Hello,
I have a rather strange problem with an rsyslog-machine.
I configured it to process incoming logs over network via tcp port 514 using imtcp.
The incoming logs on that connection are simply stored in a specific folder in a log-file.
This setup works 90% of the time but sometimes logs get "lost".
I have no idea what causes it. I set up a tcpdump on the receiving machine and I can confirm that the packages are indeed being delivered.
But for some reason rsyslog does not notice them. I can find all other log-messages mentioned in the rsyslog-debug log, where they are noticed and processed correctly.
The ones that don't make it to the logfiles are no where to be found. I cannot find any difference in these files, so I would expect them to be handled identically.
Has anyone of you ever had similar problems and found a solution? Its not a firewall or network problem as the packages are definitely reaching the client.
I am grateful for any support you guys can provide
With kind regards
--
Florian Seifer
Berater secunet Anwendungen, Managed Security Services
Division Operational Services
secunet Security Networks AG
Tel.: +49 201 5454-2297, Fax: +49 201 5454-1259
florian.seifer@secunet.com
Kurf?rstenstra?e 58, 45138 Essen, Germany
www.secunet.com
-----------------------------------------------------------------------
Sitz: Kurf?rstenstra?e 58, 45138 Essen
Amtsgericht Essen HRB 13615
Vorstand: Axel Deininger (Vors.), Torsten Henn, Dr. Kai Martius, Thomas Pleines
Aufsichtsratsvorsitzender: Ralf Wintergerst
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
I have a rather strange problem with an rsyslog-machine.
I configured it to process incoming logs over network via tcp port 514 using imtcp.
The incoming logs on that connection are simply stored in a specific folder in a log-file.
This setup works 90% of the time but sometimes logs get "lost".
I have no idea what causes it. I set up a tcpdump on the receiving machine and I can confirm that the packages are indeed being delivered.
But for some reason rsyslog does not notice them. I can find all other log-messages mentioned in the rsyslog-debug log, where they are noticed and processed correctly.
The ones that don't make it to the logfiles are no where to be found. I cannot find any difference in these files, so I would expect them to be handled identically.
Has anyone of you ever had similar problems and found a solution? Its not a firewall or network problem as the packages are definitely reaching the client.
I am grateful for any support you guys can provide
With kind regards
--
Florian Seifer
Berater secunet Anwendungen, Managed Security Services
Division Operational Services
secunet Security Networks AG
Tel.: +49 201 5454-2297, Fax: +49 201 5454-1259
florian.seifer@secunet.com
Kurf?rstenstra?e 58, 45138 Essen, Germany
www.secunet.com
-----------------------------------------------------------------------
Sitz: Kurf?rstenstra?e 58, 45138 Essen
Amtsgericht Essen HRB 13615
Vorstand: Axel Deininger (Vors.), Torsten Henn, Dr. Kai Martius, Thomas Pleines
Aufsichtsratsvorsitzender: Ralf Wintergerst
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.