Rsyslog missing log

user-pic
By Pank on April 12, 2018 11:38 AM Vote 0 Votes

比較新的 Linux 都是使用 systemd journal 來處理 log, 其預設是有 Rate Limit 的,
若系統的 Log 量很多, 有可能會被達到限制條件而被過濾掉,
若觀察到 Log 有時卡住沒有新的出現, 可能就是這個狀況
journalctl -u systemd-journald
若有看到 Suppressed xxx messages 就表示有被濾掉

取消 Rate Limit 限制

/etc/systemd/journald.conf 加入
RateLimitInterval=0
RateLimitBurst=0

/etc/rsyslog.conf 加入
$imjournalRatelimitInterval 0
$imjournalRatelimitBurst 0

systemctl restart systemd-journald
systemctl restart rsyslog

ref. Missing logs?!? Learning about linux logging systems

Categories:

Recent Entries

About this Entry

This page contains a single entry by Pank published on April 12, 2018 11:38 AM.

MySQL Sync Table from Host A to Host B was the previous entry in this blog.

DNS delegation check is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Categories

Monthly Archives