rsyslog statistic counter Actions
Actions
- processed – total number of messages processed by this action. This includes those messages that failed actual execution (so it is a total count of messages ever seen, but not necessarily successfully processed)
- failed – total number of messages that failed during processing. These are actually lost if they have not been processed by some other action. Most importantly in a failover chain the messages are flagged as “failed” in the failing actions even though they are forwarded to the failover action (the failover action’s “processed” count should equal to failing actions “fail” count in this scenario)
- suspended (7.5.8+) – total number of times this action suspended itself. Note that this counts the number of times the action transitioned from active to suspended state. The counter is no indication of how long the action was suspended or how often it was retried. This is intentional, as the counter as it currently is permits to tell how often the action ran into a failure condition.
- suspended.duration (7.5.8+) – the total number of seconds this action was disabled. Note that the second count is incremented as soon as the action is suspended for another interval. As such, the time may be higher than it should be at the reporting point of time. If the pstats interval is shorter than the suspension timeout, the same suspended.duration value may be reported for successive pstats outputs. For a long-running system, this is considered a minimal difference. In general, note that this setting is not totally accurate, especially when running with multiple worker threads. In rsyslog v8, this is the total suspended time for all worker instances of this action.
- resumed (7.5.8+) – total number of times this action resumed itself. A resumption occurs after the action has detected that a failure condition does no longer exist.
rsyslog statistic counter plugin omelasticsearch
Plugin – omelasticsearch
This plugin maintains global statistics, which accumulate all action instances. The statistic is named “omelasticsearch”. Parameters are:
- submitted – number of messages submitted for processing (with both success and error result)
- fail.httprequests – the number of times a http request failed. Note that a single http request may be used to submit multiple messages, so this number may be (much) lower than fail.http.
- fail.http – number of message failures due to connection like-problems (things like remote server down, broken link etc)
- fail.es – number of failures due to elasticsearch error reply; Note that this counter does NOT count the number of failed messages but the number of times a failure occured (a potentially much smaller number). Counting messages would be quite performance-intense and is thus not done.
The fail.httprequests and fail.http counters reflect only failures that omelasticsearch detected. Once it detects problems, it (usually, depends on circumstances) tell the rsyslog core that it wants to be suspended until the situation clears (this is a requirement for rsyslog output modules). Once it is suspended, it does NOT receive any further messages. Depending on the user configuration, messages will be lost during this period. Those lost messages will NOT be counted by impstats (as it does not see them).
Note that some previous (pre 7.4.5) versions of this plugin had different counters. These were experimental and confusing. The only ones really used were “submits”, which were the number of successfully processed messages and “connfail” which were equivalent to “failed.http”.
rsyslog 8.1.2 (v8-devel) released
We have just released 8.1.2 of the v8-devel branch. This is primarily a maintenance release, but offers some improvements. Thanks to Pavel Levshin, mmnormalize now offers higher performance and we have added the ability to link directly to jemalloc. Also, usability of queue settings has been improved by using better (and dynamic) defaults for a range of settings.
ChangeLog:
http://www.rsyslog.com/changelog-for-8-1-2-v8-devel/
Download:
http://www.rsyslog.com/rsyslog-8-1-2-v8-devel/
Feedback is *very much* appreciated.
Best regards,
Florian Riedl
Changelog for 8.1.2 (v8-devel)
Version 8.1.2 [devel] 2013-11-28
- support for liblognorm1 added – results in performance improvements
Thanks to Pavel Levshin for his work in this regard. - support for jemalloc added via –enable-jemalloc
Thanks to Pavel Levshin for suggesting jemalloc - queue defaults have changed
- high water mark is now dynamically 90% of queue size
- low water makr is now dynamically 70% of queue size
- queue.discardMark is now dynamically 98% of queue size
- queue.
workerThreadMinimumMessage set to queue.size / num workers
For queues with very low queue.maxSize (< 100), “emergency” defaults will be used.
Note that build system is experimental at this stage. - bugfix: disk queues created files in wrong working directory
if the $WorkDirectory was changed multiple times, all queues only used the last value set. - bugfix: legacy directive $ActionQueueWorkerThreads was not honored
- bugfix: mmrfc5424addhmac: “key” parameter was not properly processed
rsyslog 8.1.2 (v8-devel)
Download file name: rsyslog 8.1.2 (devel)
rsyslog 8.1.2 (devel)
sha256 hash: be78e9d338a7d7ec3f28743af4174c
Author: Rainer Gerhards (rgerhards@adiscon.com)
Version: 8.1.2 File size: 2.601 MB
rsyslog 7.5.7 (v7-devel) released
This is primarily a bug-fixing release, but offers some improvements in worker thread handling (thanks to Pavel Levshin!) as well as usability improvements when working changing queue sizes.
More detailed information is available in the changelog.
ChangeLog:
http://www.rsyslog.com/changelog-for-7-5-7-v7-devel/
Download:
http://www.rsyslog.com/rsyslog-7-5-7-v7-devel/
As always, feedback is appreciated.
Best regards,
Tim Eifler
rsyslog 7.5.7 (v7-devel)
Download file name: rsyslog 7.5.7 (devel)
rsyslog 7.5.7 (devel)
sha256 hash: 0bc21d20e5b3460554d7c60d347f3207153c52c68b6b870bfa7f27163c24682a
Author: Rainer Gerhards (rgerhards@adiscon.com)
Version: 7.5.7 File size: 2.472 MB
rsyslog 8.1.1 (v8-devel) released
This is the first bugfixing release for v8. It enhances overall stability and also re-enables some output modules. It is
highly suggested that v8 users upgrade to this release. Please note that it is still experimental code.
ChangeLog:
http://www.rsyslog.com/changelog-for-8-1-1-v8-devel/
Download:
http://www.rsyslog.com/rsyslog-8-1-1-v8-devel/
Feedback is *very much* appreciated.
Best regards,
Florian Riedl
Changelog for 8.1.1 (v8-devel)
Version 8.1.1 [devel] 2013-11-19
- bugfix: STOP/discard(~) was mostly NOT honored
This lead to execution of config code that was not meant to be executed. - bugfix: memory leak on worker thread termination
- bugfix: potential segfault in omfile under heavy load
Thanks to Pavel Levshin for alerting us. - bugfix: mmsequence: instance mode did not work
Thanks to Pavel Levshin for the patch - bugfix: segfault on startup when certain script constructs are used
e.g. “if not $msg …” - omhiredis: now supports v8 output module interface and works again
Thanks to Pavel Levshin for the patch - mmaudit: now supports v8 output module interface and work again
- bugfix: potential abort on startup in debug mode
This depends on template type being used. The root cause was a non-necessary debug output, which were at the wrong spot (leftover from initial testing).
Thanks to Pavel Levshin for alerting us and providing a patch proposal.
rsyslog 8.1.1 (v8-devel)
Download file name: rsyslog 8.1.1 (devel)
rsyslog 8.1.1 (devel)
sha256 hash: a0e024b6d237fa3559f358a3a4ca32
Author: Rainer Gerhards (rgerhards@adiscon.com)
Version: 8.1.1 File size: 2.601 MB