You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
syslog-ng 3.9.1
Installer-Version: 3.9.1
Revision:
Module-Directory: //usr/lib64/syslog-ng
Module-Path: //usr/lib64/syslog-ng
Available-Modules: linux-kmsg-format,afstomp,confgen,dbparser,basicfuncs,afsocket,disk-buffer,date,sdjournal,cryptofuncs,afuser,graphite,afprog,pseudofile,csvparser,syslogformat,afamqp,affile,add-contextual-data,kvformat,json-plugin,cef,system-source
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-IPv6: on
Enable-Spoof-Source: on
Enable-TCP-Wrapper: on
Enable-Linux-Caps: on
Platform
CentOS 7
Linux saffa 3.10.0-514.16.1.el7.x86_64 #1 SMP Wed Apr 12 15:04:24 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
Issue
flush-timeout is not implemented for the elasticsearch2 destination.
Failure
When i have a flush-limit set, syslog-ng will wait forever (or till limit of messages is reached), before sending the logs to the ES server. The only way to send the messages in the buffer to ES is to stop (or probably SIGNAL) syslog-ng
I can confirm this behaviour, and indeed it can be a problem on low-traffic instances.
That being said, I believe the default value of flush-mimit(5000) is definitely too large.
A sane default would be between 1 and 100 IMHO.
Fixes: syslog-ng#1509: flush-timeout() not implemented in elasticsearch2 destination
flush-timeout(0) will disable the automate flushing
Signed-off-by: Zoltan Pallagi <pzolee@balabit.com>
Fixes: syslog-ng#1509
Flush the message automatically when there are no more message in the queue.
Earlier it caused problem when there were less messages than flush_limit() and syslog-ng
does not flush them only at reload/restart.
Possible side effects: if the messages come slower syslog-ng will flush more often
instead of waiting flush_limit().
The classes inherited from ESNativeClient does not use this method
because the bulkprocessor here is responsible for the auto flush.
Signed-off-by: Zoltan Pallagi <pzolee@balabit.com>
syslog-ng
Version of syslog-ng
syslog-ng 3.9.1
Installer-Version: 3.9.1
Revision:
Module-Directory: //usr/lib64/syslog-ng
Module-Path: //usr/lib64/syslog-ng
Available-Modules: linux-kmsg-format,afstomp,confgen,dbparser,basicfuncs,afsocket,disk-buffer,date,sdjournal,cryptofuncs,afuser,graphite,afprog,pseudofile,csvparser,syslogformat,afamqp,affile,add-contextual-data,kvformat,json-plugin,cef,system-source
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-IPv6: on
Enable-Spoof-Source: on
Enable-TCP-Wrapper: on
Enable-Linux-Caps: on
Platform
CentOS 7
Linux saffa 3.10.0-514.16.1.el7.x86_64 #1 SMP Wed Apr 12 15:04:24 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
Issue
flush-timeout is not implemented for the elasticsearch2 destination.
Failure
When i have a flush-limit set, syslog-ng will wait forever (or till limit of messages is reached), before sending the logs to the ES server. The only way to send the messages in the buffer to ES is to stop (or probably SIGNAL) syslog-ng
Steps to reproduce
Configuration
Relevant part of my config:
The text was updated successfully, but these errors were encountered: