rsyslog truncate message also with $MaxMessageSize

logging rsyslog

7,428

I stumbled on the same problem yesterday and after some digging, I found the reason.

I'll make it short : the libc lib used on alpine is the musl libc (https://www.musl-libc.org/). If you check their implementation of the syslog function (https://git.musl-libc.org/cgit/musl/tree/src/misc/syslog.c#n87), you can see that the length of the variable buf that represent the message is hardcoded to 1024.

One solution is to connect and send the message (implementing the syslog RFC) to the /dev/log socket yourself. It works well.

Another one might be to use glibc on alpine lib but I do not know if it's actually possible.

7,428

Related videos on Youtube

Author by

hellb0y77

Updated on September 18, 2022

Comments

hellb0y77 over 1 year
I have an official alpine container with rsyslog installed, my /etc/rsyslog.conf is:
```
$MaxMessageSize 64k
$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog   # provides kernel logging support
$KLogPermitNonKernelFacility on
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022

*.*;auth,authpriv.none          -/var/log/syslog
```
I run rsyslog with rsyslogd -f /etc/rsyslog.conf, it seems that $MaxMessageSize is 1k instead than 64k Where am I wrong?

UPDATE

I have try within ubuntu container and work perfectly, it seems that alpine is the problem, into ubuntu rsyslog is version 7.4.4, into alpine 8.18.0

UPDATE 2

I have tried also with syslog-ng and have same result, max size 1k, maybe is a limit of alpine docker container?
- Rohit Nagpal over 6 years
  
  You will have to set the MaxMessageSize parameter on both the client(sender) as well as the server(receiver). This is the mistake which i was making when i faced a similar issue. Worked for me when i set it on the client as well.
- hellb0y77 over 6 years
  
  No client exists, into /var/log/syslog i put logs of php application, then i get with filebeat/logstash for elk logging. I use the official php-fpm-alpine container

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?

How to troubleshoot crashes detected by Google Play Store for Flutter app

Cupertino DateTime picker interfering with scroll behaviour

Why does awk -F work for most letters, but not for the letter "t"?

Flutter change focus color and icon color but not works

How to print and connect to printer using flutter desktop via usb?

Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0

Flutter Dart - get localized country name from country code

navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage

Android Sdk manager not found- Flutter doctor error

Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)

How to change the color of ElevatedButton when entering text in TextField

Related

rsyslog template date/time format with seconds

rsyslog not rotating at fixed file size

Accidentally deleted /var/log/syslog

syslog not showing log levels in messages

Relationship of rsyslog and journald on Ubuntu 16.04

rsyslog: Log some messages only to specific file

remote server log viewer/analyzer

Remove Iptables log from kern.log syslog messages

Rsyslog not logging from remote server

Rsyslogd not listening on port