[rsyslog-notify] Forum Thread: Re: rsyslog filter /dev/null - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Wed May 13 06:28:28 CEST 2015
User: davparker
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25584#p25584
Message:
----------
Which part of the syntax is outdated? I'm using language straight from the
config file, plus examples from the documentation. Its unclear to me which
code is "new" to ver 7, vs what is probably unsupported in ver 8, vs what
is depreciated.
I get a warning on the tilde being depreciated in version 7.x, but the
documentation on ver 7 expressly uses the tilde in an example. I couldn't
quite find how to use the stop in the statement, as suggested.
Its equally unclear how to merge the recommended following with the Ruleset
language:
$ActionQueueFileName fwdNet # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList # run asynchronously
$ActionResumeRetryCount -1 # infinite retries if host is down
it turns out I think the messages are being filtered on the forwarding, but
they are getting written to the log file specified in the template. That
threw me off. I'll check again tomorrow. I may just need to tweak the
template language?. I had to leave, just as I noticed the volume of
messages going into Splunk dropped off.
More information about the rsyslog-notify
mailing list