[rsyslog-notify] Forum Thread: Re: rsyslog crashes with omrelp - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Thu Sep 3 21:16:29 CEST 2015
User: nottoosmart
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25888#p25888
Message:
----------
Hi dlang. Here is a paste of the config that causes the problem:
# Use FQDN for hostname field
$PreserveFQDN on
# MODULES
module(load="imuxsock") # Provides support for local system logging
module(load="imklog") # Provides kernel logging support
module(load="imudp") # Provides UDP syslog reception
input(type="imudp"
port="514")
module(load="imptcp" # Provides TCP syslog reception
threads="16")
input(type="imptcp"
port="514"
KeepAlive="on"
KeepAlive.Probes="3"
KeepAlive.Interval="30"
KeepAlive.Time="900")
module(load="imrelp") # Provides RELP syslog reception
input(type="imrelp"
port="6514"
tls="on"
KeepAlive="on"
KeepAlive.Probes="3"
KeepAlive.Interval="30"
KeepAlive.Time="900")
module(load="omprog") # Provides ability to run a binary
#module(load="omrelp") # Provides ability to trasmit messages with RELP
# Provides periodic output of rsyslog internal counters
module(load="impstats" severity="7" resetCounters="on")
# Main message queue performance enhancements
$MainMsgQueueSize 500000
$MainMsgQueueDequeueBatchSize 5000
$MainMsgQueueWorkerThreads 10
$MainMsgQueueHighWaterMark 1000000000
$MainMsgQueueWorkerThreadMinimumMessages 150000
$MainMsgQueueDiscardMark 499999
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Set the default permissions for all log files.
$FileOwner root
$FileGroup root
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0002
if $fromhost-ip == "127.0.0.1" then {
# Gather stats from rsyslog
syslog.=debug /var/log/rsyslog-stats
# Log anything info level or higher. A lot of things go into their own
file.
*.info;mail,authpriv,cron,local2,local3,local5,local6.none
-/var/log/messages
# The authpriv file has restricted access.
auth.*,authpriv.* -/var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log all cron messages in one place.
cron.* -/var/log/cron
# Everybody gets emergency messages
*.emerg :omusrmsg:*
# Save news errors of level crit and higher in a special file.
uucp,news.crit -/var/log/spooler
# LDAP logs
local4.* -/var/log/ldap.log
# DHCPD logs
local5.* -/var/log/dhcpd.log
# DNS logs
local6.* -/var/log/dns.log
# Among other places, boot messages always go to boot.log
local7.* -/var/log/boot.log
stop
}
auth.*,authpriv.* {
action(type="omrelp"
name="authtailer"
target="IPV6 address would go here but I removed it for this paste"
port="6514"
tls="on"
action.reportSuspension="off"
action.reportSuspensionContinuation="off")
}
*.* {
action(type="omprog"
binary="sessionfilter.par"
template="RSYSLOG_TraditionalFileFormat"
queue.dequeuebatchsize="5000"
queue.workerthreads="10")
}
*.* {
action(type="omprog"
binary="logfilter.par"
template="RSYSLOG_TraditionalFileFormat"
queue.dequeuebatchsize="5000"
queue.workerthreads="10")
stop
}
More information about the rsyslog-notify
mailing list