The rocket-fast system for log processing
Failure during fopen, for example file not found – see errno. Opening a file failed. There should be some other error messages in front of this one. Most probably, a configuration file could not be opened (wrong name or permissions). This is a stub entry: If you have questions please post a comment or visit […]
Original post: Recipe: Apache Logs + rsyslog (parsing) + Elasticsearch by @Sematext This recipe is about tailing Apache HTTPD logs with rsyslog, parsing them into structured JSON documents, and forwarding them to Elasticsearch (or a log analytics SaaS, like Logsene, which exposes the Elasticsearch API). Having them indexed in a structured way will allow you […]
Originally posted on the Sematext blog: Monitoring rsyslog’s Performance with impstats and Elasticsearch If you’re using rsyslog for processing lots of logs (and, as we’ve shown before, rsyslog is good at processing lots of logs), you’re probably interested in monitoring it. To do that, you can use impstats, which comes from input module for process […]
————————————————————————— Version 8.1.6 [devel] 2014-01-20 – omfile: permit to set global defaults for action parameters Thanks to Nathan Brown for the patch. See also: https://github.com/rsyslog/rsyslog/pull/23 – add capability to escape control characters in the C way of doing it adds new global parameter “parser.escapeControlCharactersCStyle” Thanks to Nathan Brown for the patch. See also: https://github.com/rsyslog/rsyslog/pull/13 – […]
Original post: Structured Logging with rsyslog and Elasticsearch via @sematext When your applications generate a lot of logs, you’d probably want to make some sense of them through searches and statistics. Here’s when structured logging comes in handy, and I would like to share some thoughts and configuration examples of how you could use a […]
Version 7.5.6 [devel] 2013-10-29 improved performance of RainerScript variable access by refactoring the whole body of variable handling code. This also solves some of the anomalies experienced in some versions of rsyslog. All variable types are now handled in unified code, including access via templates. RainerScript: make use of 64 bit for numbers where available […]
Version 7.5.4 [devel] 2013-10-07 mmpstrucdata: new module to parse RFC5424 structured data into json message properties change main/ruleset queue defaults to be more enterprise-like new defaults are queue.size 100,000 max workers 2, worker activation after 40,000 msgs are queued, batch size 256. These settings are much more useful for enterprises and will not hurt low-end […]
Version 7.5.3 [devel] 2013-09-11 imfile: support for escaping LF characters added embedded LF in syslog messages cause a lot of trouble. imfile now has the capability to escape them to “#012″ (just like the regular control character escape option). This requires new-style input statements to be used. If legacy configuration statements are used, LF escaping […]
Version 7.4.4 [v7.4-stable] 2013-09-03 better error messages in GuardTime signature provider Thanks to Ahto Truu for providing the patch. make rsyslog use the new json-c pkgconfig file if available Thanks to the Gentoo team for the patches. bugfix: imfile parameter “persistStateInterval” was unusable due to a case typo in imfile; work-around was to use legacy […]
Version 7.5.2 [devel] 2013-07-04 librelp 1.1.4 is now required We use API extensions for better error reporting and higher performance. omrelp: use transactional mode to make imrelp emit bulk sends omrelp: add “windowSize” parameter to set custom RELP window size bugfix: double-free in omelasticsearch closes: http://bugzilla.adiscon.com/show_bug.cgi?id=461 a security advisory for this bug is available at: http://www.lsexperts.de/advisories/lse-2013-07-03.txt […]