Bug 1731821 - [Insights/Rule/Bug] rsyslog imjournal false positive
Summary: [Insights/Rule/Bug] rsyslog imjournal false positive
Keywords:
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Red Hat Hybrid Cloud Console (console.redhat.com)
Classification: Red Hat
Component: Insights - Rules
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: ---
: ---
Assignee: Zhang Jiajun
QA Contact: Jaylin Zhou
Kevin Blake
URL:
Whiteboard:
Depends On:
Blocks: 1122832
TreeView+ depends on / blocked
 
Reported: 2019-07-22 06:51 UTC by Nikhil Gupta
Modified: 2019-08-09 00:23 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-08-09 00:23:45 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Nikhil Gupta 2019-07-22 06:51:38 UTC
Description of problem:
The new rule 'Date and time jumps in logs managed by rsyslogd when imjournal.state is not configured' is triggered what looks to me 'random' set of 80 servers out of ~400.

And in the end we are not using the imjournal configuration item at all.

Please review the rule why on a subset of consistent configured servers are matching and why it can it is triggered although the keyword imjournal is not used.


Additional info:
Looking in rules.json i also find only /etc/rsyslog.conf is checked, but the /etc/rsyslog.d/*.conf files are not checked. We emptied the rsyslog.conf and only use /etc/rsyslog.d/*.conf files for the configuration


Note You need to log in before you can comment on or make changes to this bug.