Hi folks,
I have the following configuration:
$ModLoad immark # provides --MARK-- message capability
$ModLoad imuxsock # provides support for local system logging (e.g. via
logger command)
$ModLoad imsolaris # kernel logging (imklog or imsolaris)
$ModLoad omrabbitmq # provides rabbitmq output
$ModLoad imudp.so # provides UDP syslog reception
$ModLoad imfile # provides FILE input
$UDPServerRun 514 # start a UDP syslog server at standard port 514
# Save boot messages also to boot.log
*.* /var/log/syslog
$template
malefantJSON,"{%timestamp:::date-rfc3339,jsonf:@timestamp%,%source:::jsonf:
@source%,%source:::jsonf:@source_host%,\"@message\":\"%msg:::json%\",\"@fie
lds\":{%syslogfacility-text:::jsonf:facility%,%syslogseverity-text:::jsonf:
severity%,%app-name:::jsonf:program%,%procid:::jsonf:processid%}}"
$RepeatedMsgReduction off
*.* action(type="omrabbitmq"
host="_HIDDEN_IP_ADDRESS_"
virtual_host="/"
user="pump"
password="dump"
exchange="syslog"
routing_key="syslog.all"
template="malefantJSON")
However, some messages sent to syslog aren't being processed by the
action. For example in /var/log/syslog I see:
2013-06-14T09:49:59+00:00 mol-hsk-cfph2 node-syslog[23547]: [ID 702911
user.emerg] OBVIOUS MESSAGE ALL IN CAPS <<<<<<<>>>>>>>>>> Fri Jun 14 2013
09:49:59 GMT+0100 (GMT)
2013-06-14T09:49:59+00:00 mol-hsk-cfph2 node-syslog[23547]: [ID 702911
user.emerg] OBVIOUS MESSAGE ALL IN CAPS <<<<<<<>>>>>>>>>> Fri Jun 14 2013
09:49:59 GMT+0100 (GMT)
2013-06-14T09:50:00+00:00 mol-hsk-cfph2 node-syslog[23547]: [ID 702911
user.emerg] OBVIOUS MESSAGE ALL IN CAPS <<<<<<<>>>>>>>>>> Fri Jun 14 2013
09:50:00 GMT+0100 (GMT)
2013-06-14T09:50:00+00:00 mol-hsk-cfph2 node-syslog[23547]: [ID 702911
user.emerg] OBVIOUS MESSAGE ALL IN CAPS <<<<<<<>>>>>>>>>> Fri Jun 14 2013
09:50:00 GMT+0100 (GMT)
2013-06-14T09:50:00+00:00 mol-hsk-cfph2 node-syslog[23547]: [ID 702911
user.emerg] OBVIOUS MESSAGE ALL IN CAPS <<<<<<<>>>>>>>>>> Fri Jun 14 2013
09:50:00 GMT+0100 (GMT)
2013-06-14T08:51:09+00:00 mol-hsk-cfph2 cf3[55035]: [ID 823470 user.error]
There is no readable input file at /var/cfengine/inputs/update.cf
2013-06-14T08:51:09+00:00 mol-hsk-cfph2 cf3[55035]: [ID 823470 user.error]
!!! System reports error for stat: "No such file or directory"
2013-06-14T08:51:09+00:00 mol-hsk-cfph2 cf3[55035]: [ID 823470 user.error]
CFEngine was not able to get confirmation of promises from cf-promises, so
going to failsafe
2013-06-14T08:51:10+00:00 mol-hsk-cfph2 cf3[55035]: [ID 823470
user.notice] R: -> Updated local policy from policy server
2013-06-14T08:51:10+00:00 mol-hsk-cfph2 cf3[55035]: [ID 823470
user.notice] R: !! Did not start the scheduler
2013-06-14T08:51:12+00:00 mol-hsk-cfph2 cf3[55033]: [ID 823470
user.notice] R: [MOLMSG-ERR] Persona classes cannot be raised as the
personas file is missing!
2013-06-14T08:51:12+00:00 mol-hsk-cfph2 cf3[55033]: [ID 823470
user.notice] R: [MOLMSG-INFO] No releaes file was found. That could be a
good or bad thing.
the cf3 logs get sent off but the node-syslog messages don't.
Any ideas as to why perhaps?
--
Khushil Dep
07905374843
@khushil
______________________________________________________________________
This e-mail and any attached files are intended for the named addressee only.
It contains information, which may be confidential and legally privileged and
also protected by copyright. Unless you are the named addressee (or authorised
to receive for the addressee) you may not copy or use it, or disclose it to
anyone else. If you received it in error please notify the sender immediately
and then delete it from your system. Please be advised that the views and
opinions expressed in this e-mail may not reflect the views and opinions of
Associated Newspapers Limited or any of its subsidiary companies. We make every
effort to keep our network free from viruses. However, you do need to check
this e-mail and any attachments to it for viruses as we can take no
responsibility for any computer virus which may be transferred by way of this
e-mail. Use of this or any other e-mail facility signifies consent to any
interception we might lawfully carry out to prevent abuse of these faciliti
es.
Associated Newspapers Ltd. Registered Office: Northcliffe House, 2 Derry St,
Kensington, London, W8 5TT. Registered No 84121 England.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
