Comments (8)
ihrwein
commented on July 20, 2024
Hi!
Could you attach a minimalist merged xml file where the problem can be reproduced?
Thanks!
from syslog-ng.
faxm0dem
commented on July 20, 2024
command
pdbtool merge --directory=/tmp/patterndb --glob=\*.pdb --pdb /tmp/patterndb.pdb
/tmp/patterndb/rrdtool.pdb
<patterndb version='4' pub_date='2014-03-10'>
<ruleset name='rrdtool' id='REPLACE_UUID'>
<description>generated by puppet</description>
<patterns>
<pattern>rrdcached</pattern>
</patterns>
<rules>
<rule provider='[email protected]' id='2b8a2697-7205-4d8a-802f-1540e6af3eff'
context-id='rrdcached-lastupdate-${appacct.filename}'
context-scope='process'
class='software'>
<patterns>
<pattern>queue_thread_main: rrd_update_r @QSTRING:appacct.filename:()@ failed with status @ESTRING:appacct.status:.@ (@ESTRING:::@ illegal attempt to update using time @ESTRING:appacct.update_time: @when last update time is @ESTRING:appacct.last_time: @(minimum one second step))</pattern>
</patterns>
<values>
<value name='appacct.difference_dur'>$(- ${appacct.last_time} ${appacct.update_time})</value>
</values>
<examples>
<example>
<test_message program="rrdcached">queue_thread_main: rrd_update_r (/srv/rrd/ccwsge0247.in2p3.fr/disk-sdb/disk_octets.rrd) failed with status -1. (/srv/rrd/ccwsge0247.in2p3.fr/disk-sdb/disk_octets.rrd: illegal attempt to update using time 1394206025 when last update time is 2660923375 (minimum one second step))</test_message>
<test_values>
<test_value name='appacct.filename'>/srv/rrd/ccwsge0247.in2p3.fr/disk-sdb/disk_octets.rrd</test_value>
<test_value name='appacct.last_time'>2660923375</test_value>
<test_value name='appacct.status'>-1</test_value>
<test_value name='appacct.update_time'>1394206025</test_value>
</test_values>
</example>
</examples>
<actions>
<action condition='"${appacct.difference_dur}" >= "604800"'>
<message inherit-properties='TRUE'>
<tags>
<tag>alert</tag>
</tags>
</message>
</action>
</actions>
</rule>
</rules>
</ruleset>
</patterndb>from syslog-ng.
ihrwein
commented on July 20, 2024
@faxm0dem I tried to reproduce the bug but without success. I tried the following cases:
- use the above patterndb config
- use the above config and replace the action with
<action condition='"${appacct.difference_dur}" >= "604800"'> - I tried different
appacct.difference_durvalues. Some were greater, some were less than604800.
Could you recheck it please with the current master? Maybe a patch solved this in the meantime. Or I can try this with 3.6.
Update: tried to reproduce it with 3.6, also without success
from syslog-ng.
faxm0dem
commented on July 20, 2024
@ihrwein so the action's condition is correctly being honored?
from syslog-ng.
ihrwein
commented on July 20, 2024
Yeah. Message was only generated when difference_dur wa greater or equal to 604800.
from syslog-ng.
faxm0dem
commented on July 20, 2024
okay, I'll try to reproduce again hoping I was wrong
from syslog-ng.
ihrwein
commented on July 20, 2024
@faxm0dem Did you manage to try it? :)
from syslog-ng.
pzoleex
commented on July 20, 2024
Closed due to inactivity
from syslog-ng.
Related Issues (20)
- Support "official" AWS authentication in s3 destination
- Support role in s3 destination
- Sending logs to OpenSearch using panos parser produces JSON error in OpenSearch HOT 2
- default-network-drivers() is not getting fortigate logs hostname ($HOST) correctly HOT 4
- stats(healthcheck-freq()) problems HOT 4
- On a stressed system, some logs are not being written to the log file. HOT 2
- openobserve config is incorrect HOT 2
- Syslog-ng stops writing logs to a file from a custom systemd-journald namespace after a server restart HOT 2
- Support aws:kms encryption in the s3 destination
- [4.7.1] can't compile cloud-auth when using libressl HOT 2
- compile error in otel when ipv6 support is disabled
- clang c++ support HOT 1
- trusted-keys: support a secure hash algorithm HOT 1
- Add macro for certificate fingerprint HOT 1
- Unexpected behavior with multiple conditions including 'not' in the filter HOT 4
- There is no problem starting syslog-ng, but Verify reports an error. HOT 1
- OpenTelemetry/OTLP: add support for certificate pinning, like with `trusted-keys()` HOT 3
- Config failing with kafka and template HOT 3
- syslog-ng 3.24.1 sometimes crash in log_pipe_queue HOT 2
- libcloud-auth is underlinked HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from syslog-ng.