Thank you Rainer,
I finally got the opportunity to get back to this task.
I was able to get the error to cease and desist from being presented in the
"*systemctl status rsyslog*" output.
However, I have a question as I was expecting to observe a change but, I do
not see the change in Group
I have looked into the log. The group name is actually not resolvable.
The debug log has not more information, but from the config given it
shows that you provide what looks like the group ID (2000) and not the
name ("examplegroup"). Thus resolution seems to fail.
Use
$FileGroupNum 2000
Mariusz, you are correct, this is for SPLUNK related activities.
I was told not to use omhttp, but at the time I did not know that term and
thought he meant "http."
I ran the "*rsyslogd -N1*" command. The response I got was:
ID for group ‘ ’ could not be found [v8.24.0-57.el7_9.3 try
I see you're trying to send data to Splunk and thus probably want the
files read as a user running the Universal Forwarder.
Instead of writing files locally you can send them straight to HEC input
using the omhttp module. (which gives you additional flexibility since
you can dynamically
Which error messages do you see?
Rainer
Sent from phone, thus brief.
warron.french via rsyslog schrieb am Mo., 15.
Apr. 2024, 15:52:
> At Mariusz, my apologies for not replying earlier, somehow Google Mail
> crunched your reply in the thread so that I did not see it (*laziness on my
> part I
At David, Mariusz, and Attila, here is my attempt to provide the syntax
(again). I am thinking you might not have received it because it came in
image form before.
Snippets of my Rsyslog.conf
$ModLoad imudp
$UDPServerRun 514
## UDG-specific; Start
# $ModLoad omfile; Wfrench;
Did you not see the full config? I provided it as an image. Was the image
blocked at your end, from being received?
--
Warron French
On Sat, Apr 6, 2024 at 3:04 AM David Lang via rsyslog <
rsyslog@lists.adiscon.com> wrote:
> it's common for rsyslog configs to drop
At Mariusz, my apologies for not replying earlier, somehow Google Mail
crunched your reply in the thread so that I did not see it (*laziness on my
part I guess, I have been extremely busy at work*).
I just executed *ps -ef | egrep rsyslog* and see that rsyslog is running as
root. Can I assume
Hello,
On Thu, Apr 11, 2024 at 1:34 AM warron.french via rsyslog <
rsyslog@lists.adiscon.com> wrote:
> Sir, David, as there anything else you needed from me?
>
The legacy way to set owner/group of files is to use something like the
following:
$FileOwner nameOfTheOwner
$FileGroup nameOfTheGroup
Sir, David, as there anything else you needed from me?
--
Warron French
On Tue, Apr 9, 2024 at 8:05 AM warron.french
wrote:
> Hello sir, sorry, I did not have the opportunity to reply earlier than
> just now as this is a work related issue and I had another task at
it's common for rsyslog configs to drop privileges, and if it does so, it can't
then make use of those privileges to open files as other users, etc.
This is why we need to see the full config, and any files included.
David Lang
On Sat, 6 Apr 2024, Mariusz Kruk via rsyslog wrote:
Also
Also remember that in Linux system (quoting the man 2 chown):
Only a privileged process (Linux: one with the CAP_CHOWN
capability) may change the owner of a file. The owner of a file may
change the group of the file to any group of which that owner
is a member. A privileged
if you are using the action() syntax, you set the ownership as part of the
action.
if you post your full config (including included files) we can better guess
what's wrong with it.
David Lang
On Sat, 6 Apr 2024, warron.french via rsyslog wrote:
I am running multiple servers on RHEL-7.9 at
I am running multiple servers on RHEL-7.9 at work and with no option to
upgrade to a newer major version.
I have a server collecting (consolidating) logs from other (remote) servers
and need to store the various independently generated logfiles but also set
the Group-owner to something other than
14 matches
Mail list logo
