Hi David,
This is my rsyslog version:
rsyslogd -version
rsyslogd 5.8.10, compiled with:
FEATURE_REGEXP: Yes
FEATURE_LARGEFILE: No
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
Runtime Instrumentation (slow code): No
I edit my esx.host with this:
if $hostname contains 'ibkesxief205' then
:ommysql:127.0.0.1,syslog,syslogadmin,init1234;syslogitmon &
/var/log/testmessages
when I enabled on esx syslog ... I don't see any log records in testmessages
but I can see in /var/log/messages the esx records
this is my rsyslog.conf
#geladene Modules
$ModLoad imuxsock
$ModLoad imklog
$ModLoad ommysql
$ModLoad imudp.so
#UDP syslog Empfaenger
$UDPServerRun 514
$AllowedSender UDP, 127.0.0.1, 192.168.160.205
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Lokale Filter
*.* /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
# Remote Filter
$EscapeControlCharactersOnReceive off
# Template Syslog to DB
$template syslogitmon,"INSERT INTO logs (host,facility,
priority,level,tag,datetime,program,msg) VALUES
('%HOSTNAME%','%syslogfacility-text%','%syslogpriority-text%','%syslogseverity-text%','%syslogtag%','%timereported:::date-mysql%','%programname%',
'%msg:::space-cc%')", SQL
# Config Files /etc/rsyslog.d
$IncludeConfig /etc/rsyslog.d/localhost.host
$IncludeConfig /etc/rsyslog.d/esx.host
thomas
-----Ursprüngliche Nachricht-----
Von: [email protected]
[mailto:[email protected]] Im Auftrag von David Lang
Gesendet: Donnerstag, 5. September 2013 16:29
An: rsyslog-users
Betreff: Re: [rsyslog] WG: problem with rsyslog and vmware
Ok, that should mean that the problem is in the filter, not the database
connection. to confirm this, please add a line to esx.cfg right after the
filter you have that does something like
& /var/log/testmessages
this will use the same filter and write the messages out to a file.
If the problem is in the filter, nothing will show up here either
what version of rsyslog are you using? if it's prior to 7.x, the if..then
filter format is much slower than other filters, so you may want to try
:hostname, startswith, 'ibkesxief205' /var/log/testmessages
(startswith is going to be faster than contains)
David Lang
On Thu, 5 Sep 2013, Walther, Thomas wrote:
> Hi,
>
> no this is a copy and paste failure :-) ... the config file is esx.cfg ...
> when i start up i don't have any errors and other remote server (firewall,
> windows server, printer, switches) log to d band localhost also ...
>
> thomas
>
> -----Urspr?ngliche Nachricht-----
> Von: [email protected]
> [mailto:[email protected]] Im Auftrag von David Lang
> Gesendet: Mittwoch, 4. September 2013 23:09
> An: rsyslog-users
> Betreff: Re: [rsyslog] WG: problem with rsyslog and vmware
>
> well, one possible thing is that you show esx.cfg, but you include esx.conf
> is there any other place that includes esx.cfg? do you get an error at
> startup that complains about not being able to open esx.conf?
>
> is anything getting written to the database?
>
> if you change the filter to something else, does it write something to the
> database.
>
> David Lang
>
> On Wed, 4 Sep 2013, Walther, Thomas wrote:
>
>> Date: Wed, 4 Sep 2013 12:11:16 +0000
>> From: "Walther, Thomas" <[email protected]>
>> Reply-To: rsyslog-users <[email protected]>
>> To: "[email protected]" <[email protected]>
>> Subject: [rsyslog] WG: problem with rsyslog and vmware
>>
>> Hi,
>>
>> I have a problem with rsyslog and vmware esx syslog messages. I hope you can
>> help me. We have an syslog server with rsyslog and it works fine for Linux/
>> Switches and Windows Systems, but VMware ESX Hosts make problems.
>>
>> When I configure the Syslog IP on the ESX Host I can see the Messages in the
>> File message but not in the Database. Her are the Config from the syslog:
>>
>>
>> ? Esx.cfg
>>
>> if $hostname contains 'ibkesxief205' then
>> :ommysql:127.0.0.1,syslog,syslogadmin,init1234;syslogitmon
>>
>>
>> ? rsyslog.conf
>>
>> #geladene Modules
>> $ModLoad imuxsock
>> $ModLoad imklog
>> $ModLoad ommysql
>> $ModLoad imudp.so
>>
>> #UDP syslog Empfaenger
>> $UDPServerRun 514
>> $AllowedSender UDP, 127.0.0.1, 192.168.160.205
>>
>> # Use default timestamp format
>> $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
>>
>> # Lokale Filter
>> *.* /var/log/messages
>> # The authpriv file has restricted access.
