I am working on a program that sends logs with syslog(). Then I configured rsyslog service to save logs in a file under Linux. Most of the time this process works normally. But sometimes, some of the logs are not sent to rsyslog. Instead, I can watch them when I use the journalctl -f -u Myservice command. I am using the Debian Jessie version of Linux. Do you have any idea what is the problem and how to solve it?
Finally, I found a good answer. In the rsyslog config file in we can add different methods to get the messages. I had many filters with the contains filter. this significantly reduced the performance since it needs to completely search the string for the filter value. Then I found that the startswith filter is far better in searching for a value in a string. I changed the message structure so that I can use the startswith filter. then I changed the rsyslog filter to startswith. now the performance is much better and no message sent to the journal.
the syntax is like this:
:msg, startswith, "val" # instead of (:msg, contains, "val")