Dear David; All I'm asking is I have a log file /var/log/ashash.log. How should I configure rsyslog.conf to forward the log to a remote server (190.160.2.100) ? Right now it is not working for me.
Here is my rsyslog.conf file #************* ryslog.conf *********** $ModLoad imfile $InputFileName /var/log/ashash.log $InputFileTag $InputFileStateFile $InputFileSeverity $InputRunFileMonitor $InputFilePollInterval 10 *.* @190.160.2.100 # Use traditional timestamp format $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # Provides kernel logging support (previously done by rklogd) $ModLoad imklog # Provides support for local system logging (e.g. via logger command) $ModLoad imuxsock # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* -/var/log/maillog # Log cron stuff cron.* /var/log/cron # Everybody gets emergency messages *.emerg * # Save news errors of level crit and higher in a special file. uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log Here is my log when I ran rsyslog in a debug mode: ****************************************************************** 0577.640861000:main thread: Writing pidfile /var/run/rsyslogd.pid. 0577.641016000:main thread: rsyslog 3.22.1 - called init() 0577.641024000:main thread: Unloading non-static modules. 0577.641029000:main thread: module lmnet NOT unloaded because it still has a refcount of 3 0577.641034000:main thread: Clearing templates. 0577.641062000:main thread: cfline: '$ModLoad imfile' 0577.641073000:main thread: Requested to load module 'imfile' 0577.641080000:main thread: loading module '/usr/lib64/rsyslog/imfile.so' 0577.641180000:main thread: module of type 0 being loaded. 0577.641194000:main thread: cfline: '$InputFileName /var/log/ashash.log' 0577.641202000:main thread: cfline: '$InputFileTag' 0577.641209000:main thread: cfline: '$InputFileStateFile' 0577.641215000:main thread: cfline: '$InputFileSeverity' 0577.641222000:main thread: symbolic name: (null) Signal 11 (SIGSEGV) occured, execution must be terminated. 0577.641237000:main thread: 0577.641242000:main thread: Recorded Call Order for Thread 'main thread (2b6f9966d310)': 0577.641247000:main thread: maximum number of nested calls for this thread: 0. 0577.641251000:main thread: NOTE: not all calls may have been recorded, code does not currently guarantee that! 0577.641256000:main thread: Mutex log for all known mutex operations: 0577.641261000:main thread: If the call trace is empty, you may want to ./configure --enable-rtinst 0577.641266000:main thread: To submit bug reports, visit http://www.rsyslog.com/bugs 0577.641271000:main thread: To submit bug reports, visit http://www.rsyslog.com/bugs ************************************************ >________________________________ > From: "[email protected]" <[email protected]> >To: Abdulnasir Shash <[email protected]> >Cc: rsyslog-users <[email protected]> >Sent: Wednesday, September 5, 2012 6:03 PM >Subject: Re: [rsyslog] sending log messages to remote server > >'how to start rsyslog' varies from system to system (I don't know if you >are using Solaris, BSD, Linux, etc) > >if you stop rsyslog with your systems normal tools, you can probably start >it with 'rsyslogd -c5 -d' to see the debug output > >I don't understand your second question. > >David Lang > >On Wed, 5 Sep 2012, Abdulnasir Shash wrote: > >> Date: Wed, 5 Sep 2012 14:37:31 -0700 (PDT) >> From: Abdulnasir Shash <[email protected]> >> To: "[email protected]" <[email protected]> >> Cc: rsyslog-users <[email protected]> >> Subject: Re: [rsyslog] sending log messages to remote server >> >> >> Would you please guide me how to start it with -d option. Also *.* /somefile >> need be added in rsyslog.conf ? >> >> >>> ________________________________ >>> From: "[email protected]" <[email protected]> >>> To: Abdulnasir Shash <[email protected]> >>> Cc: rsyslog-users <[email protected]> >>> Sent: Wednesday, September 5, 2012 5:24 PM >>> Subject: Re: [rsyslog] sending log messages to remote server >>> >>> start it with -d on the command line. it outpus a LOT of stuff >>> >>> if you have a *.* /somefile the error message may show up in the file. >>> This is also a good test to see if the problem is with forwarding or with >>> gathering the logs. >>> >>> David Lang >>> >>> On Wed, 5 Sep 2012, Abdulnasir Shash wrote: >>> >>>> Date: Wed, 5 Sep 2012 14:13:01 -0700 (PDT) >>>> From: Abdulnasir Shash <[email protected]> >>>> To: "[email protected]" <[email protected]>, rsyslog-users >>>> <[email protected]> >>>> Subject: Re: [rsyslog] sending log messages to remote server >>>> >>>> Dear; >>>> >>>> I did remove the line. How do I put it in a debug mode ? >>>> >>>> Nas >>>> >>>> >>>>> ________________________________ >>>>> From: "[email protected]" <[email protected]> >>>>> To: Abdulnasir Shash <[email protected]>; rsyslog-users >>>>> <[email protected]> >>>>> Sent: Wednesday, September 5, 2012 5:08 PM >>>>> Subject: Re: [rsyslog] sending log messages to remote server >>>>> >>>>> On Wed, 5 Sep 2012, Abdulnasir Shash wrote: >>>>> >>>>>> I try to send log messages (/root/ashash.log) to server 190.160.1.100. >>>>>> My rsyslog.conf file look like: >>>>>> >>>>>> $ModLoad imfile >>>>>> >>>>>> $InputFileName /root/ashash.log >>>>>> $InputFileTag >>>>>> $InputFileStateFile >>>>>> $InputFileSeverity >>>>>> $InputFileFacility >>>>>> $InputRunFileMonitor >>>>>> >>>>>> $ModLoad omfwd >>>>>> *.* @190.160.1.100:1456 >>>>>> >>>>>> For some reason, it is not working. Please help me. What have I done >>>>>> wrong ? >>>>> >>>>> do you get any errors at startup? >>>>> >>>>> you should not need to load omfwd, try removing that line and then if >>>>> needed start in debug mode to see any other errors. >>>>> >>>>> David Lang >>>>> >>>>> >>>>> >>> >>> >>> > > > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards
