> -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Usman Ahmad > Sent: Tuesday, April 10, 2012 5:12 PM > To: rsyslog-users > Subject: Re: [rsyslog] ruleset not working > > I get this: > > Apr 10 17:02:42 host3 rsyslogd-3003: invalid or yet-unknown config file > command - have you forgotten to load a module? [try > http://www.rsyslog.com/e/3003 ] > Apr 10 17:02:42 host3 rsyslogd: the last error occured in > /etc/rsyslog.conf, line 20:"$InputUDPServerBindRuleset Remote" > Apr 10 17:02:42 host3 rsyslogd-2124: CONFIG ERROR: could not interpret > master config file '/etc/rsyslog.conf'. [try > http://www.rsyslog.com/e/2124 ] > > I am running rsyslog 4.6.2, build the RPM from source on Scientific > Linux > (SL 5.7).
Yup, sorry, it's too old. You either need to install from source or use on of the workarounds that are described on the doc page that describes ruleset use. Rainer > > Usman > On Tue, Apr 10, 2012 at 5:00 PM, Rainer Gerhards > <[email protected]>wrote: > > > Do you have any errors from rsyslogd during startup? It might be that > the > > version you use does not support that feature... > > > > Rainer > > > > > -----Original Message----- > > > From: [email protected] [mailto:rsyslog- > > > [email protected]] On Behalf Of Usman Ahmad > > > Sent: Tuesday, April 10, 2012 4:55 PM > > > To: [email protected] > > > Subject: [rsyslog] ruleset not working > > > > > > Hi, > > > > > > I am trying to use the rulesets to log remote logs into a separate > file > > > (rsyslog 4.6.2). > > > The conf looks like this: > > > ================================ > > > $ModLoad imtcp # Provides TCP syslog reception > > > $ModLoad imudp.so # Provides UDP syslog reception > > > $ModLoad imuxsock.so # provides support for local system logging > > > (e.g. > > > via logger command) > > > $ModLoad imklog.so # provides kernel logging support > (previously > > > done > > > by rklogd) > > > > > > $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat > > > $template RMH,"/var/log/rsyslog/%HOSTNAME%/rsyslog.log" > > > > > > *.info;mail.none;authpriv.none;cron.none > > > /var/log/messages > > > authpriv.* > /var/log/secure > > > mail.* - > > > /var/log/maillog > > > cron.* > /var/log/cron > > > *.emerg * > > > uucp,news.crit > > > /var/log/spooler > > > local7.* > > > /var/log/boot.log > > > > > > $RuleSet Remote > > > *.* ?RMH > > > > > > $InputUDPServerBindRuleset Remote > > > $UDPServerRun 514 > > > ================================ > > > > > > I am sending everything from the client to this server @ port 514. > The > > > server receives the messages in /var/log/messages instead of the > > > defined > > > template RMH. > > > If I remove $Ruleset Remote, all messages go into RMH temlate > > > destination. > > > I am following this: http://www.rsyslog.com/doc/multi_ruleset.html. > > > Am I missing something? > > > > > > Thanks. > > > > > > Usman > > > _______________________________________________ > > > rsyslog mailing list > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > http://www.rsyslog.com/professional-services/ > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > > > > > -- > Usman Ahmad Malik > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
