7
responses
responses
Hi,
I would like to upgrade from version nxlog-ce-2.9.1716-1.x86_64 to the current nxlog version 2.10
my biggest worry is that there would be massive syntax changes so that my current config/setup is no longer working with the new version.
so, could you please tell me what has changed from 2.9.1716-1 to the current version?
best regards,
micsnare
Comments (6)
thanks for the fast response :)
Dear Boti,
before I upgrade, I do have another question.
I have unexpected shutdowns of the nxlog process (due to an over-consumption of memory), and now I had a look at the nxlog.log and found the following errors:
2018-08-28 11:05:19 ERROR data size (1048575) is over the limit (65000), will be truncated
2018-08-28 11:05:19 ERROR data size (1048575) is over the limit (65000), will be truncated
2018-08-28 11:05:21 ERROR oversized string, limit is 1048576 bytes
could this be the reason for an out of memory error? and how to avoid this kind of error?
best,
micsnare
my guess is that this is caused by windows dns logs being sent (they're quite noisey)
Possibly. The upgrade to current may help that as well, but it is likely the logs are just sending very large events for some reason.
The Enterprise Edition has
BufferSize
andStringLimit
to help with this. These directives are currently unavailable in the CE product.I would suggest profiling the system if after the upgrade you still have high utilization. If you have a large config, trim it down to see which module is causing the utilization and work from there.
I've upgraded now to the most recent version.
Now I get this error constantly every second:
ERROR oversized string, limit is 1048576 bytes
is there a way how to find out what source is sending this oversized string?
i assume it's caused by a specific source/host.
or is it a cumulated size of all log sources that send their logs?
thanks!
probably specific host. If it is happening frequently enough you could throw in something like
exec log_info($raw_event)
and run nxlog in the foreground (nxlog -f) to see the error and the events together.