Ok, that should mean that the problem is in the filter, not the database
connection. to confirm this, please add a line to esx.cfg right after the filter
you have that does something like
& /var/log/testmessages
this will use the same filter and write the messages out to a file.
If the problem is in the filter, nothing will show up here either
what version of rsyslog are you using? if it's prior to 7.x, the if..then filter
format is much slower than other filters, so you may want to try
:hostname, startswith, 'ibkesxief205' /var/log/testmessages
(startswith is going to be faster than contains)
David Lang
On Thu, 5 Sep 2013, Walther, Thomas wrote:
Hi,
no this is a copy and paste failure :-) ... the config file is esx.cfg ... when
i start up i don't have any errors and other remote server (firewall, windows
server, printer, switches) log to d band localhost also ...
thomas
-----Urspr?ngliche Nachricht-----
Von: [email protected]
[mailto:[email protected]] Im Auftrag von David Lang
Gesendet: Mittwoch, 4. September 2013 23:09
An: rsyslog-users
Betreff: Re: [rsyslog] WG: problem with rsyslog and vmware
well, one possible thing is that you show esx.cfg, but you include esx.conf is
there any other place that includes esx.cfg? do you get an error at startup
that complains about not being able to open esx.conf?
is anything getting written to the database?
if you change the filter to something else, does it write something to the
database.
David Lang
On Wed, 4 Sep 2013, Walther, Thomas wrote:
Date: Wed, 4 Sep 2013 12:11:16 +0000
From: "Walther, Thomas" <[email protected]>
Reply-To: rsyslog-users <[email protected]>
To: "[email protected]" <[email protected]>
Subject: [rsyslog] WG: problem with rsyslog and vmware
Hi,
I have a problem with rsyslog and vmware esx syslog messages. I hope you can
help me. We have an syslog server with rsyslog and it works fine for Linux/
Switches and Windows Systems, but VMware ESX Hosts make problems.
When I configure the Syslog IP on the ESX Host I can see the Messages in the
File message but not in the Database. Her are the Config from the syslog:
? Esx.cfg
if $hostname contains 'ibkesxief205' then
:ommysql:127.0.0.1,syslog,syslogadmin,init1234;syslogitmon
? rsyslog.conf
#geladene Modules
$ModLoad imuxsock
$ModLoad imklog
$ModLoad ommysql
$ModLoad imudp.so
#UDP syslog Empfaenger
$UDPServerRun 514
$AllowedSender UDP, 127.0.0.1, 192.168.160.205
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Lokale Filter
*.* /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
# Remote Filter
$EscapeControlCharactersOnReceive off
# Template Syslog to DB
$template syslogitmon,"INSERT INTO logs (host,facility,
priority,level,tag,datetime,program,msg) VALUES
('%HOSTNAME%','%syslogfacility-text%','%syslogpriority-text%','%syslog
severity-text%','%syslogtag%','%timereported:::date-mysql%','%programn
ame%', '%msg:::space-cc%')", SQL
# Config Files /etc/rsyslog.d
$IncludeConfig /etc/rsyslog.d/localhost.host $IncludeConfig
/etc/rsyslog.d/esx.host #$IncludeConfig /etc/rsyslog.d/nagios.hosts
And this can I see in the File /var/log/messages
Aug 16 06:12:28 ibkesxief205.xxx Hostd: [2013-08-16 06:12:28.102 7FA40B90
verbose 'Locale'] Default resource used for
'host.SystemIdentificationInfo.IdentifierType.ServiceTag.summary' expected in
module 'enum'.
Aug 16 06:12:28 ibkesxief205.xxx Hostd: [2013-08-16 06:12:28.389
7F340B90 verbose 'App'] CloseSession called for session
id=527872ba-8111-ccf6-673d-f429af668540
Aug 16 06:12:28 ibkesxief205.xxx Hostd: [2013-08-16 06:12:28.390
7F340B90 info 'ha-eventmgr'] Event 648916 : User root logged out Aug
16 06:12:29 ibkesxief205.xxx Hostd: [2013-08-16 06:12:29.080 7FA81B90
verbose
'vm:/vmfs/volumes/4d3ffa3a-f195e291-bc6c-001cc4c2cfa5/ITmonitor-1.2/IT
monitor-1.2.vmx'] Actual VM overhead: 176226304 bytes Aug 16 06:12:29
ibkesxief205.xxx Hostd: [2013-08-16 06:12:29.082 7FA81B90 verbose
'vm:/vmfs/volumes/fc3704bb-0ce89977/ITmonitor/ITmonitor.vmx'] Actual
VM overhead: 199598080 bytes Aug 16 06:12:29 ibkesxief205.xxx Hostd:
[2013-08-16 06:12:29.083 7FA81B90 verbose 'Vmsvc'] RefreshVms updated
overhead for 2 VMs
----------------------------------------------------------------------
----------------------------------------------------------------------
----------------------------------------------------------------------
----------------------------------------
in the attachment you have a debug.log from a session ...
I hope you can help you,
thanks and regards,
thomas
________________________________
IBYKUS AG f?r Informationstechnologie, Erfurt / HRB 108616 - D-Jena /
Vorstand: Helmut C. Henkel, Dr. Lutz Richter Vorsitzender des
Aufsichtsrates: Dr. Wolfgang Habel
________________________________
IBYKUS AG f?r Informationstechnologie, Erfurt / HRB 108616 - D-Jena /
Vorstand: Helmut C. Henkel, Dr. Lutz Richter Vorsitzender des
Aufsichtsrates: Dr. Wolfgang Habel
________________________________
IBYKUS AG f?r Informationstechnologie, Erfurt / HRB 108616 - D-Jena / Vorstand:
Helmut C. Henkel, Dr. Lutz Richter
Vorsitzender des Aufsichtsrates: Dr. Wolfgang Habel
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
