Discussion:
[rsyslog] Trying to use mmnormalize results in no output
mike _
2015-10-23 11:04:09 UTC
Permalink
I'm using rsyslog 8.8.0 from Fedora 22 repos.


I'm trying to format logs in to JSON and send them to a remote
logstash instance. I have that working. But I also want to run
everything through mmnormalize to extract info from some log entries
and I cannot that make that work at all.


This works for formatting the logs and sending them to logstash:


[***@foo]# cat /etc/rsyslog.d/tologstash.conf

module(load="mmnormalize")


global (

defaultNetstreamDriverCAFile="/etc/pki/tls/certs/ca-bundle.pem"

)



template(name="logstash" type="list"){
constant(value="{")
property(name="msg" outname="message" format="jsonfr" droplastlf="on")
constant(value=",")
property(name="pri" outname="priority_code" format="jsonfr")
constant(value=",")
property(name="pri-text" outname="priority" format="jsonfr")
constant(value=",")
property(name="syslogfacility" outname="facility_code" format="jsonfr")
constant(value=",")
property(name="syslogfacility-text" outname="facility" format="jsonfr")
constant(value=",")
property(name="syslogseverity" outname="severity_code" format="jsonfr")
constant(value=",")
property(name="syslogseverity-text" outname="severity" format="jsonfr")
constant(value=",")
property(name="timereported" outname="syslog_timestamp"
format="jsonfr" dateformat="rfc3339")
constant(value=",")
property(name="hostname" outname="hostname" format="jsonfr")
constant(value=",")
property(name="syslogtag" outname="syslog_tag" format="jsonfr")
constant(value=",")
property(name="programname" outname="program" format="jsonfr")
constant(value="}")

}


action(type="omfwd"
target="logstash.hostname"
port="10515"
protocol="tcp"
StreamDriver="gtls"
StreamDriverMode="1"
StreamDriverAuthMode="anon"
queue.filename="logstashqueue"
queue.spoolDirectory="/var/lib/rsyslog"
queue.maxdiskspace="1g"
queue.type="LinkedList"
queue.saveonshutdown="on"
queue.size="5000"
queue.highwatermark="3500"
queue.lowwatermark="2000"
queue.discardmark="5000"
template="logstash"
action.resumeinterval="60"
action.resumeretrycount="-1"
)


[***@foo]#


With that config logs go to logstash.hostname and also in to various
files in /var/log as specified in the default rsyslog.conf.


When I introduce another action for mmnormalize just before the action
that's already there:


action(type="mmnormalize" ruleBase="/etc/rsyslog.d/sshd.rb")
action(type="omfwd"


Where sshd.rb looks like:

[***@foo]# cat /etc/rsyslog.d/sshd.rb
rule=sshd_accepted_password:%-:string-to: Accepted% Accepted password
for %ssh_user:word% from %remote_ip:ipv4% %-:rest%
[***@foo]#


Then the result is that nothing is sent to logstash.hostname and
nothing goes in the files in /var/log/ either.

I have observed that if I specify no file for the rulebase, or if I
specify a non-existent file, then logs reachlogstash.hostname and
/var/log/

One question I have is: what happens to log entries which do not match
any rules in the file specified by ruleBase?

I can't find a definitive answer to that question. I was wondering
whether maybe the problem is that if a log entry doesn't match any
rule then it is effectively discarded. But if that were the case I
would expect to have found people talking about the need to use a rule
which matches any log entry to ensure it isn't discarded and I
haven't. A colleague has a working example with mmnormlize where
they're parsing a specified file with a named ruleset, and experiments
on that show that log entries which don't match any rules in the
ruleBase file reach logstash. If I replace sshd.rb with their ruleBase
I also get no output.


This log entry, obtained without the mmnormalize action in place,
matches the rule in sshd.rb

[***@foo]# echo "Oct 22 10:15:43 foo sshd[7217]: Accepted password
for mike from 192.168.2.100 port 43090 ssh2" | lognormalizer -r
/etc/rsyslog.d/sshd.rb
[***@115 event.tags="sshd_accepted_password" remote_ip="192.168.2.100"
ssh_user="mike"]
[***@foo]#

If, with the mmnormalize action in place, I repeat the action which
generates a log entry like that, I still get no output anywhere. So
I'm thinking the problem probably isn't nothing matches the rule
therefore no output.


