Hi
I want to integrate audit.log ( security logs) and other application logs with nls. When I am executing setup-linux.sh, I am getting ERROR: rsyslog configuration check failed.
This script is from the most latest source and I have tried with Centos and Ubuntu.
Thanks in advance
Luke
ERROR: rsyslog configuration check failed
Re: ERROR: rsyslog configuration check failed
What version of rsyslog is the system running and what does a verification check show? Run the following to get both:
rsyslogd -v
rsyslogd -N 1
Feel free to post a copy of the config file found in /etc/rsyslog.d/ too(redact anything sensitive).
rsyslogd -v
rsyslogd -N 1
Feel free to post a copy of the config file found in /etc/rsyslog.d/ too(redact anything sensitive).
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: ERROR: rsyslog configuration check failed
Hi ,
rsyslogd -v
rsyslogd 8.24.0, compiled with:
PLATFORM: x86_64-redhat-linux-gnu
PLATFORM (lsb_release -d):
FEATURE_REGEXP: Yes
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
memory allocator: system default
Runtime Instrumentation (slow code): No
uuid support: Yes
Number of Bits in RainerScript integers: 64
rsyslogd -N 1;
rsyslogd: version 8.24.0, config validation run (level 1), master config /etc/rsyslog.conf
rsyslogd: invalid or yet-unknown config file command 'InputFilePollInterval' - have you forgotten to load a module? [v8.24.0 try http://www.rsyslog.com/e/3003 ]
rsyslogd: invalid or yet-unknown config file command 'InputFileName' - have you forgotten to load a module? [v8.24.0 try http://www.rsyslog.com/e/3003 ]
rsyslogd: invalid or yet-unknown config file command 'InputFileTag' - have you forgotten to load a module? [v8.24.0 try http://www.rsyslog.com/e/3003 ]
rsyslogd: invalid or yet-unknown config file command 'InputFileStateFile' - have you forgotten to load a module? [v8.24.0 try http://www.rsyslog.com/e/3003 ]
rsyslogd: invalid or yet-unknown config file command 'InputFilePersistStateInterval' - have you forgotten to load a module? [v8.24.0 try http://www.rsyslog.com/e/3003 ]
rsyslogd: invalid or yet-unknown config file command 'InputRunFileMonitor' - have you forgotten to load a module? [v8.24.0 try http://www.rsyslog.com/e/3003 ]
/etc/rsyslog.d/50-nagioslogsever_xxxzzzyyy
$InputFilePollInterval 10
$PrivDropToGroup adm
$WorkDirectory /var/lib/rsyslog
# Input for DingDong
$InputFileName /path/to/filename/test.log
$InputFileTag XXYYZZ:
$InputFileStateFile nls-state-................... # Must be unique for each file being polled
# Uncomment the folowing line to override the default severity for messages
# from this file.
#$InputFileSeverity info
$InputFilePersistStateInterval 20000
$InputRunFileMonitor
# Forward to Nagios Log Server and then discard, otherwise these messages
# will end up in the syslog file (/var/log/messages) unless there are other
# overriding rules.
if $programname == 'XXYYZZ' then @@192.168.56.100:5544
if $programname == 'XXYYZZ' then ~
As per the out of rsyslogd -N 1 --> it seems some modules have not been loaded. Can you please guide me how to load those modules?
Thank you
Luke.
rsyslogd -v
rsyslogd 8.24.0, compiled with:
PLATFORM: x86_64-redhat-linux-gnu
PLATFORM (lsb_release -d):
FEATURE_REGEXP: Yes
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
memory allocator: system default
Runtime Instrumentation (slow code): No
uuid support: Yes
Number of Bits in RainerScript integers: 64
rsyslogd -N 1;
rsyslogd: version 8.24.0, config validation run (level 1), master config /etc/rsyslog.conf
rsyslogd: invalid or yet-unknown config file command 'InputFilePollInterval' - have you forgotten to load a module? [v8.24.0 try http://www.rsyslog.com/e/3003 ]
rsyslogd: invalid or yet-unknown config file command 'InputFileName' - have you forgotten to load a module? [v8.24.0 try http://www.rsyslog.com/e/3003 ]
rsyslogd: invalid or yet-unknown config file command 'InputFileTag' - have you forgotten to load a module? [v8.24.0 try http://www.rsyslog.com/e/3003 ]
rsyslogd: invalid or yet-unknown config file command 'InputFileStateFile' - have you forgotten to load a module? [v8.24.0 try http://www.rsyslog.com/e/3003 ]
rsyslogd: invalid or yet-unknown config file command 'InputFilePersistStateInterval' - have you forgotten to load a module? [v8.24.0 try http://www.rsyslog.com/e/3003 ]
rsyslogd: invalid or yet-unknown config file command 'InputRunFileMonitor' - have you forgotten to load a module? [v8.24.0 try http://www.rsyslog.com/e/3003 ]
/etc/rsyslog.d/50-nagioslogsever_xxxzzzyyy
$InputFilePollInterval 10
$PrivDropToGroup adm
$WorkDirectory /var/lib/rsyslog
# Input for DingDong
$InputFileName /path/to/filename/test.log
$InputFileTag XXYYZZ:
$InputFileStateFile nls-state-................... # Must be unique for each file being polled
# Uncomment the folowing line to override the default severity for messages
# from this file.
#$InputFileSeverity info
$InputFilePersistStateInterval 20000
$InputRunFileMonitor
# Forward to Nagios Log Server and then discard, otherwise these messages
# will end up in the syslog file (/var/log/messages) unless there are other
# overriding rules.
if $programname == 'XXYYZZ' then @@192.168.56.100:5544
if $programname == 'XXYYZZ' then ~
As per the out of rsyslogd -N 1 --> it seems some modules have not been loaded. Can you please guide me how to load those modules?
Thank you
Luke.
Re: ERROR: rsyslog configuration check failed
Looks like the imfile module is missing. Edit /etc/rsyslog.conf and add the following at the top:
$ModLoad imfile
Then restart rsyslog:
service rsyslog restart
$ModLoad imfile
Then restart rsyslog:
service rsyslog restart
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: ERROR: rsyslog configuration check failed
Thank you, Managed to execute the script.
Re: ERROR: rsyslog configuration check failed
Glad to hear! Are we okay to lock this up?
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: ERROR: rsyslog configuration check failed
Sure , we can lock this thread. Thanks for your support.