Page 2 of 2
Re: NLS setup-linux.sh and rsyslogd 5.10.1
Posted: Tue Dec 20, 2016 1:17 pm
by travishnag1
Please see attached linux_setup_working.zip
Re: NLS setup-linux.sh and rsyslogd 5.10.1
Posted: Tue Dec 20, 2016 3:31 pm
by mcapra
It's probably the initial $ModLoad at the top of the file input config:
I notice all the other ModLoads in the rsyslog 5 configuration are using the full module's name (eg imfile.so). If you're still interested in configuring individual files to ship to Nagios Log Server, I would suggest altering the first line of the generated configuration like so:
And see if that produces different results.
Re: NLS setup-linux.sh and rsyslogd 5.10.1
Posted: Tue Dec 20, 2016 9:39 pm
by travishnag1
I would like to get the individual the individual files working. I modified it to imfile.so but unfortunately no change in result.
Re: NLS setup-linux.sh and rsyslogd 5.10.1
Posted: Wed Dec 21, 2016 5:09 pm
by mcapra
From the file setup script, I get the following error message when trying to start rsyslog:
Code: Select all
Dec 21 16:25:03 linux-wr7q rsyslogd: the last error occured in /etc/rsyslog.d/90-nagioslogserver_var_log_weirdlog.log.conf, line 3:"$PrivDropToGroup adm"
All I had to do was remove that line and everything was gravy. Here's the config I was using to test:
Code: Select all
$ModLoad imfile
$InputFilePollInterval 10
$WorkDirectory /var/spool/rsyslog
# Input for weirdlog
$InputFileName /var/log/weirdlog.log
$InputFileTag weirdlog:
$InputFileStateFile nls-state-var_log_weirdlog.log # Must be unique for each file being polled
# Uncomment the folowing line to override the default severity for messages
# from this file.
#$InputFileSeverity info
$InputFilePersistStateInterval 20000
$InputRunFileMonitor
# Forward to Nagios Log Server and then discard, otherwise these messages
# will end up in the syslog file (/var/log/messages) unless there are other
# overriding rules.
if $programname == 'weirdlog' then @@192.168.67.4:2056
if $programname == 'weirdlog' then ~
It's also worth mentioning I am sending the files over 2056 as raw tcp rather than trying to send them as a syslog formatted message.
Re: NLS setup-linux.sh and rsyslogd 5.10.1
Posted: Sat Dec 24, 2016 12:08 am
by travishnag1
I removed 'PrivDropToGroup adm' from the .conf file. It works. Thank you.
Re: NLS setup-linux.sh and rsyslogd 5.10.1
Posted: Tue Dec 27, 2016 12:59 pm
by rkennedy
Awesome - are we good to mark this thread as resolved?
Re: NLS setup-linux.sh and rsyslogd 5.10.1
Posted: Wed Dec 28, 2016 1:29 pm
by travishnag1
OK to close. Thanks again.