[talk] Syslog Eats Rsyslog

Raul Cuza raulcuza at gmail.com
Tue Aug 4 18:19:34 EDT 2015


Hola,

I've been researching this too long and not getting headway. I'm
hoping this is a "doh!" question.

Unlike RFC 3195, my reading of RFC 5424 indicates that the 1024
message size is no longer in place. But when I try to tell rsyslog
(v7.4.4) this I still get my long messages broken up into 1k chunks. I
want to send jumbo log entries (i.e. ~4k) over the wire to a logstash
server that will munch it into JSON and throw it up into
elasticsearch.

Am I trying to do the impossible with rsyslog? I can't run logstash on
the device that is generating the logs because it is extremely
resource limited.

Thanks for any help you can provide.

Raúl




More information about the talk mailing list