[Oisf-users] Rsyslog suppressed messages from suricata
Andreas Herz
aherz at oisf.net
Sun Jun 30 19:52:35 UTC 2019
On 19/06/19 at 09:01, craig at reswob10.net wrote:
> Hi, new to suricata. I have a new install on CentOS 7 running rsyslog
> 8.24.0-34.el7 and I have suricata 4.1.4
>
> My problem is it appears rsyslog is blocking writing of events to
> /var/log/messages because I see no suricata logs, but many of these
> entries:
>
> journal: Suppressed 13475 messages from /system.slice/suricata.service
>
> (the number of suppressed messages changes, but the main message stays
> the same)
>
> Is there a particular area of my config I should look at to tweak to fix
> this? Does this mean I should migrate to a server with more CPU and/or
> RAM?
Do you get any load issues or so?
I'm not that familiar with rsyslogd but maybe you could increase
logging/debug output for it to find the root cause?
> Thanks
>
> Craig
>
> My other question is this: is there a way to search the archives? I
> went to https://lists.openinfosecfoundation.org/pipermail/oisf-users/
> but I didn't see a search capability....
Google works quite good for that :)
--
Andreas Herz
More information about the Oisf-users
mailing list