flume-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mete <efk...@gmail.com>
Subject flume-ng & syslog source
Date Wed, 25 Jul 2012 07:49:54 GMT
Hello folks,

I am using flume-ng for cdh4 (1.10), and i am redirecting syslog output
from a network device to flume-ng. My config is as follows:
test1.channels.mem-chan-1.type = memory
test1.channels.mem-chan-1.capacity = 100000
test1.channels.mem-chan-1.transactionCapacity = 1000

test1.sources.syslog-traffic.channels = mem-chan-1
test1.sources.syslog-traffic.type = syslogudp
test1.sources.syslog-traffic.port = 5140
test1.sources.syslog-traffic.bind = test1
test1.sources.syslog-traffic.eventSize = 10000

test1.sinks.file-sink-1.channel = mem-chan-1
test1.sinks.file-sink-1.type = file_roll
test1.sinks.file-sink-1.sink.directory = /home/cloudera-user/tmp/
test1.sinks.file-sink-1.rollInterval = 86400

test1.channels = mem-chan-1
test1.sources = syslog-traffic
test1.sinks = file-sink-1

i have a pretty straightforward config with one syslogudp source , a memory
channel and a file sink.

However, some of the messages i see on the file is like this:

DEVICE: "some syslog content"@
DEVICE: "some syslog content"@
OUT^@
FIN^@
RST^@
RST^@
OUT^@
FIN^@
RST^@
FIN^@
FIN^@
OUT^@
RST^@
RST^@
RST^@

As you can see, some lines are somehow trimmed and does not contain the
entire message. When i redirect same device to syslog-ng there are no
issues like this.
I tried increasing the event size on the syslog source but that did not
change anything at all.
Any ideas on what might be the problem?
Thanks in advance.

Mete

Mime
View raw message