I am working on a program that sends logs with syslog()
. Then I configured rsyslog
service to save logs in a file under Linux
. Most of the time this process works normally. But sometimes, some of the logs are not sent to rsyslog
. Instead, I can watch them when I use the journalctl -f -u Myservice
command. I am using the Debian Jessie
version of Linux
. Do you have any idea what is the problem and how to solve it?
Finally, I found a good answer. In the rsyslog
config file in we can add different methods to get the messages. I had many filters with the contains
filter. this significantly reduced the performance since it needs to completely search the string for the filter value. Then I found that the startswith
filter is far better in searching for a value in a string. I changed the message structure so that I can use the startswith
filter. then I changed the rsyslog
filter to startswith
. now the performance is much better and no message sent to the journal.
the syntax is like this:
:msg, startswith, "val" # instead of (:msg, contains, "val")