I've run rsyslog in debug mode and lots and lots of stuff is output
including messages such as

4377.155829288:imjournal.c : main Q: EnqueueMsg advised worker start
4382.205117764:imjournal.c : main Q: qqueueAdd: entry added, size
now log 670, phys 672 entries
4382.205134783:imjournal.c : main Q: EnqueueMsg advised worker start
4382.205246089:imjournal.c : main Q: qqueueAdd: entry added, size
now log 671, phys 673 entries
4382.205254910:imjournal.c : main Q: EnqueueMsg advised worker start
4382.205373987:imjournal.c : main Q: qqueueAdd: entry added, size
now log 672, phys 674 entries

Which makes me think rsyslog is at least taking log entries in, but if
the explanation of why nothing is coming out is in the debug output I
can't recognise it.

I feel like I'm doing something fundamentally wrong, but I've no idea
what. Any explanation/guidance would be much appreciated.

thanks,

mike
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
David Lang
2015-10-23 23:18:44 UTC
Permalink
to troubleshoot this sort of thing, write a log file with what you are going to
have mmnormalize look at (%msg% or %rawmsg% by default), and then test your
ruleset manually with

/usr/lib/lognorm/lognormalizer -r <rulebase file>

add -v to get the gory details about what's happening (warning, don't try to do
this with a large config, extract just the part you're testing)

in your case, you don't specify rawmsg, so make a template that's just "%msg%\n"
and output your logs with that. Then you can test things.

David Lang
Date: Fri, 23 Oct 2015 12:04:09 +0100
Subject: [rsyslog] Trying to use mmnormalize results in no output
I'm using rsyslog 8.8.0 from Fedora 22 repos.
I'm trying to format logs in to JSON and send them to a remote
logstash instance. I have that working. But I also want to run
everything through mmnormalize to extract info from some log entries
and I cannot that make that work at all.
module(load="mmnormalize")
global (
defaultNetstreamDriverCAFile="/etc/pki/tls/certs/ca-bundle.pem"
)
template(name="logstash" type="list"){
constant(value="{")
property(name="msg" outname="message" format="jsonfr" droplastlf="on")
constant(value=",")
property(name="pri" outname="priority_code" format="jsonfr")
constant(value=",")
property(name="pri-text" outname="priority" format="jsonfr")
constant(value=",")
property(name="syslogfacility" outname="facility_code" format="jsonfr")
constant(value=",")
property(name="syslogfacility-text" outname="facility" format="jsonfr")
constant(value=",")
property(name="syslogseverity" outname="severity_code" format="jsonfr")
constant(value=",")
property(name="syslogseverity-text" outname="severity" format="jsonfr")
constant(value=",")
property(name="timereported" outname="syslog_timestamp"
format="jsonfr" dateformat="rfc3339")
constant(value=",")
property(name="hostname" outname="hostname" format="jsonfr")
constant(value=",")
property(name="syslogtag" outname="syslog_tag" format="jsonfr")
constant(value=",")
property(name="programname" outname="program" format="jsonfr")
constant(value="}")
}
action(type="omfwd"
target="logstash.hostname"
port="10515"
protocol="tcp"
StreamDriver="gtls"
StreamDriverMode="1"
StreamDriverAuthMode="anon"
queue.filename="logstashqueue"
queue.spoolDirectory="/var/lib/rsyslog"
queue.maxdiskspace="1g"
queue.type="LinkedList"
queue.saveonshutdown="on"
queue.size="5000"
queue.highwatermark="3500"
queue.lowwatermark="2000"
queue.discardmark="5000"
template="logstash"
action.resumeinterval="60"
action.resumeretrycount="-1"
)
With that config logs go to logstash.hostname and also in to various
