Hi, i can see the records in testmessage:
tail -f -n 30 /var/log/testmessages Sep 6 08:06:25 ibkesxief205.xxx.de Hostd: [2013-09-06 08:06:25.591 7FA40B90 info 'SyslogConfigProvider' opID=64860FC2-0000FD5D] Set called with key 'Syslog.Remote.Hostname' value '"192.168.169.83"' Sep 6 08:06:25 ibkesxief205.xxx.de Hostd: [2013-09-06 08:06:25.591 7FA40B90 info 'TaskManager' opID=64860FC2-0000FD5D] Task Completed : haTask-ha-host-vim.option.OptionManager.updateValues-1087596 Status success Sep 6 08:06:48 ibkesxief205.xxx.de Hostd: [2013-09-06 08:06:48.936 7F3DBB90 verbose 'Cimsvc'] Ticket issued for CIMOM version 1.0, user root Sep 6 08:07:12 ibkesxief205.xxx.de Hostd: [2013-09-06 08:07:12.656 7F7F3B90 verbose 'vm:/vmfs/volumes/4d3ffa3a-f195e291-bc6c-001cc4c2cfa5/monitor/monitor-1.2.vmx'] Actual VM overhead: 166735872 bytes Sep 6 08:07:12 ibkesxief205.xxx.de Hostd: [2013-09-06 08:07:12.658 7F7F3B90 verbose 'vm:/vmfs/volumes/fc3704bb-0ce89977/monitor/monitor.vmx'] Actual VM overhead: 199393280 bytes Sep 6 08:07:12 ibkesxief205.xxx.de Hostd: [2013-09-06 08:07:12.658 7F7F3B90 verbose 'Vmsvc'] RefreshVms updated overhead for 2 VMs And now??? Thomas -----Ursprüngliche Nachricht----- Von: [email protected] [mailto:[email protected]] Im Auftrag von David Lang Gesendet: Donnerstag, 5. September 2013 23:33 An: rsyslog-users Betreff: Re: [rsyslog] WG: problem with rsyslog and vmware the & needs to be on a separate line. If you still do not get any messages in testmessages, then try removing all the database stuff and just output to testmessages instead. If this doesn't work then the problme is your filter. since you are using 5.8, the if..then will be singificantly slower than the other format I described. David Lang On Thu, 5 Sep 2013, Walther, Thomas wrote: > Hi David, > > This is my rsyslog version: > > rsyslogd -version > rsyslogd 5.8.10, compiled with: > FEATURE_REGEXP: Yes > FEATURE_LARGEFILE: No > GSSAPI Kerberos 5 support: Yes > FEATURE_DEBUG (debug build, slow code): No > 32bit Atomic operations supported: Yes > 64bit Atomic operations supported: Yes > Runtime Instrumentation (slow code): No > > I edit my esx.host with this: > > if $hostname contains 'ibkesxief205' then > :ommysql:127.0.0.1,syslog,syslogadmin,init1234;syslogitmon & > /var/log/testmessages > > when I enabled on esx syslog ... I don't see any log records in > testmessages but I can see in /var/log/messages the esx records > > this is my rsyslog.conf > > #geladene Modules > $ModLoad imuxsock > $ModLoad imklog > $ModLoad ommysql > $ModLoad imudp.so > > #UDP syslog Empfaenger > $UDPServerRun 514 > $AllowedSender UDP, 127.0.0.1, 192.168.160.205 > > # Use default timestamp format > $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat > > # Lokale Filter > *.* /var/log/messages > # The authpriv file has restricted access. > authpriv.* /var/log/secure > # Log all the mail messages in one place. > mail.* -/var/log/maillog > # Log cron stuff > cron.* /var/log/cron > # Everybody gets emergency messages > *.emerg * > # Save news errors of level crit and higher in a special file. > uucp,news.crit /var/log/spooler > # Save boot messages also to boot.log > local7.