[rsyslog-notify] Forum Thread: Re: Break up huge logs into chunks before shipping them? - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Sat Mar 11 00:28:15 CET 2017
User: dlang
Forumlink: http://kb.monitorware.com/viewtopic.php?p=27184#p27184
Message:
----------
No, rsyslog doesn't have a way of splitting a log message (part of the
problem is defining how you 'split' a structured message, especially when
rsyslog does not know the meaning of the message)
maxmessagesize is only enforced when a message is sent out on the network.
There is a size() function that you can use (set $.foo =
exec_template("templatename"); and then set $.bar=size($.foo);) and track
message sizes that way. This would let you detect oversized messages and
write them to a local file for later retrieval if needed and then figure
out a way to truncate the message you send over the network (change the
$.msg variable if that's what's the largest for example)
More information about the rsyslog-notify
mailing list