[rsyslog-notify] Forum Thread: Re: Break up huge logs into chunks before shipping them? - (Mode 'edit_last_post')
noreply at adiscon.com
noreply at adiscon.com
Fri Mar 10 19:08:37 CET 2017
User: ZillaG
Forumlink: http://kb.monitorware.com/viewtopic.php?p=27183#p27183
Message:
----------
I didn't have to do this after all. I just had to set
[code:147pq7fm]$MaxMessageSize 64k[/code:147pq7fm]
in rsyslog.conf. It turns out it was rsyslg that was truncating the
message, and NOT Logstash.
and tell Logstash to setup a 64k input buffer, and it works for me rsyslog
-> ELK setup works for me now.
PS:
Rainer, it'd be cool that if I set up rsyslog to output to a file that it
would show the truncated message. That is, if I had the following in
rsyslog.conf
[code:147pq7fm]local3.* /var/log/debugfmt;myTemplate[/code:147pq7fm]
that I see the truncated log event in /var/log/debugfmt. In my case it
didn't.
More information about the rsyslog-notify
mailing list