[rsyslog-notify] Forum Thread: Am i doing something completly wrong or have I found a bug? - (Mode 'post')

noreply at adiscon.com noreply at adiscon.com
Tue Feb 18 15:44:45 CET 2014 

User: rasta-p 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24237#p24237

Message: 
----------
Hi,

First I would like to thank you for a good tool!

And now to the problem....

I have rsyslog server with mysql, I receive a LOT of messages, so i
followed this guide in the help section: <!-- m --><a class="postlink"
href="http://www.rsyslog.com/doc/rsyslog_high_database_rate.html">http://www.rsyslog.com/doc/rsyslog_high
... _rate.html</a><!-- m -->

But when I add these into my rsyslog.conf file.:

$WorkDirectory /root/rsyslog # default location for work (spool) files
$ActionQueueType LinkedList # use asynchronous processing
$ActionQueueFileName dbq    # set file name, also enables disk mode
$ActionResumeRetryCount -1  # infinite retries on insert failure

This first line of my filter stop to work:

:msg, contains, "nagios" ~
:msg, contains, "172.17.13.133" ~
:msg, contains, "172.17.13.71" ~
:msg, contains, "188.181.133.100" ~

So my database gets even more busy because it also have to handle all the
messages with nagios in it.

If I comment out like this:

#$WorkDirectory /root/rsyslog # default location for work (spool) files
#$ActionQueueType LinkedList # use asynchronous processing
#$ActionQueueFileName dbq    # set file name, also enables disk mode
#$ActionResumeRetryCount -1  # infinite retries on insert failure

messages with "nagios" gets deleted again!

Now comes the really weird part. I uncomment again:

$WorkDirectory /root/rsyslog # default location for work (spool) files
$ActionQueueType LinkedList # use asynchronous processing
$ActionQueueFileName dbq    # set file name, also enables disk mode
$ActionResumeRetryCount -1  # infinite retries on insert failure

and insert test in the filter:

:msg, contains, "test" ~
:msg, contains, "nagios" ~
:msg, contains, "172.17.13.133" ~
:msg, contains, "172.17.13.71" ~
:msg, contains, "188.181.133.100" ~

Messages with "nagios" is deleted but messages with "test" is not deleted.
If test and nagios change places, like this:

:msg, contains, "nagios" ~
:msg, contains, "test" ~
:msg, contains, "172.17.13.133" ~
:msg, contains, "172.17.13.71" ~
:msg, contains, "188.181.133.100" ~

messages with "test" gets deleted but not messages with "nagios". Any idea
why this is happening? Am I just a noob?

Best regards
Holger C. Kirketerp

More information about the rsyslog-notify mailing list