[rsyslog-notify] Forum Thread: Re: Prevent rsyslog server from indexing its own logs - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Wed Nov 25 19:07:19 CET 2015
User: wegdave
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26192#p26192
Message:
----------
Okay, guys, managed to update it, but same thing still happens:
[code:3s5d9i7w][root at brjgs058 rsyslog]# rsyslogd -version
rsyslogd 8.14.0, compiled with:
PLATFORM: i686-redhat-linux-gnu
PLATFORM (lsb_release -d):
FEATURE_REGEXP: Yes
GSSAPI Kerberos 5 support: No
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
memory allocator: system default
Runtime Instrumentation (slow code): No
uuid support: Yes
Number of Bits in RainerScript integers: 64
See http://www.rsyslog.com for more information.
[root at brjgs058 rsyslog]#
[root at brjgs058 rsyslog]# ll
drwxrwxr-x 2 root bin 4096 Nov 24 14:42 10.1.81.94
drwxrwxr-x 2 root bin 4096 Nov 24 14:43 10.1.81.98
drwxrwxr-x 2 root bin 4096 Nov 24 09:10 10.1.89.1
drwxrwxr-x 2 root bin 4096 Nov 19 15:12 10.2.118.163
drwx------ 2 root root 4096 Nov 25 16:00 brjgs058
[root at brjgs058 rsyslog]# rm -rf brjgs058/
[root at brjgs058 rsyslog]# ll
drwxrwxr-x 2 root bin 4096 Nov 24 14:42 10.1.81.94
drwxrwxr-x 2 root bin 4096 Nov 24 14:43 10.1.81.98
drwxrwxr-x 2 root bin 4096 Nov 24 09:10 10.1.89.1
drwxrwxr-x 2 root bin 4096 Nov 19 15:12 10.2.118.163
[root at brjgs058 rsyslog]# service rsyslog restart
Shutting down system logger: [ OK
]
Starting system logger: [ OK
]
[root at brjgs058 rsyslog]# ll
drwxrwxr-x 2 root bin 4096 Nov 24 14:42 10.1.81.94
drwxrwxr-x 2 root bin 4096 Nov 24 14:43 10.1.81.98
drwxrwxr-x 2 root bin 4096 Nov 24 09:10 10.1.89.1
drwxrwxr-x 2 root bin 4096 Nov 19 15:12 10.2.118.163
drwx------ 2 root root 4096 Nov 25 16:01 brjgs058
[root at brjgs058 rsyslog]# tail brjgs058/syslog.log
Nov 25 16:01:53 brjgs058 postfix/qmgr[1831]:
AA34E7A044: from=<root at brjgs058.localdomain>, size=209355, nrcpt=1
(queue active)
Nov 25 16:01:53 brjgs058 postfix/local[23686]:
AA34E7A044: to=<root at brjgs058.localdomain>, orig_to=<root>,
relay=local, delay=281, delays=281/0/0/0.01, dsn=5.2.2,
status=bounced (cannot update mailbox /var/mail/root for user root.
error writing message: File too large)
Nov 25 16:01:53 brjgs058 postfix/cleanup[20897]:
B107E7A046:
message-id=<20151125180153.B107E7A046 at brjgs058.localdomain>
Nov 25 16:01:53 brjgs058 postfix/qmgr[1831]:
B107E7A046: from=<>, size=2539, nrcpt=1 (queue active)
Nov 25 16:01:53 brjgs058 postfix/bounce[20901]:
AA34E7A044: sender non-delivery notification: B107E7A046
Nov 25 16:01:53 brjgs058 postfix/qmgr[1831]:
AA34E7A044: removed
Nov 25 16:01:53 brjgs058 postfix/local[20821]:
B107E7A046: to=<root at brjgs058.localdomain>, relay=local,
delay=0.01, delays=0/0/0/0.01, dsn=5.2.2, status=bounced
(cannot update mailbox /var/mail/root for user root. error writing
message: File too large)
Nov 25 16:01:53 brjgs058 postfix/qmgr[1831]:
B107E7A046: removed
Nov 25 16:02:01 brjgs058 CROND[18116]: (root) CMD
(/opt/splunkforwarder/etc/apps/Set_Permission.sh)
Nov 25 16:02:01 brjgs058 CROND[18117]: (root) CMD
(/usr/bin/mrtg /etc/mrtg/mrtg.cfg logging /var/log/mrtg.log)
You have mail in /var/spool/mail/root
[root at brjgs058 rsyslog]#
[/code:3s5d9i7w]
Config file is the same, ( with the line: if ($hostname == 'BRJGS058') then
stop )
More information about the rsyslog-notify
mailing list