[rsyslog-notify] Forum Thread: Re: Rsyslog silently discarding messages - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Fri Jul 29 05:51:54 CEST 2016
User: liupjo
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26837#p26837
Message:
----------
[quote="dlang":1jv65zn2]as always when you don't think you are getting the
logs you want, the first thing to do is to try writing a debug format log
/var/log/debugtest;RSYSLOG_DebugFormat
see if the logs are in this file or not (they bay be getting written with
something different than the hostname you are looking for)
you say that if you telnet to the syslog port from the switch, you do see
the resulting message in the log file, correct?[/quote:1jv65zn2]
Hi,
Yes, with telnet I do see the resulting message in the expected log file.
I tried to grep for the string I am expecting in /var/log (grep -r "by
user" /var/log) which includes the folder I'm expecting the actual log to
get into (/var/log/remote) but grep doesn't return any results.
After a more detailed look on the packet capture I noticed that the switch
is not sending the new line character:
[code:1jv65zn2]793831: SWITCH-1: Jul 29
10:50:25.448: %SYS-5-CONFIG_I: Configured from console
by user on console[/code:1jv65zn2]
instead of
[code:1jv65zn2]793831: SWITCH-1: Jul 29
10:50:25.448: %SYS-5-CONFIG_I: Configured from console
by user on console\n[/code:1jv65zn2]
It seems like rsyslog batches the received string for write on disk only
when a new line char is parsed.
What happen when the received string doesn't contain a new line char? Does
rsyslog keep it in the buffer indefinitely?
More information about the rsyslog-notify
mailing list