On Thu, 6 Sep 2012, Abdulnasir Shash wrote:
Dear David;
All I'm asking is I have a log file /var/log/ashash.log. How should I
configure rsyslog.conf to forward the log to a remote server (190.160.2.100) ? Right now it is not working for me.
Here is my rsyslog.conf file
#************* ryslog.conf ***********
$ModLoad imfile
$InputFileName /var/log/ashash.log
$InputFileTag
$InputFileStateFile
$InputFileSeverity
$InputRunFileMonitor
why don't you set values for these options? that makes them invalid and
probably makes rsyslog not even read the file.
$InputFilePollInterval 10
*.* @190.160.2.100
note that you have put this ahead of the default template config option,
so this is just using the rsyslogdefault format.
# Use traditional timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Provides kernel logging support (previously done by rklogd)
$ModLoad imklog
# Provides support for local system logging (e.g. via logger command)
$ModLoad imuxsock
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
Here is my log when I ran rsyslog in a debug mode:
******************************************************************
0577.640861000:main thread: Writing pidfile /var/run/rsyslogd.pid.
0577.641016000:main thread: rsyslog 3.22.1 - called init()
Ok, this tells me what version of rsyslog you are running. This is very
old (currently 5.x is nearing end of life, 6.x is stable, and 7.x has just
started development)
This means that you need to use -c3 instead of -c5 since you are running
version 3 and it won't understand you telling it to use the version 5 file
format.
0577.641024000:main thread: Unloading non-static modules.
0577.641029000:main thread: module lmnet NOT unloaded because it still has a
refcount of 3
0577.641034000:main thread: Clearing templates.
0577.641062000:main thread: cfline: '$ModLoad imfile'
0577.641073000:main thread: Requested to load module 'imfile'
0577.641080000:main thread: loading module '/usr/lib64/rsyslog/imfile.so'
0577.641180000:main thread: module of type 0 being loaded.
0577.641194000:main thread: cfline: '$InputFileName /var/log/ashash.log'
0577.641202000:main thread: cfline: '$InputFileTag'
0577.641209000:main thread: cfline: '$InputFileStateFile'
0577.641215000:main thread: cfline: '$InputFileSeverity'
0577.641222000:main thread: symbolic name: (null)
Signal 11 (SIGSEGV) occured, execution must be terminated.
so it blows up when reading these config items that you have not given
values to.
Try fixing that, then see if the data that you are reading gets into the
appropriate logfile based on the rest of your config. If all this works
but you still can't send things remotely, we'll try to troubleshoot that.
But right now you have so many other things wrong that it's not even
getting to that point.
David Lang
0577.641237000:main thread:
0577.641242000:main thread: Recorded Call Order for Thread 'main thread (2b6f9966d310)':
0577.641247000:main thread: maximum number of nested calls for this thread: 0.
0577.641251000:main thread: NOTE: not all calls may have been recorded, code
does not currently guarantee that!
0577.641256000:main thread: Mutex log for all known mutex operations:
0577.641261000:main thread: If the call trace is empty, you may want to
./configure --enable-rtinst
0577.641266000:main thread:
To submit bug reports, visit http://www.rsyslog.com/bugs
0577.641271000:main thread:
To submit bug reports, visit http://www.rsyslog.com/bugs
************************************************
________________________________
From: "[email protected]" <[email protected]>
To: Abdulnasir Shash <[email protected]>
Cc: rsyslog-users <[email protected]>
Sent: Wednesday, September 5, 2012 6:03 PM
Subject: Re: [rsyslog] sending log messages to remote server
'how to start rsyslog' varies from system to system (I don't know if you
are using Solaris, BSD, Linux, etc)
if you stop rsyslog with your systems normal tools, you can probably start
it with 'rsyslogd -c5 -d' to see the debug output
I don't understand your second question.
David Lang
On Wed, 5 Sep 2012, Abdulnasir Shash wrote:
Date: Wed, 5 Sep 2012 14:37:31 -0700 (PDT)
From: Abdulnasir Shash <[email protected]>
To: "[email protected]" <[email protected]>
Cc: rsyslog-users <[email protected]>
Subject: Re: [rsyslog] sending log messages to remote server
Would you please guide me how to start it with -d option. Also *.* /somefile
need be added in rsyslog.conf ?
________________________________
From: "[email protected]" <[email protected]>
To: Abdulnasir Shash <[email protected]>
Cc: rsyslog-users <[email protected]>
Sent: Wednesday, September 5, 2012 5:24 PM
Subject: Re: [rsyslog] sending log messages to remote server
start it with -d on the command line. it outpus a LOT of stuff
if you have a *.* /somefile the error message may show up in the file.
This is also a good test to see if the problem is with forwarding or with
gathering the logs.
David Lang
On Wed, 5 Sep 2012, Abdulnasir Shash wrote:
Date: Wed, 5 Sep 2012 14:13:01 -0700 (PDT)
From: Abdulnasir Shash <[email protected]>
To: "[email protected]" <[email protected]>, rsyslog-users <[email protected]>
Subject: Re: [rsyslog] sending log messages to remote server
Dear;
I did remove the line. How do I put it in a debug mode ?
Nas
________________________________
From: "[email protected]" <[email protected]>
To: Abdulnasir Shash <[email protected]>; rsyslog-users
<[email protected]>
Sent: Wednesday, September 5, 2012 5:08 PM
Subject: Re: [rsyslog] sending log messages to remote server
On Wed, 5 Sep 2012, Abdulnasir Shash wrote:
I try to send log messages (/root/ashash.log) to server 190.160.1.100. My
rsyslog.conf file look like:
$ModLoad imfile
$InputFileName /root/ashash.log
$InputFileTag
$InputFileStateFile
$InputFileSeverity
$InputFileFacility
$InputRunFileMonitor
$ModLoad omfwd
*.* @190.160.1.100:1456
For some reason, it is not working. Please help me. What have I done wrong ?
do you get any errors at startup?
you should not need to load omfwd, try removing that line and then if
needed start in debug mode to see any other errors.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
