On Thu, 18 Mar 2010, joe schmo wrote: > Hey all, > > So I had been using another syslog server for a long time and recently > decided to make the move over to rsyslog and phplogcon so that we could have > web searchable logs (I already run RANCID w/ CVS and cvsweb enabled so it > seemed only fitting to get our syslog server on the webz too) > > I went to the forums with these questions and they suggested I ask the > mailing list. That was actually my second destination anyway because I had > read several messages from the archive before heading to the forums. > > I have a few questions that span a few different versions...first I need to > apologize in advance if any of these are noob questions, but I have searched > for them and I can't find any answers that help me. > > I am running CentOS 5.3 Final with all latest updates off the main repos. > rsyslog 2.0.6 running currently w/ phplogmon and mysql. > > 1) I have a copy of rsyslog 2.0.6 up and running without any issues (as it > is the only one I can currently get working...more on that in a sec), other > than the fact that it can't receive udp messages without manual > intervention. The only way I can get it to accept udp (network) syslog > messages is to stop the service, and then run the rsyslog -r514 from > command-line manually. Is there anyway to get it to use this option by > default? I need it to start the service with that option enabled. And the > "just run it manually" answers I have received in other forums aren't > acceptable for me. > > 2) An extension of the above question: when I try to do the "obvious" > solution to the udp issue and use the imudp module, I realized there IS NO > imudp.so module in the plugins folder. Where would I even get this module > for 2.0.6? The most I can find is a copy of imudp.c and its accompanying > make files, but trying to make only outputs errors associated with missing > files that belong to the C developers package (which I had installed some > time ago off an official CentOS repo, no updates available). > > 3) Why is it that when I follow all the instructions for compiling and > installing the newer versions of rsyslog (3.0.0+), I can get all the way > through the process (I searched and found a way to correct the i686 GCC > errors) but then it isn't actually installed? Does this have to do with > CentOS 5.3 support or am I missing a step here? After doing the make > install, etc, there is no rsyslog.conf file in /etc/ like when I install > 2.0.6, nor any of the other accompanying directories, except the > /usr/lib/rsyslog/ folder, which is fully populated with all the correct > files. > > Any guidance would be GREATLY appreciated as I am getting very frustrated > with the amount of time I have put into trying to get everything working > correctly. And I thought setting up RANCID and cvsweb was a bit of a chore! > :) > > Thanks in advance!
as you have noticed, rsyslog 2.x is ancient (I am running 5.x in production now) when compiling the new version you should be able to just do make install after you have compiled it to install it. you may need to uninstall the RHEL shipped version, I think that by default rsyslog will get installed under /usr/local when compiled from source. installing from source will not create the /etc/rsyslog.conf file for you. the rsyslog on my laptop (ubuntu with a couple manual tweaks) is: # /etc/rsyslog.conf Configuration file for rsyslog. # # For more information see # /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html # # Default logging rules can be found in /etc/rsyslog.d/50-default.conf ################# #### MODULES #### ################# $ModLoad imuxsock # provides support for local system logging $ModLoad imklog # provides kernel logging support (previously done by rklogd) #$ModLoad immark # provides --MARK-- message capability #$KLogPath /var/run/rsyslog/kmsg # provides UDP syslog reception #$ModLoad imudp #$UDPServerRun 514 # provides TCP syslog reception #$ModLoad imtcp #$InputTCPServerRun 514 ########################### #### GLOBAL DIRECTIVES #### ########################### # # Use traditional timestamp format. # To enable high precision timestamps, comment out the following line. # $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # # Set the default permissions for all log files. # $FileOwner syslog $FileGroup adm $FileCreateMode 0640 $DirCreateMode 0755 $Umask 0022 $PrivDropToUser syslog $PrivDropToGroup syslog $RepeatedMsgReduction on $RepeatedMsgContainsOriginalMsg on # # Include all config files in /etc/rsyslog.d/ # #$IncludeConfig /etc/rsyslog.d/*.conf *.* -/var/log/messages this should be enough to get you started, you will need to uncomment the remote reception options and then start rsyslog with rsyslogd -cX where X is the major version you are running (3,4,5 depending on which one you pick) David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
