
Is there a more graceful shutdown option than "service rsyslog restart"? Or
is there an option we should be using to make sure our rules are followed
when stopping / starting rsyslog?
Thanks,
TG
More information about the rsyslog-notify
mailing list