The rocket-fast system for log processing
Rsyslog provides the “queue.size” parameter to set a limit on the number of messages a queue can keep in memory. This is primarily meant to support peak traffic. Note that this counter is given in number of messages, not bytes. A frequent mistake is to think in bytes and select very large values (e.g. 7 […]
Message modificaton modules modify the message object, so the next actions can process the modified message. However, if the action that invokes the message modification module runs on a real queue (anything other than queue.type=”direct”), the message object is actually duplicated, and done so only for executing the action. In other words, the duplicated message object […]
Originally posted on the Sematext blog: Monitoring rsyslog’s Performance with impstats and Elasticsearch If you’re using rsyslog for processing lots of logs (and, as we’ve shown before, rsyslog is good at processing lots of logs), you’re probably interested in monitoring it. To do that, you can use impstats, which comes from input module for process […]
Queue For each queue inside the system its own set of statistics counters is created. If there are multiple action (or main) queues, this can become a rather lengthy list. The stats record begins with the queue name (e.g. “main Q” for the main queue; ruleset queues have the name of the ruleset they are […]
The queue.size parameter permits to specify the maximum queue size in number of messages. While not technically enforced, there is a lower limit on this parameter. Setting it to very low values (roughly below 100 messages) is not supported and can lead to unpredictable results. Also, future version my automatically adjust to a safe lower […]
This guide will tell you, how to quickly protect your disk queue through encryption. So you can be sure that unauthorized persons can’t read your queue. Please note that we only use the “disk” queue format in this guide to show you the encrypted files but normally we recommend you to use the “LinkedList” queue […]
Release Date: 2022-01-18 Build-IDs: Service 7.2.0.217, Client 7.2.0.310 Features Syslog Service: Added configurable option to detect Year in RFC3164 Syslog Header. If enabled, the service will try to detect a Year after the usual RFC3164 Date Header. Syslog Service: Added configurable message size limit for syslog tcp messages. The default is 1MB which is far […]
Release Date: 2021-03-09 Build-IDs: Service 7.0.0.213, Client 7.0.0.297 Features Filter Engine: Add support to filter by IPv6 addresses. Eventlog Monitor V2: Added support to for LogPoint SIEM JSON Format. Eventlog Monitor V2: Added support for the following EventLog properties (if available): Providerguid, processed, threaded, version, opcode, eventtype, nxseverityvalue (required for Severity Mapping in LogPoint SIEM […]
Release Date: 2020-09-04 Build-IDs: Service 6.2.0.209, Client 6.2.0.284 Bugfixes Start Program Action: Fixed loading the Sync Timeout setting in file configuration mode. Queue Engine: Fix for STATUS_STACK_BUFFER_OVERRUN exception. STATUS_STACK_BUFFER_OVERRUN doesn’t mean that there was a stack buffer overrun. It appears that due recent security updates in windows network code, a new exception type was introduced. […]
Release Date: 2020-01-31 Build-IDs: Service 6.1.0.205, Client 6.1.0.280 Features Property engine: Added new static property %localhostname% which contains the local computer name. Syslog Action: Fixed Syslog Version in RFC5424 Header to 1. Bugfixes EventLog Monitor V2: Fixed an issue losing the first record LastRecord was resetted. EventLog Monitor V2: Fixed minor issues in new caching […]