7
responses

Hi,

I would like to upgrade from version nxlog-ce-2.9.1716-1.x86_64 to the current nxlog version 2.10
my biggest worry is that there would be massive syntax changes so that my current config/setup is no longer working with the new version.

so, could you please tell me what has changed from 2.9.1716-1 to the current version?

best regards,
micsnare

AskedAugust 28, 2018 - 10:50am

Answer (1)

Not much, it should be safe to upgrade.

Comments (6)

  • micsnare's picture

    Dear Boti,

    before I upgrade, I do have another question.
    I have unexpected shutdowns of the nxlog process (due to an over-consumption of memory), and now I had a look at the nxlog.log and found the following errors:

    2018-08-28 11:05:19 ERROR data size (1048575) is over the limit (65000), will be truncated
    2018-08-28 11:05:19 ERROR data size (1048575) is over the limit (65000), will be truncated
    2018-08-28 11:05:21 ERROR oversized string, limit is 1048576 bytes

    could this be the reason for an out of memory error? and how to avoid this kind of error?

    best,
    micsnare

  • Zhengshi's picture
    (NXLog)

    Possibly. The upgrade to current may help that as well, but it is likely the logs are just sending very large events for some reason.
    The Enterprise Edition has BufferSize and StringLimit to help with this. These directives are currently unavailable in the CE product.

    I would suggest profiling the system if after the upgrade you still have high utilization. If you have a large config, trim it down to see which module is causing the utilization and work from there.

  • micsnare's picture

    I've upgraded now to the most recent version.
    Now I get this error constantly every second:
    ERROR oversized string, limit is 1048576 bytes

    is there a way how to find out what source is sending this oversized string?
    i assume it's caused by a specific source/host.
    or is it a cumulated size of all log sources that send their logs?

    thanks!

  • Zhengshi's picture
    (NXLog)

    probably specific host. If it is happening frequently enough you could throw in something like exec log_info($raw_event) and run nxlog in the foreground (nxlog -f) to see the error and the events together.