* /var/log/boot.log > > > # Remote Filter > $EscapeControlCharactersOnReceive off > > # Template Syslog to DB > $template syslogitmon,"INSERT INTO logs (host,facility, > priority,level,tag,datetime,program,msg) VALUES > ('%HOSTNAME%','%syslogfacility-text%','%syslogpriority-text%','%syslog > severity-text%','%syslogtag%','%timereported:::date-mysql%','%programn > ame%', '%msg:::space-cc%')", SQL > > # Config Files /etc/rsyslog.d > $IncludeConfig /etc/rsyslog.d/localhost.host $IncludeConfig > /etc/rsyslog.d/esx.host > > thomas > > -----Urspr?ngliche Nachricht----- > Von: [email protected] > [mailto:[email protected]] Im Auftrag von David Lang > Gesendet: Donnerstag, 5. September 2013 16:29 > An: rsyslog-users > Betreff: Re: [rsyslog] WG: problem with rsyslog and vmware > > Ok, that should mean that the problem is in the filter, not the > database connection. to confirm this, please add a line to esx.cfg > right after the filter you have that does something like > > & /var/log/testmessages > > this will use the same filter and write the messages out to a file. > > If the problem is in the filter, nothing will show up here either > > what version of rsyslog are you using? if it's prior to 7.x, the > if..then filter format is much slower than other filters, so you may > want to try > > :hostname, startswith, 'ibkesxief205' /var/log/testmessages > > (startswith is going to be faster than contains) > > David Lang > > On Thu, 5 Sep 2013, Walther, Thomas wrote: > >> Hi, >> >> no this is a copy and paste failure :-) ... the config file is esx.cfg ... >> when i start up i don't have any errors and other remote server (firewall, >> windows server, printer, switches) log to d band localhost also ... >> >> thomas >> >> -----Urspr?ngliche Nachricht----- >> Von: [email protected] >> [mailto:[email protected]] Im Auftrag von David Lang >> Gesendet: Mittwoch, 4. September 2013 23:09 >> An: rsyslog-users >> Betreff: Re: [rsyslog] WG: problem with rsyslog and vmware >> >> well, one possible thing is that you show esx.cfg, but you include esx.conf >> is there any other place that includes esx.cfg? do you get an error at >> startup that complains about not being able to open esx.conf? >> >> is anything getting written to the database? >> >> if you change the filter to something else, does it write something to the >> database. >> >> David Lang >> >> On Wed, 4 Sep 2013, Walther, Thomas wrote: >> >>> Date: Wed, 4 Sep 2013 12:11:16 +0000 >>> From: "Walther, Thomas" <[email protected]> >>> Reply-To: rsyslog-users <[email protected]> >>> To: "[email protected]" <[email protected]> >>> Subject: [rsyslog] WG: problem with rsyslog and vmware >>> >>> Hi, >>> >>> I have a problem with rsyslog and vmware esx syslog messages. I hope you >>> can help me. We have an syslog server with rsyslog and it works fine for >>> Linux/ Switches and Windows Systems, but VMware ESX Hosts make problems. >>> >>> When I configure the Syslog IP on the ESX Host I can see the Messages in >>> the File message but not in the Database. Her are the Config from the >>> syslog: >>> >>> >>> ? Esx.cfg >>> >>> if $hostname contains 'ibkesxief205' then >>> :ommysql:127.0.0.1,syslog,syslogadmin,init1234;syslogitmon >>> >>> >>> ? rsyslog.conf >>> >>> #geladene Modules >>> $ModLoad imuxsock >>> $ModLoad imklog >>> $ModLoad ommysql >>> $ModLoad imudp.so >>> >>> #UDP syslog Empfaenger >>> $UDPServerRun 514 >>> $AllowedSender UDP, 127.0.0.1, 192.168.160.205 >>> >>> # Use default timestamp format >>> $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat >>> >>> # Lokale Filter >>> *.* /var/log/messages >>> # The authpriv file has restricted access. >>> authpriv.* /var/log/secure >>> # Log all the mail messages in one place. >>> mail.* -/var/log/maillog >>> # Log cron stuff >>> cron.* /var/log/cron >>> # Everybody gets emergency messages >>> *.emerg * >>> # Save news errors of level crit and higher in a special file. >>> uucp,news.crit /var/log/spooler >>> # Save boot messages also to boot.log >>> local7.