I don't believe that the 5.x series supported if then, I think the syntax was
if <condition> <action> without the 'then'
if you startup rsyslog in debug mode (-d -n), it will dump out a huge amount of
information that tells you just about everything it's doing. Look through that
for any errors that it reports when loading the config file.
David Lang
On Fri, 17 May 2013, Roberto Giordani wrote:
Date: Fri, 17 May 2013 10:21:06 +0200
From: Roberto Giordani <[email protected]>
Reply-To: rsyslog-users <[email protected]>
To: [email protected]
Subject: [rsyslog] rsyslog 5.8.10 and if then action
Hello Rainer,
I'm using on RHEL 6.4 the supported rsyslog 5.8.10 version.
My environment is :
-)2 client rsyslog (A and B) that send application logs to 1 server (C) where
is a centralized rsyslog server
-)each client, tag each file, before send them to server C
-)server C receive and split to the same log file name using filter based on
hostname, facility, tag,
-)server C should create directory based on %HOSTNAME% permission and owner
file based of some criteria
ES: client A send "test1" file with messages tagged as "test1" ---->server C
receives message from client A and write to /clientA/test1.log
Reading your doc it should be simple but something doesn't work.
Could you please explain what is wrong in the following configuration?
I'll attach the two configurations:
*_ClientA:_**_
_*# add module to load external file
$ModLoad imfile
$InputFileName /appl/logs/test1.log
$InputFileTag test1
$InputFileStateFile file1
$InputFileSeverity debug
$InputFileFacility local6
$InputRunFileMonitor
$InputFilePersistStateInterval 1000
$InputFileName /appl/logs/test2.log
$InputFileTag test2
$InputFileStateFile file2
$InputFileSeverity debug
$InputFileFacility local6
$InputRunFileMonitor
$InputFilePersistStateInterval 1000
local6.* @@10.10.1.10:10514
_*ServerC:*_
#### MODULES ####
$ModLoad imuxsock # provides support for local system logging (e.g. via
logger command)
$ModLoad imklog # provides kernel logging support (previously done by
rklogd)
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 10514
#### GLOBAL DIRECTIVES ####
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# File syncing capability is disabled by default. This feature is usually not
required,
# not useful and an extreme performance hit
$ActionFileEnableSync off
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
##### working statements ######
if $fromhost-ip == '10.10.1.10' and $syslogfacility-text == 'local6' and
$syslogseverity-text == 'debug' and $syslogtag == 'test1' then
/rsyslog-data/app01/test1.log
if $fromhost-ip == '10.10.1.10' and $syslogfacility-text == 'local6' and
$syslogseverity-text == 'debug' and $syslogtag == 'test2' then
/rsyslog-data/app01/test2.log
########################
### if I substitute previous lines with following statement, rsyslog doesn't
log and no error messages on /var/log/messages #####
if $fromhost-ip == '10.10.1.10' and $syslogfacility-text == 'local6' and
$syslogseverity-text == 'debug' and $syslogtag == 'test1' then
action(type="omfile" DirCreateMode="0700" FileCreateMode="0644"
FileOwner="robert" FileGroup="users" File="/rsyslog-data/app01/test1.log")
if $fromhost-ip == '10.10.1.10' and $syslogfacility-text == 'local6' and
$syslogseverity-text == 'debug' and $syslogtag == 'test2' then
action(type="omfile" DirCreateMode="0700" FileCreateMode="0644"
FileOwner="alex" FileGroup="users" File="/rsyslog-data/app01/test2.log")
###########################
My scope is to customize user permissions for each file based on syslogtag
Could you please help me?
I don't know which modules are built-in on rsyslog 5.8.10 on rhel 6.4
The module dir installed on ServerC are only :
-rwxr-xr-x. 1 root root 15448 Jan 9 17:47 imfile.so
-rwxr-xr-x. 1 root root 27232 Jan 9 17:47 imklog.so
-rwxr-xr-x. 1 root root 6480 Jan 9 17:47 immark.so
-rwxr-xr-x. 1 root root 10800 Jan 9 17:47 impstats.so
-rwxr-xr-x. 1 root root 19304 Jan 9 17:47 imptcp.so
-rwxr-xr-x. 1 root root 11088 Jan 9 17:47 imtcp.so
-rwxr-xr-x. 1 root root 15224 Jan 9 17:47 imudp.so
-rwxr-xr-x. 1 root root 340568 Jan 9 17:47 imuxsock.so
-rwxr-xr-x. 1 root root 26984 Jan 9 17:47 lmnet.so
-rwxr-xr-x. 1 root root 20144 Jan 9 17:47 lmnetstrms.so
-rwxr-xr-x. 1 root root 32208 Jan 9 17:47 lmnsd_gtls.so
-rwxr-xr-x. 1 root root 24336 Jan 9 17:47 lmnsd_ptcp.so
-rwxr-xr-x. 1 root root 6144 Jan 9 17:47 lmregexp.so
-rwxr-xr-x. 1 root root 20320 Jan 9 17:47 lmstrmsrv.so
-rwxr-xr-x. 1 root root 10240 Jan 9 17:47 lmtcpclt.so
-rwxr-xr-x. 1 root root 24848 Jan 9 17:47 lmtcpsrv.so
-rwxr-xr-x. 1 root root 6144 Jan 9 17:47 lmzlibw.so
-rwxr-xr-x. 1 root root 14800 Jan 9 17:47 ommail.so
-rwxr-xr-x. 1 root root 10248 Jan 9 17:47 omprog.so
-rwxr-xr-x. 1 root root 10400 Jan 9 17:47 omruleset.so
-rwxr-xr-x. 1 root root 10240 Jan 9 17:47 omtesting.so
-rwxr-xr-x. 1 root root 10592 Jan 9 17:47 omuxsock.so
-rwxr-xr-x. 1 root root 10800 Jan 9 17:47 pmlastmsg.so
Unfortunately I can't install from source the last rsyslog version available
:-(
Regards,
Roberto.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
