[talk] Syslog Eats Rsyslog

Raul Cuza raulcuza at gmail.com
Tue Aug 4 18:19:34 EDT 2015


I've been researching this too long and not getting headway. I'm
hoping this is a "doh!" question.

Unlike RFC 3195, my reading of RFC 5424 indicates that the 1024
message size is no longer in place. But when I try to tell rsyslog
(v7.4.4) this I still get my long messages broken up into 1k chunks. I
want to send jumbo log entries (i.e. ~4k) over the wire to a logstash
server that will munch it into JSON and throw it up into

Am I trying to do the impossible with rsyslog? I can't run logstash on
the device that is generating the logs because it is extremely
resource limited.

Thanks for any help you can provide.


