flume-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hari Shreedharan <hshreedha...@cloudera.com>
Subject Re: flume-ng & syslog source
Date Wed, 25 Jul 2012 07:55:26 GMT
It would be helpful if you could send the original messages as well.  

Thanks
Hari

-- 
Hari Shreedharan


On Wednesday, July 25, 2012 at 12:49 AM, mete wrote:

> Hello folks,
> 
> I am using flume-ng for cdh4 (1.10), and i am redirecting syslog output from a network
device to flume-ng. My config is as follows:
> test1.channels.mem-chan-1.type = memory
> test1.channels.mem-chan-1.capacity = 100000
> test1.channels.mem-chan-1.transactionCapacity = 1000
> 
> test1.sources.syslog-traffic.channels = mem-chan-1
> test1.sources.syslog-traffic.type = syslogudp
> test1.sources.syslog-traffic.port = 5140
> test1.sources.syslog-traffic.bind = test1
> test1.sources.syslog-traffic.eventSize = 10000
> 
> test1.sinks.file-sink-1.channel = mem-chan-1 
> test1.sinks.file-sink-1.type = file_roll
> test1.sinks.file-sink-1.sink.directory = /home/cloudera-user/tmp/
> test1.sinks.file-sink-1.rollInterval = 86400
> 
> test1.channels = mem-chan-1 
> test1.sources = syslog-traffic
> test1.sinks = file-sink-1
> 
> 
> i have a pretty straightforward config with one syslogudp source , a memory channel and
a file sink.
> 
> However, some of the messages i see on the file is like this:
> 
> DEVICE: "some syslog content"@
> DEVICE: "some syslog content"@
> OUT^@
> FIN^@
> RST^@
> RST^@
> OUT^@
> FIN^@
> RST^@
> FIN^@
> FIN^@
> OUT^@
> RST^@
> RST^@
> RST^@
> 
> 
> As you can see, some lines are somehow trimmed and does not contain the entire message.
When i redirect same device to syslog-ng there are no issues like this. 
> I tried increasing the event size on the syslog source but that did not change anything
at all.
> Any ideas on what might be the problem?
> Thanks in advance.
> 
> Mete 


Mime
View raw message