files in /var/log as specified in the default rsyslog.conf.
When I introduce another action for mmnormalize just before the action
action(type="mmnormalize" ruleBase="/etc/rsyslog.d/sshd.rb")
action(type="omfwd"
rule=sshd_accepted_password:%-:string-to: Accepted% Accepted password
for %ssh_user:word% from %remote_ip:ipv4% %-:rest%
Then the result is that nothing is sent to logstash.hostname and
nothing goes in the files in /var/log/ either.
I have observed that if I specify no file for the rulebase, or if I
specify a non-existent file, then logs reachlogstash.hostname and
/var/log/
One question I have is: what happens to log entries which do not match
any rules in the file specified by ruleBase?
I can't find a definitive answer to that question. I was wondering
whether maybe the problem is that if a log entry doesn't match any
rule then it is effectively discarded. But if that were the case I
would expect to have found people talking about the need to use a rule
which matches any log entry to ensure it isn't discarded and I
haven't. A colleague has a working example with mmnormlize where
they're parsing a specified file with a named ruleset, and experiments
on that show that log entries which don't match any rules in the
ruleBase file reach logstash. If I replace sshd.rb with their ruleBase
I also get no output.
This log entry, obtained without the mmnormalize action in place,
matches the rule in sshd.rb
for mike from 192.168.2.100 port 43090 ssh2" | lognormalizer -r
/etc/rsyslog.d/sshd.rb
ssh_user="mike"]
If, with the mmnormalize action in place, I repeat the action which
generates a log entry like that, I still get no output anywhere. So
I'm thinking the problem probably isn't nothing matches the rule
therefore no output.
I've run rsyslog in debug mode and lots and lots of stuff is output
including messages such as
4377.155829288:imjournal.c : main Q: EnqueueMsg advised worker start
4382.205117764:imjournal.c : main Q: qqueueAdd: entry added, size
now log 670, phys 672 entries
4382.205134783:imjournal.c : main Q: EnqueueMsg advised worker start
4382.205246089:imjournal.c : main Q: qqueueAdd: entry added, size
now log 671, phys 673 entries
4382.205254910:imjournal.c : main Q: EnqueueMsg advised worker start
4382.205373987:imjournal.c : main Q: qqueueAdd: entry added, size
now log 672, phys 674 entries
Which makes me think rsyslog is at least taking log entries in, but if
the explanation of why nothing is coming out is in the debug output I
can't recognise it.
I feel like I'm doing something fundamentally wrong, but I've no idea
what. Any explanation/guidance would be much appreciated.
thanks,
mike
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
mike _
2015-10-25 09:52:07 UTC
Permalink
Post by David Lang
to troubleshoot this sort of thing, write a log file with what you are going
to have mmnormalize look at (%msg% or %rawmsg% by default), and then test
your ruleset manually with
/usr/lib/lognorm/lognormalizer -r <rulebase file>
add -v to get the gory details about what's happening (warning, don't try to
do this with a large config, extract just the part you're testing)
in your case, you don't specify rawmsg, so make a template that's just
"%msg%\n" and output your logs with that. Then you can test things.
David Lang
OK, that's helpful in that it makes me realise I think I've written
the sshd.rb rulebase to match on %rawmsg% and then I'm feeding it
%msg% so nothing will match. But unfortunately it doesn't help me any
more than that. Maybe it should, and would if I understood more about
how rsyslog works, but it doesn't. I still can't get what I want
working at all.


