-
Notifications
You must be signed in to change notification settings - Fork 638
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pmnull module not included in rpm packages #2799
Comments
I guess the differences between distro packages are because we try to keep close to the distros - so we get different package structure. @friedl can you comment? |
@JPvRiel can you possibly describe your use-case a little bit? What is pmnull used for in your case? Currently, new packages including pmnull are in the making and should be finished soon. |
@friedl thanks for looking into this and the quick fix. Basically, I'm using rsyslog rsyslog is useful in that it plugs into kafka (which is great for streaming all kinds of log data) while the security product I needed to integrate with didn't have mature kafka support and prefered events in a specific syslog format. |
@JPvRiel I think the time saving by pmnull is very marginal, so unless you run several 100,000 messages per second, you won't notice it. Just wanted to make this clear. The reason is that pmnull also needs to populate the standard properties, and it does so with the same defaults the standard parser uses. So what can be saved is some comparisons during the parsing. |
Thanks for the explanation 👍 |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Expected behavior
Given the content of http://rpms.adiscon.com/v8-stable/epel-7/x86_64/RPMS/,
pmnull.so
should either included in core rsyslog package or have a rsyslog-pnull-.rpm package available to install it.The pseudo config below would ideally be viable without needing to compile rsyslog and pmnull from source:
Actual behavior
Attempting to use the null parser module results in this error for CentOS/RHEL rpm based distros:
http://rpms.adiscon.com/v8-stable/epel-7/x86_64/RPMS/ has no and for rsyslog-8.36.0-1.el7.x86_64.rpm,
pmnull.so
does not exist in/usr/lib64/rsyslog
.Steps to reproduce the behavior
setup yum to use adiscon repo for stable v8 and simply add
module(load="pmnull")
to trigger error.Environment
Workarround
Use standard parser chain or just rfc3164 and ignore all rsyslog properties by just using
rawmsg
in an output template (but a few CPU cycles will be wasted with parsers putting junk into rsyslog properties if the format doesn't comply with syslog)Extra
Interestingly, the following parse modules were included in
rsyslog-8.36.0-1.el7.x86_64.rpm
And #1761 is related (but closed) for .deb packages.
The text was updated successfully, but these errors were encountered: