The rocket-fast system for log processing
Once you’ve updated the configuration of the AWS rsyslog application, it’s important to manually apply the new settings as rsyslog doesn’t do this automatically. This is to prevent partial changes from being loaded and potentially causing issues. The AWS rsyslog AWS application provides a dedicated tool, rsyslogctl, which can be used to check and reload […]
The EBS disk included in the product is only used for day-to-day storage of logs. Persistent log storage is kept on an S3 store. This store also contains some other data items which should persist over upgrades of the rsyslog on AWS application. The following prefixes/folders are used by rsyslog: The users should select proper […]
Our team at Adiscon offers a comprehensive paid full-service rsyslog product, available on the AWS Marketplace. As the same team that develops and supports the rsyslog open source project, we’re dedicated to providing exceptional service and ongoing innovation. By purchasing our AWS Marketplace product, you’re also supporting the continued development of rsyslog. This ensures that […]
For the past couple of years, rsyslog made scheduled releases every 6 weeks. We now changed this slightly to make version numbers easier to understand. Remember, rsyslog versions are called 8.<yy><mm>.0, so the April 2020 release is 8.2004.0. When we release very six weeks, we get odd and even month numbers and, even more confusing, […]
Rsyslog provides the “queue.size” parameter to set a limit on the number of messages a queue can keep in memory. This is primarily meant to support peak traffic. Note that this counter is given in number of messages, not bytes. A frequent mistake is to think in bytes and select very large values (e.g. 7 […]
When rsyslog reports a write error, it includes the operating-system generated error message. It should hopefully give you a clue what the problem cause was. Unfortunately from time to time to root cause is not obvious. In this case please check the following potential causes: Was OS/rsyslog config change applied but rsyslog not restarted? Rsyslog […]
Rsyslog used a version number scheme of 8.<real-version>.0 where we incremented <real-version> every 6 weeks with each release. The 8 and 0 are constant (well, the 0 could change to 1 with a very important patch, but in practice we have only done this once). While this scheme has worked pretty well since we introduced it, we […]
File has been truncated This is not a real error but rather a warning message. Most probably it occurs when monitoring files with imfile and “reopenOnTruncate” has been set to “on”. In this case, it indicates truncation of the file has been detected, and as such imfile begins to read it’s content from the beginning […]
Message modificaton modules modify the message object, so the next actions can process the modified message. However, if the action that invokes the message modification module runs on a real queue (anything other than queue.type=”direct”), the message object is actually duplicated, and done so only for executing the action. In other words, the duplicated message object […]
Warning parsing config file. This unfortunately is a pretty generic error code which is emitted when there is a problem understanding the configuration files. The main configuration file is usually /etc/rsyslog.conf and it may include other configuration files. The error message names the file and the approximate location of the error. The error text should […]