I'm honestly not entirely sure what questions to even ask but I'm
going to try two:


1] If a log event is passed through mmnormalize and doesn't match any
of the rules, should it still get recorded somewhere? I would really
really appreciate an answer to that because I cannot find an answer
anywhere. I have experiences which indicate that the log event is
still recorded if it doesn't match any rules, but then I also see that
introducing mmnormalize with a rulebase that nothing matches to the
default ruleset means that nothing at all gets logged.


2] I want to pass everything that comes in to rsyslog from imjournal
through mmnormalize. Some of the events will match stuff in the
rulebase, most of them won't. I then want everything to go to to a
remote host in JSON and also have everything go in to the various
files under /var/log/ as specified in the default /etc/rsyslogd.conf.
Is this actually viable?



I have have sending the content of a specified file, /var/log/fail2ban
(the fail2ban logtarget) going through mmnormalize then to the remote
host in JSON working. I have the default ruleset sending everything
from imjournal to remote host in JSON plus files in /var/log/ working,
but when I try to get mmnormalize involved in that get no output
anywhere and I have no idea why.

thanks,

mike
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Rainer Gerhards
2015-10-25 12:26:28 UTC
Permalink
Post by mike _
Post by David Lang
to troubleshoot this sort of thing, write a log file with what you are going
to have mmnormalize look at (%msg% or %rawmsg% by default), and then test
your ruleset manually with
/usr/lib/lognorm/lognormalizer -r <rulebase file>
add -v to get the gory details about what's happening (warning, don't try to
do this with a large config, extract just the part you're testing)
in your case, you don't specify rawmsg, so make a template that's just
"%msg%\n" and output your logs with that. Then you can test things.
David Lang
OK, that's helpful in that it makes me realise I think I've written
the sshd.rb rulebase to match on %rawmsg% and then I'm feeding it
%msg% so nothing will match. But unfortunately it doesn't help me any
more than that. Maybe it should, and would if I understood more about
how rsyslog works, but it doesn't. I still can't get what I want
working at all.
I'm honestly not entirely sure what questions to even ask but I'm
1] If a log event is passed through mmnormalize and doesn't match any
of the rules, should it still get recorded somewhere? I would really
really appreciate an answer to that because I cannot find an answer
anywhere. I have experiences which indicate that the log event is
still recorded if it doesn't match any rules, but then I also see that
introducing mmnormalize with a rulebase that nothing matches to the
default ruleset means that nothing at all gets logged.
It is still recorded somewhere, but that of course depends on how you
have setup the full system. With the config excerpt from your initial
posting, it should forward them.
Post by mike _
2] I want to pass everything that comes in to rsyslog from imjournal
through mmnormalize. Some of the events will match stuff in the
rulebase, most of them won't. I then want everything to go to to a
remote host in JSON and also have everything go in to the various
files under /var/log/ as specified in the default /etc/rsyslogd.conf.
Is this actually viable?
very normal use case
Post by mike _
I have have sending the content of a specified file, /var/log/fail2ban
(the fail2ban logtarget) going through mmnormalize then to the remote
host in JSON working. I have the default ruleset sending everything
from imjournal to remote host in JSON plus files in /var/log/ working,
but when I try to get mmnormalize involved in that get no output
anywhere and I have no idea why.
I suggest to post your full debug log, then we could probably see what
is going on.

Rainer
Post by mike _
thanks,
mike
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
David Lang
2015-10-25 22:51:23 UTC
Permalink
Post by mike _
Post by David Lang
to troubleshoot this sort of thing, write a log file with what you are going
to have mmnormalize look at (%msg% or %rawmsg% by default), and then test
your ruleset manually with
/usr/lib/lognorm/lognormalizer -r <rulebase file>
add -v to get the gory details about what's happening (warning, don't try to
do this with a large config, extract just the part you're testing)
in your case, you don't specify rawmsg, so make a template that's just
"%msg%\n" and output your logs with that. Then you can test things.
David Lang
OK, that's helpful in that it makes me realise I think I've written
the sshd.rb rulebase to match on %rawmsg% and then I'm feeding it
%msg% so nothing will match. But unfortunately it doesn't help me any
more than that. Maybe it should, and would if I understood more about
how rsyslog works, but it doesn't. I still can't get what I want
working at all.
I'm honestly not entirely sure what questions to even ask but I'm
1] If a log event is passed through mmnormalize and doesn't match any
of the rules, should it still get recorded somewhere? I would really
really appreciate an answer to that because I cannot find an answer
anywhere. I have experiences which indicate that the log event is
still recorded if it doesn't match any rules, but then I also see that
introducing mmnormalize with a rulebase that nothing matches to the
default ruleset means that nothing at all gets logged.
the log event doesn't get thrown away unless you explicitly tell rysslog to do
so with 'stop' or '~' (or just don't have any rules that match the log and
trigger writign it out)

mmnormalize doesn't change anything. If something doesn't match anything in the
mmnormalize rules, it creates the 'original-msg' and 'unparsed'data' variiables
instead.

to understand what's happening, look at the debugformat output before and after
the mmnormalize call.
Post by mike _
2] I want to pass everything that comes in to rsyslog from imjournal
through mmnormalize. Some of the events will match stuff in the
rulebase, most of them won't. I then want everything to go to to a
remote host in JSON and also have everything go in to the various
files under /var/log/ as specified in the default /etc/rsyslogd.conf.
Is this actually viable?
yes. I hvae by leaf relay nodes collect everything, parse it if it's JSON and
send everything on to the central server as JSON.
Post by mike _
I have have sending the content of a specified file, /var/log/fail2ban
(the fail2ban logtarget) going through mmnormalize then to the remote
host in JSON working. I have the default ruleset sending everything
from imjournal to remote host in JSON plus files in /var/log/ working,
but when I try to get mmnormalize involved in that get no output
anywhere and I have no idea why.
if adding the mmnormalize call causes you to get no output anywhere, then you
probably added a syntax error

run

rysyslogd -N2

and see what it reports.

