[rsyslog-notify] Forum Thread: Please help: how to throttle remote logging? - (Mode 'post')

[noreply at adiscon.com]

User: stwong 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24949#p24949

Message: 
----------
Hi all,

I'm using rsyslog 5.8.10 (rpm of CentOS 6) to send log from a file to a
remote host.  As the file grows quickly, I want to throttle the output rate
(say 250 log entries per second) to remote host .  I tried to use
DequeueSlowDown parameter as following.

--------------------- cut here ---------------------
# input file 
$ModLoad imfile
$InputFileName /var/log/p0f.log
$InputFileTag p0f
$InputFileStateFile stat-p0f
$InputFileSeverity error
$InputFileFacility local6
$InputFilePollInterval 5
$InputRunFileMonitor

#Action to send log to remote host:
$template myFTemplate, "%msg%\n"
$ActionQueueType LinkedList
$ActionQueueSaveOnShutdown on
$ActionResumeRetryCount -1 
$ActionQueueSize 20000
$ActionQueueDequeueSlowdown 4000        # [250/sec]
if ($syslogtag == 'p0f') and ($msg contains 'mod=syn|cli=192.168.7' or $msg
contains 'mod=syn+ack' or $msg contains 'mod=http request') then
@@192.168.10.10:5141;myFTemplate

--------------------- cut here ---------------------

However, records received on remote host didn't drop.  Rsyslog stat shows:

Sep 24 10:34:47 xpdot rsyslogd-pstats: imuxsock: submitted=65
ratelimit.discarded=0 ratelimit.numratelimiters=4
Sep 24 10:34:47 xpdot rsyslogd-pstats: action 1 queue: size=0
enqueued=2590301 full=0 maxqsize=19400
Sep 24 10:34:47 xpdot rsyslogd-pstats: main Q: size=2 enqueued=6767311
full=0 maxqsize=9702

Did I miss anything?  Sorry for the newbie question.

Thanks a lot.
/ST Wong