Oops it seems exists some problem with my modules. First appears an error about omfwd and omfile modules doesn't exists. I have changed config to:
module(path="builtin:omfile") module(path="builtin:omfwd") module(path="builtin:omtcp") and error is: 6161.880103180:802007400: template bound to strgen 'RSYSLOG_FileFormat' 6161.880113733:802007400: template bound to strgen 'RSYSLOG_TraditionalFileFormat' 6161.880125157:802007400: template bound to strgen 'RSYSLOG_ForwardFormat' 6161.880130781:802007400: template bound to strgen 'RSYSLOG_TraditionalForwardFormat' 6161.880432287:802007400: cnf:global:cfsysline: $MaxMessageSize 64k 6161.880649187:802007400: cnf:global:obj: obj: 'module' 6161.880658702:802007400: nvlst 0x80201f430: 6161.880665769:802007400: name: 'path', value 'builtin:omfile' 6161.880676577:802007400: modulesProcessCnf params: 6161.880681096:802007400: load: (unset) 6161.880703503:802007400: Called LogError, msg: module type missing 6161.880863226:802007400: rsyslog/glbl: using '127.0.0.1' as localhost IP 6161.880880138:802007400: Called LogError, msg: error during parsing file /data/config/etc/rsyslog/rsyslog-siem.conf, on or before line 19: parameter 'path' not known -- typo in config file? 6161.881086482:802007400: cnf:global:obj: obj: 'module' 6161.881094955:802007400: nvlst 0x80201f430: 6161.881099901:802007400: name: 'path', value 'builtin:omfwd' 6161.881105043:802007400: modulesProcessCnf params: 6161.881109219:802007400: load: (unset) 6161.881118467:802007400: Called LogError, msg: module type missing 6161.881131072:802007400: Called LogError, msg: error during parsing file /data/config/etc/rsyslog/rsyslog-siem.conf, on or before line 20: parameter 'path' not known -- typo in config file? 6161.881326011:802007400: cnf:global:obj: obj: 'module' 6161.881333798:802007400: nvlst 0x80201f430: 6161.881338552:802007400: name: 'path', value 'builtin:omtcp' 6161.881343098:802007400: modulesProcessCnf params: What is the correct syntax?? On Wed, Apr 10, 2013 at 9:05 AM, Rainer Gerhards <[email protected]>wrote: > Please provide debug log. > On Wed, 2013-04-10 at 09:04 +0000, C. L. Martinez wrote: > > Hi all, > > > > I am trying to configure several actions using v7 syntax without luck. > My > > actual rsyslog.conf: > > > > #rsyslog v7 config file > > > > # if you experience problems, check > > # http://www.rsyslog.com/troubleshoot for assistance > > > > # Increasing Message size > > $MaxMessageSize 64k > > > > > > #### MODULES #### > > > > # Input modules > > > > # Output modules > > module(load="omfile") > > module(load="omfwd") > > #module(load="omtcp") > > > > > > > > #### Templates definitions #### > > > > $template srx_rfc5424fmt,"test_logs %fromhost-ip% %msg%\n" > > > > > > #### RULES #### > > > > # Default spool directory > > $WorkDirectory /data/logs/rsyslog > > $MainMsgQueueFileName mainq > > $MainMsgQueueType LinkedList > > $MainMsgQueueSaveOnShutDown on > > $MainMsgQueueMaxDiskSpace 40g > > $MainMsgQueueSize 8000000 > > > > > > if $fromhost-ip == '172.31.0.2' then { > > action(type="omfwd" protocol="tcp" target="172.17.22.2" > > port="20514" template="srx_rfc5424fmt" > > queue.filename="junosfwd" > > queue.maxdiskspace="10g" > > queue.saveonshutdown="on" > > queue.type="linkedlist" > > queue.maxfilesize="20m" > > action.resumeretrycount="-1") > > action(type="omfile" file="/data/logs/plain/junsa.log" > > template="RSYSLOG_TraditionalFileFormat") > > stop > > } > > > > but with this configuration, logs are not redirected or written to disk. > > Any idea why?? > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
