On Fri, May 24, 2013 at 10:32 AM, Roberto <[email protected]> wrote:
> Hello, > I've reduce the problem using the same configuration with rsyslog 7 on > different server. > The problem was FileGroup="users" (the process return SEGMENTATION FAULT > can you show us the exact config that caused the segfault? Rainer > If I use DirOwner= the statement works. > > Could someone tell me why FileGroup doesn't work on 5.8 and on 7.2 return > SEGMENTATION FAULT? > > Thanks > > On 05/17/2013 09:53 PM, David Lang wrote: > >> Thanks, I missed that in the doc. >> >> Still, the debug will probably tell you what's wrong. >> >> You say what should be happening, but I am not understanding what's >> happening instead. >> >> David Lang >> >> On Fri, 17 May 2013, Rainer Gerhards wrote: >> >> Date: Fri, 17 May 2013 20:22:52 +0200 >>> From: Rainer Gerhards <[email protected]> >>> Reply-To: rsyslog-users <[email protected]> >>> To: rsyslog-users <[email protected]> >>> Subject: Re: [rsyslog] rsyslog 5.8.10 and if then action >>> >>> It was always if ... then. >>> The docs list legacy stmt that do what the new style config does. >>> Am 17.05.2013 18:27 schrieb "David Lang" <[email protected]>: >>> >>> I don't believe that the 5.x series supported if then, I think the >>>> syntax >>>> was >>>> >>>> if <condition> <action> without the 'then' >>>> >>>> if you startup rsyslog in debug mode (-d -n), it will dump out a huge >>>> amount of information that tells you just about everything it's >>>> doing. Look >>>> through that for any errors that it reports when loading the config >>>> file. >>>> >>>> David Lang >>>> >>>> On Fri, 17 May 2013, Roberto Giordani wrote: >>>> >>>> Date: Fri, 17 May 2013 10:21:06 +0200 >>>> >>>>> From: Roberto Giordani <[email protected]> >>>>> Reply-To: rsyslog-users <[email protected]> >>>>> To: [email protected] >>>>> Subject: [rsyslog] rsyslog 5.8.10 and if then action >>>>> >>>>> Hello Rainer, >>>>> I'm using on RHEL 6.4 the supported rsyslog 5.8.10 version. >>>>> My environment is : >>>>> -)2 client rsyslog (A and B) that send application logs to 1 server (C) >>>>> where is a centralized rsyslog server >>>>> -)each client, tag each file, before send them to server C >>>>> -)server C receive and split to the same log file name using filter >>>>> based >>>>> on hostname, facility, tag, >>>>> -)server C should create directory based on %HOSTNAME% permission and >>>>> owner file based of some criteria >>>>> >>>>> ES: client A send "test1" file with messages tagged as "test1" >>>>> ---->server C receives message from client A and write to >>>>> /clientA/test1.log >>>>> >>>>> Reading your doc it should be simple but something doesn't work. >>>>> Could you please explain what is wrong in the following configuration? >>>>> >>>>> I'll attach the two configurations: >>>>> >>>>> *_ClientA:_**_ >>>>> _*# add module to load external file >>>>> $ModLoad imfile >>>>> >>>>> $InputFileName /appl/logs/test1.log >>>>> $InputFileTag test1 >>>>> $InputFileStateFile file1 >>>>> $InputFileSeverity debug >>>>> $InputFileFacility local6 >>>>> $InputRunFileMonitor >>>>> $InputFilePersistStateInterval 1000 >>>>> >>>>> $InputFileName /appl/logs/test2.log >>>>> $InputFileTag test2 >>>>> $InputFileStateFile file2 >>>>> $InputFileSeverity debug >>>>> $InputFileFacility local6 >>>>> $InputRunFileMonitor >>>>> $InputFilePersistStateInterval 1000 >>>>> >>>>> local6.* @@10.10.1.10:10514 >>>>> >>>>> >>>>> _*ServerC:*_ >>>>> #### MODULES #### >>>>> >>>>> $ModLoad imuxsock # provides support for local system logging (e.g. via >>>>> logger command) >>>>> $ModLoad imklog # provides kernel logging support (previously done by >>>>> rklogd) >>>>> >>>>> # Provides TCP syslog reception >>>>> $ModLoad imtcp >>>>> $InputTCPServerRun 10514 >>>>> >>>>> >>>>> #### GLOBAL DIRECTIVES #### >>>>> >>>>> # Use default timestamp format >>>>> $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat >>>>> >>>>> # File syncing capability is disabled by default. This feature is >>>>> usually >>>>> not required, >>>>> # not useful and an extreme performance hit >>>>> $ActionFileEnableSync off >>>>> >>>>> # Include all config files in /etc/rsyslog.d/ >>>>> $IncludeConfig /etc/rsyslog.d/*.conf >>>>> >>>>> ##### working statements ###### >>>>> if $fromhost-ip == '10.10.1.10' and $syslogfacility-text == 'local6' >>>>> and >>>>> $syslogseverity-text == 'debug' and $syslogtag == 'test1' then >>>>> /rsyslog-data/app01/test1.log >>>>> if $fromhost-ip == '10.10.1.10' and $syslogfacility-text == 'local6' >>>>> and >>>>> $syslogseverity-text == 'debug' and $syslogtag == 'test2' then >>>>> /rsyslog-data/app01/test2.log >>>>> ######################## >>>>> >>>>> >>>>> ### if I substitute previous lines with following statement, rsyslog >>>>> doesn't log and no error messages on /var/log/messages ##### >>>>> >>>>> if $fromhost-ip == '10.10.1.10' and $syslogfacility-text == 'local6' >>>>> and >>>>> $syslogseverity-text == 'debug' and $syslogtag == 'test1' then >>>>> action(type="omfile" DirCreateMode="0700" FileCreateMode="0644" >>>>> FileOwner="robert" FileGroup="users" File="/rsyslog-data/app01/** >>>>> test1.log") >>>>> >>>>> if $fromhost-ip == '10.10.1.10' and $syslogfacility-text == 'local6' >>>>> and >>>>> $syslogseverity-text == 'debug' and $syslogtag == 'test2' then >>>>> action(type="omfile" DirCreateMode="0700" FileCreateMode="0644" >>>>> FileOwner="alex" FileGroup="users" File="/rsyslog-data/app01/** >>>>> test2.log") >>>>> >>>>> ########################### >>>>> >>>>> My scope is to customize user permissions for each file based on >>>>> syslogtag >>>>> Could you please help me? >>>>> >>>>> I don't know which modules are built-in on rsyslog 5.8.10 on rhel 6.4 >>>>> The module dir installed on ServerC are only : >>>>> >>>>> -rwxr-xr-x. 1 root root 15448 Jan 9 17:47 imfile.so >>>>> -rwxr-xr-x. 1 root root 27232 Jan 9 17:47 imklog.so >>>>> -rwxr-xr-x. 1 root root 6480 Jan 9 17:47 immark.so >>>>> -rwxr-xr-x. 1 root root 10800 Jan 9 17:47 impstats.so >>>>> -rwxr-xr-x. 1 root root 19304 Jan 9 17:47 imptcp.so >>>>> -rwxr-xr-x. 1 root root 11088 Jan 9 17:47 imtcp.so >>>>> -rwxr-xr-x. 1 root root 15224 Jan 9 17:47 imudp.so >>>>> -rwxr-xr-x. 1 root root 340568 Jan 9 17:47 imuxsock.so >>>>> -rwxr-xr-x. 1 root root 26984 Jan 9 17:47 lmnet.so >>>>> -rwxr-xr-x. 1 root root 20144 Jan 9 17:47 lmnetstrms.so >>>>> -rwxr-xr-x. 1 root root 32208 Jan 9 17:47 lmnsd_gtls.so >>>>> -rwxr-xr-x. 1 root root 24336 Jan 9 17:47 lmnsd_ptcp.so >>>>> -rwxr-xr-x. 1 root root 6144 Jan 9 17:47 lmregexp.so >>>>> -rwxr-xr-x. 1 root root 20320 Jan 9 17:47 lmstrmsrv.so >>>>> -rwxr-xr-x. 1 root root 10240 Jan 9 17:47 lmtcpclt.so >>>>> -rwxr-xr-x. 1 root root 24848 Jan 9 17:47 lmtcpsrv.so >>>>> -rwxr-xr-x. 1 root root 6144 Jan 9 17:47 lmzlibw.so >>>>> -rwxr-xr-x. 1 root root 14800 Jan 9 17:47 ommail.so >>>>> -rwxr-xr-x. 1 root root 10248 Jan 9 17:47 omprog.so >>>>> -rwxr-xr-x. 1 root root 10400 Jan 9 17:47 omruleset.so >>>>> -rwxr-xr-x. 1 root root 10240 Jan 9 17:47 omtesting.so >>>>> -rwxr-xr-x. 1 root root 10592 Jan 9 17:47 omuxsock.so >>>>> -rwxr-xr-x. 1 root root 10800 Jan 9 17:47 pmlastmsg.so >>>>> >>>>> Unfortunately I can't install from source the last rsyslog version >>>>> available :-( >>>>> >>>>> Regards, >>>>> Roberto. >>>>> ______________________________****_________________ >>>>> rsyslog mailing list >>>>> http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog> >>>>> <http:**//lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>>>> > >>>>> >>>>> http://www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/> >>>>> <http://**www.rsyslog.com/professional-**services/<http://www.rsyslog.com/professional-services/> >>>>> > >>>>> >>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >>>>> myriad >>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >>>>> DON'T LIKE THAT. >>>>> >>>>> ______________________________****_________________ >>>>> >>>> rsyslog mailing list >>>> http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog> >>>> <http:**//lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>>> > >>>> >>>> http://www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/> >>>> <http://**www.rsyslog.com/professional-**services/<http://www.rsyslog.com/professional-services/> >>>> > >>>> >>>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >>>> DON'T LIKE THAT. >>>> >>>> ______________________________**_________________ >>> rsyslog mailing list >>> http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>> http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/> >>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >>> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST >>> if you DON'T LIKE THAT. >>> >>> > ______________________________**_________________ > rsyslog mailing list > http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> > http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/> > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
