I get this: Apr 10 17:02:42 host3 rsyslogd-3003: invalid or yet-unknown config file command - have you forgotten to load a module? [try http://www.rsyslog.com/e/3003 ] Apr 10 17:02:42 host3 rsyslogd: the last error occured in /etc/rsyslog.conf, line 20:"$InputUDPServerBindRuleset Remote" Apr 10 17:02:42 host3 rsyslogd-2124: CONFIG ERROR: could not interpret master config file '/etc/rsyslog.conf'. [try http://www.rsyslog.com/e/2124 ]
I am running rsyslog 4.6.2, build the RPM from source on Scientific Linux (SL 5.7). Usman On Tue, Apr 10, 2012 at 5:00 PM, Rainer Gerhards <[email protected]>wrote: > Do you have any errors from rsyslogd during startup? It might be that the > version you use does not support that feature... > > Rainer > > > -----Original Message----- > > From: [email protected] [mailto:rsyslog- > > [email protected]] On Behalf Of Usman Ahmad > > Sent: Tuesday, April 10, 2012 4:55 PM > > To: [email protected] > > Subject: [rsyslog] ruleset not working > > > > Hi, > > > > I am trying to use the rulesets to log remote logs into a separate file > > (rsyslog 4.6.2). > > The conf looks like this: > > ================================ > > $ModLoad imtcp # Provides TCP syslog reception > > $ModLoad imudp.so # Provides UDP syslog reception > > $ModLoad imuxsock.so # provides support for local system logging > > (e.g. > > via logger command) > > $ModLoad imklog.so # provides kernel logging support (previously > > done > > by rklogd) > > > > $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat > > $template RMH,"/var/log/rsyslog/%HOSTNAME%/rsyslog.log" > > > > *.info;mail.none;authpriv.none;cron.none > > /var/log/messages > > authpriv.* /var/log/secure > > mail.* - > > /var/log/maillog > > cron.* /var/log/cron > > *.emerg * > > uucp,news.crit > > /var/log/spooler > > local7.* > > /var/log/boot.log > > > > $RuleSet Remote > > *.* ?RMH > > > > $InputUDPServerBindRuleset Remote > > $UDPServerRun 514 > > ================================ > > > > I am sending everything from the client to this server @ port 514. The > > server receives the messages in /var/log/messages instead of the > > defined > > template RMH. > > If I remove $Ruleset Remote, all messages go into RMH temlate > > destination. > > I am following this: http://www.rsyslog.com/doc/multi_ruleset.html. > > Am I missing something? > > > > Thanks. > > > > Usman > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > -- Usman Ahmad Malik _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
