Multiple conf files created for setup-linux.sh

[newmember]

I have a folder of files /home/error/
The files all start with CDF.

I have set up a conf file to include the following:

Code: Select all

    # Input for OCS_ERROR_TAG
    $InputFileName /home/error/CDF.*

When I ran this

Code: Select all

  bash setup-linux.sh -s 10.3.1.7 -p 5544 -f "/home/error/CDF.*" -t OCS_ERROR_TAG

It created multiple conf files in /etc/rsyslog.d/ one conf file for each CDF file in the folder

I was thinking that the setup-linux.sh would consume all the CDF files in the folder.
Are there any recommendations?

Thanks

[rkennedy]

It really depends on what version of rsyslogd you're running, as prior versions do not support a wildcard in the InputFileName parameter. http://serverfault.com/questions/500724 ... in-rsyslog

I believe < Version 6 is installed by default with most packages, but you may be able to if you upgrade to rysyslogd 8.5+ as mentioned in the post above. The limitation is on the imfile input not accepting wildcards.

As an alternative, you could setup a CRON to run hourly / daily to create the new rsyslogd config files as needed, which would auto populate new types.

[newmember]

Are you referring to the Nagios host for log server OR the client I am pulling the log files form?
I think you are referencing the minor release, not the 5.x ver?

I used the install scripts from the Nagios log server to install.
I think I did an yum update after.

Anyway the current rsyslog is, which I think is greater than the 8.5 you were referencing.

rsyslogd 5.8.10, compiled with:
FEATURE_REGEXP: Yes
FEATURE_LARGEFILE: Yes
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
Runtime Instrumentation (slow code): No

[rkennedy]

I'm referring to the client system running rsyslog, as that's what's forwarding to NLS.

I am referring to rsyslog as a major version, not a minor version, so you actually have a lesser version. You would need to update to 8.5.

See this link - http://www.rsyslog.com/downloads/download-other/

Code: Select all

8.5.0 	2014-10-24
Sha256: 0d20144be8a5d107a172418b1a39cdd48d7ef921b94e7ea45c58b12bce8caa52
File size: 1.98 MB

Looks like the current version 8.20.0.

[newmember]

Alright, that did the trick

This was Centos 6.6 so I had to add a newer repro

I cleared the following folders:
/var/lib/rsyslog
/etc/rsyslog.d/

Added back in my conf files with the * wildcard.

restarted rsyslogd

Saw the hash files in /var/lib/rsyslog
Saw in tcpdump some data being sent to the nagios log server

Ill watch for activity tomorrow.

Version now installed:

rsyslogd 8.21.0, compiled with:
PLATFORM: i686-redhat-linux-gnu
PLATFORM (lsb_release -d):
FEATURE_REGEXP: Yes
GSSAPI Kerberos 5 support: No
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
memory allocator: system default
Runtime Instrumentation (slow code): No
uuid support: Yes
Number of Bits in RainerScript integers: 64

[mcapra]

Let us know if updating to 8.x was able to satisfy your use case! It might be a bit longer before 8.x is available via apt and yum natively.