[rsyslog-notify] Forum Thread: Re: Break up huge logs into chunks before shipping them? - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Sat Mar 11 00:30:46 CET 2017
User: dlang
Forumlink: http://kb.monitorware.com/viewtopic.php?p=27185#p27185
Message:
----------
No, rsyslog doesn't have a way of splitting a log message (part of the
problem is defining how you 'split' a structured message, especially when
rsyslog does not know the meaning of the message)
maxmessagesize is only enforced when a message is sent out on the network.
There is a size() function that you can use (set $.foo =
exec_template("templatename"); and then set $.bar=size($.foo);) and track
message sizes that way. This would let you detect oversized messages and
write them to a local file for later retrieval if needed and then figure
out a way to truncate the message you send over the network (change the
$.msg variable if that's what's the largest for example)
If you really wanted to get fancy, you could have mmnormalize decode the
stack trace (detecting all the stuff in the middle into $!trace!items[] for
example) and then when you detect a stack trace, you could write it locally
in full detail, and then trim it to skip all the middle layers that are
usually worthless when sending it remotely
More information about the rsyslog-notify
mailing list