* /var/log/boot.log >>> >>> >>> # Remote Filter >>> $EscapeControlCharactersOnReceive off >>> >>> # Template Syslog to DB >>> $template syslogitmon,"INSERT INTO logs (host,facility, >>> priority,level,tag,datetime,program,msg) VALUES >>> ('%HOSTNAME%','%syslogfacility-text%','%syslogpriority-text%','%sysl >>> o >>> g >>> severity-text%','%syslogtag%','%timereported:::date-mysql%','%progra >>> m >>> n >>> ame%', '%msg:::space-cc%')", SQL >>> >>> # Config Files /etc/rsyslog.d >>> $IncludeConfig /etc/rsyslog.d/localhost.host $IncludeConfig >>> /etc/rsyslog.d/esx.host #$IncludeConfig /etc/rsyslog.d/nagios.hosts >>> >>> >>> >>> And this can I see in the File /var/log/messages >>> >>> Aug 16 06:12:28 ibkesxief205.xxx Hostd: [2013-08-16 06:12:28.102 7FA40B90 >>> verbose 'Locale'] Default resource used for >>> 'host.SystemIdentificationInfo.IdentifierType.ServiceTag.summary' expected >>> in module 'enum'. >>> Aug 16 06:12:28 ibkesxief205.xxx Hostd: [2013-08-16 06:12:28.389 >>> 7F340B90 verbose 'App'] CloseSession called for session >>> id=527872ba-8111-ccf6-673d-f429af668540 >>> Aug 16 06:12:28 ibkesxief205.xxx Hostd: [2013-08-16 06:12:28.390 >>> 7F340B90 info 'ha-eventmgr'] Event 648916 : User root logged out Aug >>> 16 06:12:29 ibkesxief205.xxx Hostd: [2013-08-16 06:12:29.080 >>> 7FA81B90 verbose >>> 'vm:/vmfs/volumes/4d3ffa3a-f195e291-bc6c-001cc4c2cfa5/ITmonitor-1.2/ >>> I T monitor-1.2.vmx'] Actual VM overhead: 176226304 bytes Aug 16 >>> 06:12:29 ibkesxief205.xxx Hostd: [2013-08-16 06:12:29.082 7FA81B90 >>> verbose >>> 'vm:/vmfs/volumes/fc3704bb-0ce89977/ITmonitor/ITmonitor.vmx'] >>> Actual VM overhead: 199598080 bytes Aug 16 06:12:29 ibkesxief205.xxx >>> Hostd: >>> [2013-08-16 06:12:29.083 7FA81B90 verbose 'Vmsvc'] RefreshVms >>> updated overhead for 2 VMs >>> >>> -------------------------------------------------------------------- >>> - >>> - >>> -------------------------------------------------------------------- >>> - >>> - >>> -------------------------------------------------------------------- >>> - >>> - >>> ---------------------------------------- >>> >>> in the attachment you have a debug.log from a session ... >>> >>> I hope you can help you, >>> >>> thanks and regards, >>> >>> thomas >>> >>> ________________________________ >>> IBYKUS AG f?r Informationstechnologie, Erfurt / HRB 108616 - D-Jena >>> / >>> Vorstand: Helmut C. Henkel, Dr. Lutz Richter Vorsitzender des >>> Aufsichtsrates: Dr. Wolfgang Habel >>> >>> ________________________________ >>> IBYKUS AG f?r Informationstechnologie, Erfurt / HRB 108616 - D-Jena >>> / >>> Vorstand: Helmut C. Henkel, Dr. Lutz Richter Vorsitzender des >>> Aufsichtsrates: Dr. Wolfgang Habel >>> >> >> ________________________________ >> IBYKUS AG f?r Informationstechnologie, Erfurt / HRB 108616 - D-Jena / >> Vorstand: Helmut C. Henkel, Dr. Lutz Richter Vorsitzender des >> Aufsichtsrates: Dr. Wolfgang Habel >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE >> WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites >> beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE >> THAT. >> > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This > is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our > control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. > > ________________________________ > IBYKUS AG f?r Informationstechnologie, Erfurt / HRB 108616 - D-Jena / > Vorstand: Helmut C. Henkel, Dr. Lutz Richter Vorsitzender des > Aufsichtsrates: Dr. Wolfgang Habel > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites > beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. ________________________________ IBYKUS AG für Informationstechnologie, Erfurt / HRB 108616 - D-Jena / Vorstand: Helmut C. Henkel, Dr. Lutz Richter Vorsitzender des Aufsichtsrates: Dr. Wolfgang Habel _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
