I have configured a remote logging from one of my servers to the central log server via rsyslog TCP/SSL
Everything worked fine until yesterday where most of the files just stop being transmitted while some are still sent/updated in the log server.
I have this specific config inside my /etc/rsyslog.d/
$ModLoad imfile #Load the imfile input module
# poll every 10s
$InputFilePollInterval 10
# myfile
$InputFileName /var/log/data/myFile.log
$InputFileTag myFile:
$InputFileStateFile stat-myFile
$InputFileSeverity Info
$InputFileFacility local3
$InputRunFileMonitor
when I check the file, it gets updated by my application
ls -la /var/log/data
-rw-r--r-- 1 adm adm 2666 Apr 22 08:52 myFile.log
when I try checking the establish connections from this client to my remote log server it seems to be fine (netstat -tulpan | grep syslog)
tcp 0 0 <clientIP>:42724 <serverIP>:10514 ESTABLISHED 31839/rsyslogd
however when I check the log server, I store the remote logs from clients in /var/log/remotelogs//
weirdly, some files (such as systemd.log, sshd.log, rsyslogd.log, ..) are updated correctly in real time... but myFile.log is not
ls -la /var/remotelogs/<clientIP>
-rw-r----- 1 root root 1945150 Apr 21 15:07 myFile.log
as you can see.. it stopped yesterday around 3pm my time ... wth? checking the network connection on the server too, everything seems legit ...
$ sudo netstat -tulpan | grep syslog
tcp 0 0 0.0.0.0:10514 0.0.0.0:* LISTEN 3608119/rsyslogd
tcp 0 0 <serverIP>:10514 <clientIP>:42724 ESTABLISHED 3608119/rsyslogd
tcp6 0 0 :::10514 :::* LISTEN 3608119/rsyslogd
any idea what could be wrong? why some files are not being transmitted and some are?
I figured.. a colleague of mine created a script somehow impacting those files (dunno what exactly happened) but when I disabled the script and recreated the files .. it worked like a charm again ...