I am running RHEL 6.3 with included rsyslog-5.8.10-2 rpm. I am having an issue upon system boot, whereby logs are not being written to /var/log/messages when the (later) action to send to another host via TCP cannot make a connection.
A snippet from my rules are as follows: ... # Log anything except authpriv, cron, syslog, of level info or higher. *.info;local0.none;authpriv.none;cron.none;syslog.none /var/log/messages >>more rules<< >>action and driver mode settings<< *.info;local0.* @@SOME_IP:SOME_PORT ... It does not matter if I put the remote rule before or after the one directing to /var/log/messages. After boot, I test using 'logger -p security.crit some message', where I would expect the string 'some message' to appear in /var/log/messages, but it is not there. Using wireshark, I see that the only network traffic upon boot are ARP messages looking for SOME_IP. If I restart the rsyslog service, then I can re-execute the 'logger' command and then I do see the expected string in /var/log/messages. Looking again at wireshark, there are still only ARP messages looking for SOME_IP. Is there a bug in this version that causes hanging on boot, whereby some dependent service/item isn't running yet that does exist/is ready when doing a service restart? The order of services starting are iptables, network, rsyslog, ... Any ideas as to what is causing this/how to fix it? Logan Rodrian _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