>> authpriv.* /var/log/secure
>> # Log all the mail messages in one place.
>> mail.* -/var/log/maillog
>> # Log cron stuff
>> cron.* /var/log/cron
>> # Everybody gets emergency messages
>> *.emerg *
>> # Save news errors of level crit and higher in a special file.
>> uucp,news.crit /var/log/spooler
>> # Save boot messages also to boot.log
>> local7.* /var/log/boot.log
>>
>>
>> # Remote Filter
>> $EscapeControlCharactersOnReceive off
>>
>> # Template Syslog to DB
>> $template syslogitmon,"INSERT INTO logs (host,facility,
>> priority,level,tag,datetime,program,msg) VALUES
>> ('%HOSTNAME%','%syslogfacility-text%','%syslogpriority-text%','%syslo
>> g
>> severity-text%','%syslogtag%','%timereported:::date-mysql%','%program
>> n
>> ame%', '%msg:::space-cc%')", SQL
>>
>> # Config Files /etc/rsyslog.d
>> $IncludeConfig /etc/rsyslog.d/localhost.host $IncludeConfig
>> /etc/rsyslog.d/esx.host #$IncludeConfig /etc/rsyslog.d/nagios.hosts
>>
>>
>>
>> And this can I see in the File /var/log/messages
>>
>> Aug 16 06:12:28 ibkesxief205.xxx Hostd: [2013-08-16 06:12:28.102 7FA40B90
>> verbose 'Locale'] Default resource used for
>> 'host.SystemIdentificationInfo.IdentifierType.ServiceTag.summary' expected
>> in module 'enum'.
>> Aug 16 06:12:28 ibkesxief205.xxx Hostd: [2013-08-16 06:12:28.389
>> 7F340B90 verbose 'App'] CloseSession called for session
>> id=527872ba-8111-ccf6-673d-f429af668540
>> Aug 16 06:12:28 ibkesxief205.xxx Hostd: [2013-08-16 06:12:28.390
>> 7F340B90 info 'ha-eventmgr'] Event 648916 : User root logged out Aug
>> 16 06:12:29 ibkesxief205.xxx Hostd: [2013-08-16 06:12:29.080 7FA81B90
>> verbose
>> 'vm:/vmfs/volumes/4d3ffa3a-f195e291-bc6c-001cc4c2cfa5/ITmonitor-1.2/I
>> T monitor-1.2.vmx'] Actual VM overhead: 176226304 bytes Aug 16
>> 06:12:29 ibkesxief205.xxx Hostd: [2013-08-16 06:12:29.082 7FA81B90
>> verbose 'vm:/vmfs/volumes/fc3704bb-0ce89977/ITmonitor/ITmonitor.vmx']
>> Actual VM overhead: 199598080 bytes Aug 16 06:12:29 ibkesxief205.xxx
>> Hostd:
>> [2013-08-16 06:12:29.083 7FA81B90 verbose 'Vmsvc'] RefreshVms updated
>> overhead for 2 VMs
>>
>> ---------------------------------------------------------------------
>> -
>> ---------------------------------------------------------------------
>> -
>> ---------------------------------------------------------------------
>> -
>> ----------------------------------------
>>
>> in the attachment you have a debug.log from a session ...
>>
>> I hope you can help you,
>>
>> thanks and regards,
>>
>> thomas
>>
>> ________________________________
>> IBYKUS AG f?r Informationstechnologie, Erfurt / HRB 108616 - D-Jena /
>> Vorstand: Helmut C. Henkel, Dr. Lutz Richter Vorsitzender des
>> Aufsichtsrates: Dr. Wolfgang Habel
>>
>> ________________________________
>> IBYKUS AG f?r Informationstechnologie, Erfurt / HRB 108616 - D-Jena /
>> Vorstand: Helmut C. Henkel, Dr. Lutz Richter Vorsitzender des
>> Aufsichtsrates: Dr. Wolfgang Habel
>>
>
> ________________________________
> IBYKUS AG f?r Informationstechnologie, Erfurt / HRB 108616 - D-Jena /
> Vorstand: Helmut C. Henkel, Dr. Lutz Richter Vorsitzender des
> Aufsichtsrates: Dr. Wolfgang Habel
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE
> WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites
> beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is
a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our
control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
________________________________
IBYKUS AG für Informationstechnologie, Erfurt / HRB 108616 - D-Jena / Vorstand:
Helmut C. Henkel, Dr. Lutz Richter
Vorsitzender des Aufsichtsrates: Dr. Wolfgang Habel
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
