The problem is that datagram is just another way of saying UDP, and it doesn't
detect that the message wasn't received, so if the system that's supposed to be
receiving it is down, the message just gets lost.
David Lang
On Fri, 6 Jun 2014, senthil
velan wrote:
Hi
You may use datagram syslog agent to forward messages from
windows servers.It supports all version of windows.I am using this to
forward messages to rsyslog server
With regards,
M.Senthil Velan,
From: Muhammad Asif <[email protected]>
To: rsyslog-users <[email protected]>
Date: 05-06-14 10:11 AM
Subject: [rsyslog] rsyslog snare creating problem with
Sent by: [email protected]
Hi Everyone!
I have installed snare (open source free version ) in windows 2008 Server.
I configured snare to send logs to rsyslog and rsyslog is writing logs in
a
file for testing. Windows server is very busy server. Problem is that
rsyslog stop receiving logs from snare for couple of minutes some time one
hour. When we restart rsyslog service it start receiving logs. Logs of
windows server generated in that time are missed from rsyslog. Please
guide
me in this issue.
-----------------------------------------------------------------------------------------------------------------------------
# rsyslog configuration file
# note that most of this config file uses old-style format,
# because it is well-known AND quite suitable for simple cases
# like we have with the default config. For more advanced
# things, RainerScript configuration is suggested.
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see
http://www.rsyslog.com/doc/troubleshoot.html
#### MODULES ####
module(load="imuxsock") # provides support for local system logging (e.g.
via logger command)
module(load="imklog") # provides kernel logging support (previously done
by rklogd)
#module(load"immark") # provides --MARK-- message capability
# Provides UDP syslog reception
# for parameters see http://www.rsyslog.com/doc/imudp.html
module(load="imudp") # needs to be done just once
input(type="imudp" port="514")
if ($fromhost-ip == '172.20.8.3') then /var/log/ciit_dc.log
& ~
# Provides TCP syslog reception
# for parameters see http://www.rsyslog.com/doc/imtcp.html
module(load="imtcp") # needs to be done just once
input(type="imtcp" port="514")
$template msgonly,"%rawmsg%\n"
#*.* @@127.0.0.1:520;msgonly
module(load="omrelp")
action(type="omrelp" target="127.0.0.1" port="520")
module(load="impstats" interval="1800" severity="7"
resetCounters="on"
log.syslog="off"
log.file="/var/log/stats.log")
#### GLOBAL DIRECTIVES ####
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# File syncing capability is disabled by default. This feature is usually
not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* /var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg :omusrmsg:*
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$WorkDirectory /var/lib/rsyslog # where to place spool files
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###
-------------------------------------------------------------------------------------------------------------------------
Regards
M.Asif
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
The information contained in this e-mail and any attachment herein is
confidential and privileged, belonging to the Dhanlaxmi Bank Ltd and is
intended solely for the use of the intended recipient/addressee(s).
Access, copying or re-use of the e-mail or any attachment or any
information herein, by any other person is not authorized. If you are not
the intended person/addressee(s) or have received this e-mail in error,
please return this e-mail to the sender and delete it from your
computer/system. Internet communications are not guaranteed to be secured
or virus free. Although we attempt to sweep e-mail and attachments for
virus, we do not guarantee that either are virus free and accept no
liability for any damage or loss as a result of virus or from unauthorized
access/usage. Any opinion or other information in this e-mail or its
attachments that does not relate to the business of the Dhanlaxmi Bank Ltd
is personal to the sender and is not given or endorsed by the Dhanlaxmi
Bank Ltd."
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
