-1

In my system rsyslog service running, after change the rsyslog config I need to restart rsyslog service, but sometimes it requires too much time (around 1.30 min 1) to restart service. (TLS connection for sending syslog messages)

rsyslog.conf file contains:

$SystemLogRateLimitInterval 0

$DefaultNetstreamDriver          gtls # gnu TLS
$DefaultNetstreamDriverCAFile    /etc/certs/ca.crt
$ActionSendStreamDriverMode      1
$ActionSendStreamDriverAuthMode  x509/certvalid
local6.*    @@<ipv4_addr>:6514

journalctl -u rsyslog.service command output :

Oct 15 11:43:26 centos74 rsyslogd[9989]:  [origin software="rsyslogd" swVersion="8.24.0" x-pid="9989" x-info="http://www.rsyslog.com"] exiting on signal 15.
Oct 15 11:43:26 centos74 systemd[1]: Stopping System Logging Service...
Oct 15 11:44:56 centos74 systemd[1]: rsyslog.service stop-sigterm timed out. Killing.
Oct 15 11:44:56 centos74 systemd[1]: rsyslog.service: main process exited, code=killed, status=9/KILL
Oct 15 11:44:56 centos74 systemd[1]: Unit rsyslog.service entered failed state.
Oct 15 11:44:56 centos74 systemd[1]: rsyslog.service failed.
Oct 15 11:44:56 centos74 systemd[1]: Starting System Logging Service...
Oct 15 11:44:56 centos74 rsyslogd[11480]:  [origin software="rsyslogd" swVersion="8.24.0" x-pid="11480" x-info="http://www.rsyslog.com"] start
Oct 15 11:44:56 centos74 systemd[1]: Started System Logging Service.

how to reduce restart time?

Mangesh Auti
  • 1,123
  • 1
  • 7
  • 12
  • Hello, and welcome on Stack Overflow ! First of all, when did the situation happened for the first time, did you change a parameter or anything else that have affected the starting time? The waiting time can rely on your machine (CPU/RAM occupation) and your network too. – Jaay Oct 15 '18 at 12:10
  • Hi, before I used rsyslog service without TLS (means not added extra StreamDriver lines in the rsyslog.conf file) it working perfectly ok.restart of rsyslog happens very fast. but after adding this line it takes time. (but when service is restart, rsyslog successfully send messages). – Mangesh Auti Oct 15 '18 at 12:22

1 Answers1

0

The usage of local6.* @@<ipv4_addr>:6514 suggest that you are using TCP protocol instead of UDP (where you should use only one @). Since you are using TCP, the connection between the client and server must be initialized and maintained which can take longer.

If the time is really a big issue for you and you don't have compliance for message consistancy (UDP may induce message loss), you should take a look at UDP to decrease startup time.

If you wanna stick to TCP protocol, I suggest that you investigate your network architecture to improve/prioritize the path between client and server.

Jaay
  • 2,103
  • 1
  • 16
  • 34