ERROR: rsyslog configuration check failed.

[Kumar_pinkesh]

Hi All,

I am doing Nagios log server setup. I have installed Nagios log server and I am facing Error while trying to do client configuration for the same. I have tried client configuration on 2 different Linux servers but on both server faced same Error. Please find below the error details.

[root@appnode-eu ~]# bash setup-linux.sh -s 172.50.50.6 -p 5544
Detected syslog 2.0.6
Detected syslog work directory /var/spool/syslog
Destination Log Server: 172.50.50.6:5544
Creating /etc/rsyslog.d/99-nagioslogserver.conf...
ERROR: rsyslog configuration check failed.

I have checked all configuration files and all respective directories , all looks fine.

Can someone help me to fix this issue please ?

[mcapra]

What syslog daemon is the machine you are trying to set up using?

What OS/Version is this machine? What is the output of the following commands from the remote machine you are trying to collect logs from:

Code: Select all

cat /etc/*lease
uname -a
rsyslogd -v
syslogd -v

Assuming there are no organizational/security requirements that would prevent you from doing so, you might try installing rsyslog via your machine's package manager and running the setup-linux.sh script again.

[Kumar_pinkesh]

Dear mcapra,

Thanks for your prompt support. yes I have installed rsyslog from my system package and running the setup-linux.sh script.

Please find below the detailed you queried :

# cat /etc/*lease :

Enterprise Linux Enterprise Linux Server release 5.3 (Carthage)
Red Hat Enterprise Linux Server release 5.3 (Tikanga)

# uname -a :

Linux noas-stg1-fft-eu 2.6.18-128.el5 #1 SMP Wed Jan 21 08:45:05 EST 2009 x86_64 x86_64 x86_64 GNU/Linux

# rsyslogd -v :

rsyslogd 2.0.6, compiled with:
FEATURE_PTHREADS (dual-threading): Yes
FEATURE_REGEXP: Yes
FEATURE_LARGEFILE: Yes
FEATURE_NETZIP (message compression): Yes
SYSLOG_INET (Internet/remote support): Yes
FEATURE_GSSAPI (GSSAPI Kerberos 5 support): No
FEATURE_DEBUG (debug build, slow code): No

See http://www.rsyslog.com for more information.

# syslogd -v :

syslogd 1.4.1

[mcapra]

Oof, that version of rsyslog is pretty old. I'll have to defer to the technicians/developers on this one since I don't have a copy of the script handy. It would likely need to be modified to support whatever configuration scheme is used by that version.

[cdienger]

Is there a reason you're using such an old version of rsyslog? I'd try to upgrade it if there's no reason:

Code: Select all

yum upgrade rsyslog

clear out any nagioslogserver.conf files found in /etc/rsyslog.d/ and run the installer again.

Failing that, I'd like to see a copy of the rsyslog.conf and any files under /etc/rsyslog.d/

[Kumar_pinkesh]

Hello cdienger,

I already tried to upgrade , but don't find any upgrade package on the server. Please find below the output of upgrade command.

# yum upgrade rsyslog

Loaded plugins: rhnplugin, security
This system is not registered with RHN.
RHN support will be disabled.
ClusterStorage | 1.1 kB 00:00
companion | 951 B 00:00
Cluster | 1.1 kB 00:00
VT | 1.1 kB 00:00
updates | 951 B 00:00
Server | 1.1 kB 00:00
Skipping security plugin, no data
Setting up Upgrade Process
No Packages marked for Update

thank you

[mcapra]

It looks like the rsyslog config paths in setup-linux.sh are hard-coded:

Code: Select all

SYSLOG_CONF_D='/etc/rsyslog.d/'
SYSLOG_CONF_F='/etc/rsyslog.conf'

Are you able to share a copy of your system's rsyslog.conf? It's typically found in /etc/rsyslog.conf. Otherwise, you may need to leverage the find command to figure out where it is. Having this file will help us understand where changes need to be made.

[dwhitfield]

More specifically, find / -name rsyslog.conf.

Thanks @mcapra!

[Kumar_pinkesh]

Yes , the rsyslog config paths in setup-linux.sh are hard-coded. And the configured path is :

SYSLOG_CONF_D='/etc/rsyslog.d/'
SYSLOG_CONF_F='/etc/rsyslog.conf'

etc/rsyslog.d directory and '/etc/rsyslog.conf' files both exist on the server correctly.


please find below the rsyslog.conf


# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access.
authpriv.* /var/log/secure

# Log all the mail messages in one place.
mail.* -/var/log/maillog


# Log cron stuff
cron.* /var/log/cron

# Everybody gets emergency messages
*.emerg *

# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler

# Save boot messages also to boot.log
local7.* /var/log/boot.log
~

[mcapra]

Truth be told, I don't know if rsyslog documentation exists prior to version 5. Your rsyslog.conf has no $IncludeConfig, so even of /etc/rsyslog.d exists, nothing in that directory is being loaded by rsyslog. I imagine that directive is still valid for rsyslog v2, but I have no way of verifying that for sure.

Can you share the output of the following command executed from the CLI of the remote machine you are attempting to run setup-linux.sh from:

Code: Select all

rsyslogd -f /etc/rsyslog.conf -N 1

The error message you are seeing is produced as a result of the above command not properly exiting.