rsyslog stops around 12 am logging to our log storage machine. #47
Comments
|
@igoras1993 please help |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Hi Team,
we are facing a weird issue using the rsyslog alpine image. rsyslog stops sending logs after 12 am and after two-three hours it continues.
<img width="1358" alt="Screenshot 2021-09-14 at 12 22 31 AM" src="https://user-images.githubusercontent.com/59436466/133140468
-06aab451-a66c-42b1-bb74-8da5b9cbcfa7.png">
I am attaching the rsyslog configuration which we are using.
``
$ModLoad imuxsock
$ModLoad imklog
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
#$IncludeConfig /config/rsys-config/*.conf
#Writing custom config here
module(load="imfile" mode="polling")
template (name="fk-fwd" type="string" string="<%PRI%>%TIMESTAMP:::date-rfc3339% %HOSTNAME% Ma.%$!app_id%,Mgrp.%$!instance_grp%,Mi.%$/instance_id%,Mz.%$!zone%,Mtyp.%$/type%,srv.%$/sr_version%,MphyApp.%$/phy_app_id%,MphyIGrp.%$/phy_inst_grp%,%$!tag%%$!msg:::sp-if-no-1st-sp%%$!msg%")
ruleset(name="strm.relay.mod") {
if ( $!msg == "" ) then {
set $!msg = $msg;
}
if ( $!tag == "" ) then {
set $!tag = $syslogtag;
}
if ( $!app_id == "" ) then {$!app_id = $ /phy_app_id;
set
}
if ( $!cluster != "" ) then {$!instance_grp = $ !cluster;$!instance_grp = $ /phy_inst_grp;
set
} else if ( getenv("LOGSVC_CLUSTER") != "" ) then {
set $!instance_grp = getenv("LOGSVC_CLUSTER");
} else {
set
}
if ( $!instance_grp == "" ) then {
set $!instance_grp = "#NULL#";
}
set$!zone = $ /zone;
if ( $!zone == "" ) then {
set $!zone = "NULL";
}
}
ruleset(name="relay.logstorage" queue.type="Direct") {
call strm.relay.mod
action(type="omfwd" Target="10.33.183.44" Port="10514" Protocol="tcp" ResendLastMSGOnReconnect="on" ZipLevel="9")
action(type="omfwd" Target="10.33.67.116" Port="10514" Protocol="tcp" ResendLastMSGOnReconnect="on" ZipLevel="9" action.execOnlyWhenPreviousIsSuspended="on")
}
ruleset(name="logstorage_access" queue.type="Direct") {
if ( not ($msg contains "/unicorn/elb-healthcheck") and not ($msg contains "/unicorn/2.0/payments/options") and not ($msg contains "/unicorn/1.0/payments/instrumentcheck") ) then {
call relay.logstorage
}
}
input(type="imfile" File="/var/log/flipkart/fkpg-unicorn/default.log"
Tag="default.log,prod-unicorn-app,fpg"
Severity="error"
ruleset="logstorage_access"
readmode="2")
input(type="imfile" File="/var/log/flipkart/fkpg-unicorn/error.log"
Tag="error.log,prod-unicorn-app,fpg"
Severity="error"
ruleset="logstorage_access"
readmode="2")
auth,authpriv.* /var/log/auth.log
.;auth,authpriv.none -/var/log/syslog
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err
news.crit /var/log/news/news.crit
news.err /var/log/news/news.err
news.notice -/var/log/news/news.notice
.=debug;
auth,authpriv.none;
news.none;mail.none -/var/log/debug
.=info;.=notice;.=warn;
auth,authpriv.none;
cron,daemon.none;
mail,news.none -/var/log/messages
*.emerg *
daemon.;mail.;
news.err;
.=debug;.=info;
.=notice;.=warn |/dev/xconsole
The text was updated successfully, but these errors were encountered: