[talk] Syslog Eats Rsyslog

Jesse Callaway bonsaime at gmail.com
Tue Aug 4 22:47:32 EDT 2015


The logstash "syslog input" receiver doesn't hold to either of these
specifications. You'll have to set up a proper rsyslog receiver on the
other end and then pipe it to a socket using the "unix input".

For more info you are probably best to hit up the elasticsearch fora.



On Tue, Aug 4, 2015 at 6:19 PM, Raul Cuza <raulcuza at gmail.com> wrote:

> Hola,
>
> I've been researching this too long and not getting headway. I'm
> hoping this is a "doh!" question.
>
> Unlike RFC 3195, my reading of RFC 5424 indicates that the 1024
> message size is no longer in place. But when I try to tell rsyslog
> (v7.4.4) this I still get my long messages broken up into 1k chunks. I
> want to send jumbo log entries (i.e. ~4k) over the wire to a logstash
> server that will munch it into JSON and throw it up into
> elasticsearch.
>
> Am I trying to do the impossible with rsyslog? I can't run logstash on
> the device that is generating the logs because it is extremely
> resource limited.
>
> Thanks for any help you can provide.
>
> Raúl
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk




-- 
-jesse
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org/pipermail/talk/attachments/20150804/7470f35b/attachment.html>


More information about the talk mailing list