[rsyslog-notify] Forum Thread: Rsyslog Merging Log Events - making them malformed - (Mode 'post')
noreply at adiscon.com
noreply at adiscon.com
Mon Dec 28 07:48:52 CET 2015
User: adityapavan18
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26249#p26249
Message:
----------
Hi All
The server where Rsylog daemon is running is listening on UDP 514 for
incoming log events configured from remote ESXi hosts.
The logs events written by rsylog to a file are generally like below -
where data from multiple ESXi hosts are written to a single file on local
disk
Dec 28 06:29:37 samplehost716.test.net Vpxa: [2BC51B70 verbose
'vpxavpxaMoService' opID=HB-host-5550 at 207076-4f4a679-6b] [VpxaMoService]
host changes include changed properties []
Dec 28 06:29:37 samplehost702.test.net Vpxa: [2BC51B70 verbose
'vpxavpxaMoService' opID=HB-host-5550 at 207076-4f4a679-6c] [VpxaMoService]
host changes include changed properties []
But sometimes we observe some malformed logs - i.e part of one event is
concatenated with whole of second event like below
Dec 28 06:29:37 samplehost702.tesDec 28 06:29:37 samplehost716.test.net
Vpxa: [2BC51B70 verbose 'vpxavpxaMoService'
opID=HB-host-5550 at 207076-4f4a679-6d] [VpxaMoService] host changes include
changed properties []
In the above event we see [color=#FF0000:3evmo8cm]Dec 28 06:29:37
samplehost702.tes[/color:3evmo8cm] merged with event
[color=#00BF00:3evmo8cm]Dec 28 06:29:37 samplehost716.test.net Vpxa:
[2BC51B70 verbose 'vpxavpxaMoService' opID=HB-host-5550 at 207076-4f4a679-6d]
[VpxaMoService] host changes include changed properties [][/color:3evmo8cm]
We are not able to figure out the issue, why this might be happening. Has
anyone observed this in their environments? Any help on this will be highly
appreciated.
More information about the rsyslog-notify
mailing list