David Lang
Post by mike _
thanks,
mike
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
mike _
2015-10-27 13:24:37 UTC
Permalink
As far as I can tell my config files don't contain syntax error



[***@crash rsyslog.d]# rsyslogd -N2
rsyslogd: version 8.8.0, config validation run (level 2), master
config /etc/rsyslog.conf
rsyslogd: End of config validation run. Bye.
[***@crash rsyslog.d]#


I can get a message about "syntax error" by adding a line which just
contains '}' to the config so I assume the absence of such an error
means the config files is OK.


Here's all the configuration files, not just the ones I've written


[***@crash rsyslog.d]# grep -v ^# /etc/rsyslog.conf | grep -v ^$
$ModLoad imjournal # provides access to the systemd journal
$WorkDirectory /var/lib/rsyslog
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
$IMJournalStateFile imjournal.state
$IMJournalIgnorePreviousMessages on
*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg :omusrmsg:*
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
[***@crash rsyslog.d]# for i in *;do echo -e
"\n\n\n--------------------------------------------------------------\n${i}\n--------------------\n";cat
${i};done


--------------------------------------------------------------
spice-vdagentd.conf
--------------------

# A template to for higher precision timestamps + severity logging
$template SpiceTmpl,"%TIMESTAMP%.%TIMESTAMP:::date-subseconds%
%syslogtag% %syslogseverity-text%:%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"

:programname, startswith, "spice-vdagent"
/var/log/spice-vdagent.log;SpiceTmpl



--------------------------------------------------------------
sshd.rb
--------------------

rule=sshd_accepted_password: Accepted password for %ssh_user:word%
from %remote_ip:ipv4% %-:rest%



--------------------------------------------------------------
tologstash.conf
--------------------

module(load="mmnormalize")

global (
defaultNetstreamDriverCAFile="/etc/pki/tls/certs/ca-bundle.pem"
)

template(name="logstash" type="list"){
constant(value="{")
property(name="msg" outname="message" format="jsonfr" droplastlf="on")
constant(value=",")
property(name="pri" outname="priority_code" format="jsonfr")
constant(value=",")
property(name="pri-text" outname="priority" format="jsonfr")
constant(value=",")
property(name="syslogfacility" outname="facility_code" format="jsonfr")
constant(value=",")
property(name="syslogfacility-text" outname="facility" format="jsonfr")
constant(value=",")
property(name="syslogseverity" outname="severity_code" format="jsonfr")
constant(value=",")
property(name="syslogseverity-text" outname="severity" format="jsonfr")
constant(value=",")
property(name="timereported" outname="syslog_timestamp"
format="jsonfr" dateformat="rfc3339")
constant(value=",")
property(name="hostname" outname="hostname" format="jsonfr")
constant(value=",")
property(name="syslogtag" outname="syslog_tag" format="jsonfr")
constant(value=",")
property(name="programname" outname="program" format="jsonfr")
constant(value="}")

}


action(type="mmnormalize" ruleBase="/etc/rsyslog.d/sshd.rb")
action(type="omfwd"
target="logstash.hostname"
port="10515"
protocol="tcp"
StreamDriver="gtls"
StreamDriverMode="1"
StreamDriverAuthMode="anon"
queue.filename="logstashqueue"
queue.spoolDirectory="/var/lib/rsyslog"
queue.maxdiskspace="1g"
queue.type="LinkedList"
queue.saveonshutdown="on"
queue.size="5000"
queue.highwatermark="3500"
queue.lowwatermark="2000"
queue.discardmark="5000"
template="logstash"
action.resumeinterval="60"
action.resumeretrycount="-1"
)

[***@crash rsyslog.d]#



spice-vdagentd.conf isn't my creation, it's put there by an rpm.
/etc/rsyslog.conf is what's provided by the Fedora rsyslog rpm. I'm
aware the logstash template doesn't reference ssh_user or remote_ip
mentioned in sshd.rb, I was intending to add them once I'd got past
this hurdle of adding mmnormalize causing no output. Things work as I
expect with the mmnormalize action commented out.





Output of 'rsyslog -dn' is a couple of thousand lines so I've put it at

http://pastebin.com/eXFPcW2q

To exit I pressed Ctrl-C and when after a few minutes it still hadn't
exited I pressed Ctrl-C a few more times then got

^C4505.240557259:main thread : DoDie called.
^C4515.808704863:main thread : DoDie called.
^C4516.728759181:main thread : DoDie called.
^C4517.192784094:main thread : DoDie called.
Aborted (core dumped)


thanks,

mike
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Loading...