pmlastmsg: last message repeated n times
Module Name: | pmlastmsg |
Author: | |
Available Since: | 5.5.6 |
Purpose
Some syslogds are known to emit severity malformed messages with content “last message repeated n times”. These messages can mess up message reception, as they lead to wrong interpretation with the standard RFC3164 parser. Rather than trying to fix this issue in pmrfc3164, we have created a new parser module specifically for these messages. The reason is that some processing overhead is involved in processing these messages (they must be recognized) and we would not like to place this toll on every user but only on those actually in need of the feature. Note that the performance toll is not large – but if you expect a very high message rate with tenthousands of messages per second, you will notice a difference.
This module should be loaded first inside rsyslog’s parser chain. It processes all those messages that contain a PRI, then none or some spaces and then the exact text (case-insensitive) “last message repeated n times” where n must be an integer. All other messages are left untouched.
Configuration Parameters
Note
Parameter names are case-insensitive.
There do not currently exist any configuration parameters for this module.
Examples
Systems emitting malformed “repeated msg” messages
This example is the typical use case, where some systems emit malformed “repeated msg” messages. Other than that, the default RFC 5424 and RFC 3164 parsers should be used. Note that when a parser is specified, the default parser chain is removed, so we need to specify all three parsers. We use this together with the default ruleset.
module(load="pmlastmsg")
parser(type="pmlastmsg" name="custom.pmlastmsg")
ruleset(name="ruleset" parser=["custom.pmlastmsg", "rsyslog.rfc5424",
"rsyslog.rfc3164"]) {
... do processing here ...
}
See also
Help with configuring/using Rsyslog:
Mailing list - best route for general questions
GitHub: rsyslog source project - detailed questions, reporting issues that are believed to be bugs with
Rsyslog
See also
Contributing to Rsyslog:
Source project: rsyslog project README.
Documentation: rsyslog-doc project README
Copyright 2008-2023 Rainer Gerhards (Großrinderfeld), and Others.