Mailing List Archive: Miss first line log when using action queue

Miss first line log when using action queue

Oct 7, 2020, 7:46 PM

Post #1 of 3 (317 views)

Hello everyone,

I use action queue to test if client will buffer the logs when server is offline.

The client config is as following:
[cid:image001.png@01D69D60.3E0DA070]

In server side, I use ??service rsyslog stop?? to stop rsyslog service. Then in client side, I use syslog APIs to write logs as following:
[cid:image002.png@01D69D60.3E0DA070]

The client will try to handshake with server in every 30s as following:
[cid:image003.jpg@01D69D60.3E0DA070]

After some time, I restart the rsyslog service in server side(service rsyslog start), and the client will connect the server successfully and transfer the logs written in client side.
But I found that there is one line log missing ( the emergency log ), I??ve tried many times and each time the first line log (the emergency log)will miss.

I also try this test with the RELP module, the same thing happened.

So Is there any mistake in my operation or is there any problems in rsyslog? Can this problem be solved?

I will be very appreciated if you can answer my questions above. Thanks!

Best Regards,

Jason Yu

Re: Miss first line log when using action queue [ In reply to ]

rsyslog at lists

Oct 7, 2020, 11:49 PM

Post #2 of 3 (317 views)

Permalink

sounds like an old rsyslog version. Current is 8.2008.0.

Rainer

El jue., 8 oct. 2020 a las 4:46, Jason Yu ?? via rsyslog
(<rsyslog@lists.adiscon.com>) escribió:
>
> Hello everyone,
>
> I use action queue to test if client will buffer the logs when server is offline.
>
> The client config is as following:
> [cid:image001.png@01D69D60.3E0DA070]
>
> In server side, I use “service rsyslog stop” to stop rsyslog service. Then in client side, I use syslog APIs to write logs as following:
> [cid:image002.png@01D69D60.3E0DA070]
>
> The client will try to handshake with server in every 30s as following:
> [cid:image003.jpg@01D69D60.3E0DA070]
>
> After some time, I restart the rsyslog service in server side(service rsyslog start), and the client will connect the server successfully and transfer the logs written in client side.
> But I found that there is one line log missing ( the emergency log ), I’ve tried many times and each time the first line log (the emergency log)will miss.
>
> I also try this test with the RELP module, the same thing happened.
>
> So Is there any mistake in my operation or is there any problems in rsyslog? Can this problem be solved?
>
> I will be very appreciated if you can answer my questions above. Thanks!
>
> Best Regards,
>
> Jason Yu
>
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

Re: Miss first line log when using action queue [ In reply to ]

rsyslog at lists

Oct 8, 2020, 3:58 AM

Post #3 of 3 (317 views)

Permalink

This is expected behaviour, see
https://rainer.gerhards.net/2008/04/on-unreliability-of-plain-tcp-syslog.html

Rainer

El jue., 8 oct. 2020 a las 12:19, Jason Yu ?? (<Jian_Yu@human-horizons.com>)
escribió:

> Hi Rainer,
>
>
>
> I've update the rsyslog in my Ubuntu VM to 8.2008.0, then I did the same
> test in my previous mail.
>
>
>
> This time, When I use RELP module, it works. But when I use TCP module, I
> does not work.
>
>
>
> The difference in wireshark is as following:
>
> When I stop the rsyslog service in server side, the server will send TCP
> FIN packet to client. Then I write some logs in client side, the client
> rsyslog will firstly send FIN packet to close the TCP connection and then
> send new SYN packet to server before sending log data packet. And when I
> restart the rsyslog server in server side, the connection is established
> and logs written in client side will transfer to server.
>
>
>
> But When I use TCP module. After the server is offline, I write some logs
> in client side, and this time the client just send the log data in TCP data
> segment, and server responds with RST packet. And the client will not try
> to send this log to server in the later.
>
> Then I use syslog() api to write some other logs, this time the client
> rsyslog try to connect server by sending SYN packet and when the server is
> online again, the connection is established and the logs written in the
> second time transfer to the server side. But the logs written in the first
> time did not transfer to server, so they are missing.
>
>
>
> So, if this is the right behavior for RELP and TCP in this situation? The
> TCP module is not reliable in this test?
>
> Thanks.
>
>
>
>
>
> Best Regards,
>
>
>
> Jason Yu
>
>
>
>
>
> -----????-----
> ???: Rainer Gerhards [mailto:rgerhards@hq.adiscon.com]
> ????: 2020?10?8? 14:49
> ???: rsyslog-users <rsyslog@lists.adiscon.com>
> ??: Jason Yu ?? <Jian_Yu@human-horizons.com>
> ??: Re: [rsyslog] Miss first line log when using action queue
>
>
>
> sounds like an old rsyslog version. Current is 8.2008.0.
>
>
>
> Rainer
>
>
>
> El jue., 8 oct. 2020 a las 4:46, Jason Yu ?? via rsyslog
>
> (<rsyslog@lists.adiscon.com>) escribió:
>
> >
>
> > Hello everyone,
>
> >
>
> > I use action queue to test if client will buffer the logs when server is
> offline.
>
> >
>
> > The client config is as following:
>
> > [cid:image001.png@01D69D60.3E0DA070]
>
> >
>
> > In server side, I use “service rsyslog stop” to stop rsyslog service.
> Then in client side, I use syslog APIs to write logs as following:
>
> > [cid:image002.png@01D69D60.3E0DA070]
>
> >
>
> > The client will try to handshake with server in every 30s as following:
>
> > [cid:image003.jpg@01D69D60.3E0DA070]
>
> >
>
> > After some time, I restart the rsyslog service in server side(service
> rsyslog start), and the client will connect the server successfully and
> transfer the logs written in client side.
>
> > But I found that there is one line log missing ( the emergency log ), I’ve
> tried many times and each time the first line log (the emergency log)will
> miss.
>
> >
>
> > I also try this test with the RELP module, the same thing happened.
>
> >
>
> > So Is there any mistake in my operation or is there any problems in
> rsyslog? Can this problem be solved?
>
> >
>
> > I will be very appreciated if you can answer my questions above. Thanks!
>
> >
>
> > Best Regards,
>
> >
>
> > Jason Yu
>
> >
>
> > _______________________________________________
>
> > rsyslog mailing list
>
> > https://lists.adiscon.net/mailman/listinfo/rsyslog
>
> > http://www.rsyslog.com/professional-services/
>
> > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE
>
> > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
> LIKE THAT.
>

Mailing List Archive

Attached Files:

Attached Files: