Nikolai Kondrashov
Nikolai Kondrashov
Hmm, and it shouldn't be in `/etc/shells`, otherwise users would be able to change it. Does it not work with it not being there?
I see. I wonder why they have a problem with that. Having a shell not in /etc/shells seems to be the way of preventing changing it. At least according to...
Hmm, tlog-rec-session should simply spawn a shell if it detects that the session is already recorded. Perhaps, if you could share the shell snippet you're using, I'd be able to...
Ah, that's what probably gets you. You get infinitely nested shells started by tlog-rec-session, which try to start tlog-rec-session, which starts the shell again. That has nothing with nested recording,...
Right. I'll need to think about it more, but I have to leave for a vacation. Will be back on Tuesday. Meanwhile, perhaps you could see if you could use...
Sorry, I no longer work on the project officially. This will be up to @justin-stephenson.
Hi @fossxplorer, I reformatted your JSON sample for readability, and don't see anything in it which could have triggered this error. So, I would recommend capturing the actual HTTP traffic...
I assume the problem appears on playback, not on recording. Is that right? The first error message in the output you quote belongs to libcurl. So, there's probably some communication...
Thank you for the trace! Yes, `_id` indeed differs. So, maybe Elasticsearch indexes those messages twice. Could you perhaps take a look at the rsyslogElasticsearch conversation on the network and...
I wonder if disconnection is simply something which Elasticsearch does after a while to avoid keeping connections open too long, and perhaps we should deal with that in tlog, e.g....