Dec 16 2020 08:25 PM
Hi Guys,
We have recently setup RSyslog (On Ubuntu 18.04.4 LTS VM) receiving logs from our Firewalls and then forwarding to Azure Sentinel. The problem with Syslog is after a few hours the CPU start reaching max 100% and connections to each Firewall slowly change from ESTABLISHED changes to CLOSE and it ultimately stops receiving the logs. Below is the sample output:
I saw below recommendation searching on Google
service rsyslog stop sed -i -e 's/^\$ModLoad imklog/#\$ModLoad imklog/g' /etc/rsyslog.conf service rsyslog start
Wondering if any one know root cause and how to fix it? Just in case if we use above solution commands what exactly the second command 'sed' will do?
Thanks