[rsyslog-notify] Forum Thread: Error when rsyslog dequeueing queue and errors on restart - (Mode 'edit_topic')
noreply at adiscon.com
noreply at adiscon.com
Fri Mar 7 02:19:01 CET 2014
User: rexxe
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24315#p24315
Message:
----------
Hello,
I'm using the elasticsearch plugin and have a disk-assisted queue turned on
for it. To test the queue, I turn off the Elasticsearch service and send
logs to rsyslog that are destined for Elasticsearch. I see the queue file
being written. There are two issues I'm running into:
[list=1:2249s3fb]
[*:2249s3fb]The queue is not dequeueing when I turn Elasticsearch back on.
Here is the debug log:
[code:2249s3fb]
4249.921422532:7f4c2a7ed700: objDeserialize error -2029 during
header processing - trying to recover
4249.921443273:7f4c2a7ed700: strm 0x7f4c39ccf080: file 10
read 856 bytes
4249.921445848:7f4c2a7ed700: deserializer has possibly been
able to re-sync and recover, state 0
4249.921496052:7f4c2a7ed700: action 2 queue: error -2308
dequeueing element - ignoring, but strange things may happen
[/code:2249s3fb]
[/*:m:2249s3fb]
[*:2249s3fb]When I restart rsyslog it ALWAYS gives me an error saying:
[quote:2249s3fb]fatal error on disk queue 'action 2 queue', emergency
switch to direct mode [try <!-- m --><a class="postlink"
href="http://www.rsyslog.com/e/2040">http://www.rsyslog.com/e/2040</a><!--
m --> ].[/quote:2249s3fb]
I have plenty of disk space available. What also happens is that the queue
file is deleted! I do see a qi file, but the actual queue file is
gone.[/*:m:2249s3fb][/list:o:2249s3fb]
Here is my Elasticsearch action:
[code:2249s3fb]*.* action(type="omelasticsearch"
server="myserver"
bulkmode="on"
template="logstash_json"
searchIndex="logstash-index"
dynSearchIndex="on"
queue.filename="fwdRule1"
queue.maxdiskspace="5g"
queue.type="disk"
action.resumeretrycount="-1")[/code:2249s3fb]
I'm using rsyslog 7.6.0. Is this a bug or am I doing something wrong?
Thanks!
More information about the rsyslog-notify
mailing list