ERROR: rsyslog configuration check failed

[lukedevon]

Hi

I want to integrate audit.log ( security logs) and other application logs with nls. When I am executing setup-linux.sh, I am getting ERROR: rsyslog configuration check failed.

This script is from the most latest source and I have tried with Centos and Ubuntu.

Thanks in advance
Luke

[cdienger]

What version of rsyslog is the system running and what does a verification check show? Run the following to get both:

rsyslogd -v
rsyslogd -N 1

Feel free to post a copy of the config file found in /etc/rsyslog.d/ too(redact anything sensitive).

[lukedevon]

Hi ,

rsyslogd -v

rsyslogd 8.24.0, compiled with:
PLATFORM: x86_64-redhat-linux-gnu
PLATFORM (lsb_release -d):
FEATURE_REGEXP: Yes
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
memory allocator: system default
Runtime Instrumentation (slow code): No
uuid support: Yes
Number of Bits in RainerScript integers: 64

rsyslogd -N 1;

rsyslogd: version 8.24.0, config validation run (level 1), master config /etc/rsyslog.conf
rsyslogd: invalid or yet-unknown config file command 'InputFilePollInterval' - have you forgotten to load a module? [v8.24.0 try http://www.rsyslog.com/e/3003 ]
rsyslogd: invalid or yet-unknown config file command 'InputFileName' - have you forgotten to load a module? [v8.24.0 try http://www.rsyslog.com/e/3003 ]
rsyslogd: invalid or yet-unknown config file command 'InputFileTag' - have you forgotten to load a module? [v8.24.0 try http://www.rsyslog.com/e/3003 ]
rsyslogd: invalid or yet-unknown config file command 'InputFileStateFile' - have you forgotten to load a module? [v8.24.0 try http://www.rsyslog.com/e/3003 ]
rsyslogd: invalid or yet-unknown config file command 'InputFilePersistStateInterval' - have you forgotten to load a module? [v8.24.0 try http://www.rsyslog.com/e/3003 ]
rsyslogd: invalid or yet-unknown config file command 'InputRunFileMonitor' - have you forgotten to load a module? [v8.24.0 try http://www.rsyslog.com/e/3003 ]

/etc/rsyslog.d/50-nagioslogsever_xxxzzzyyy

$InputFilePollInterval 10
$PrivDropToGroup adm
$WorkDirectory /var/lib/rsyslog

# Input for DingDong
$InputFileName /path/to/filename/test.log
$InputFileTag XXYYZZ:
$InputFileStateFile nls-state-................... # Must be unique for each file being polled
# Uncomment the folowing line to override the default severity for messages
# from this file.
#$InputFileSeverity info
$InputFilePersistStateInterval 20000
$InputRunFileMonitor

# Forward to Nagios Log Server and then discard, otherwise these messages
# will end up in the syslog file (/var/log/messages) unless there are other
# overriding rules.
if $programname == 'XXYYZZ' then @@192.168.56.100:5544
if $programname == 'XXYYZZ' then ~


As per the out of rsyslogd -N 1 --> it seems some modules have not been loaded. Can you please guide me how to load those modules?

Thank you
Luke.

[cdienger]

Looks like the imfile module is missing. Edit /etc/rsyslog.conf and add the following at the top:

$ModLoad imfile

Then restart rsyslog:

service rsyslog restart

[lukedevon]

Thank you, Managed to execute the script.

[cdienger]

Glad to hear! Are we okay to lock this up?

[lukedevon]

Sure , we can lock this thread. Thanks for your support.