I was running debug logging on one system for a little bit, but it doesn’t seem like a good idea to leave it that way until the service abends (the debug log grew to 1.5GB in under 30 minutes), so I’m not sure the best way to get additional information. The service on rsyslog3 stopped again yesterday afternoon, and rsyslog1 stopped overnight. We’ve since put monitoring in place, and I’ve upgraded all of them to the just released v7.6.2 version of rsyslog. When I say abend, I really mean “stops running”, since it doesn’t seem to log any data with the rsyslog service down… service rsyslog status reports service is not running but pid exists… Tuesday morning just after 5:00am, rsyslogd abended on the fourth server… it took us a few hours to notice the outage. at about 4:30pm Saturday, rsyslogd abended on three of the four servers without me noticing Everything seemed to be working as expected, but a couple of things happened: I needed/wanted to take advantage of the enhanced DNS caching (I had disabled DNS lookups under 5.x since it appeared essentially every connection was resulting in a lookup), so this past Saturday morning I upgraded to rsyslog v7.6.1 (then today to v7.6.2) using the Adiscon RHEL repo. All of the data I’m accepting is over UDP (three separate listeners), with a TCP listener available for the load balancer service monitor. The four servers send >45GB of data daily with seemingly no major issues identified. I’ve been running v5.x (from the RHEL repos) and they’ve been pretty rock solid over the past couple of years, really. The systems are more or less identically configured running on Red Hat Enterprise 6, and are sitting behind a load balancer. I have four servers dedicated to rsyslog as a gateway for syslog data into our log aggregator.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |