Hi, put which parameters are correctly for vmware and db??
Thomas -----Ursprüngliche Nachricht----- Von: [email protected] [mailto:[email protected]] Im Auftrag von David Lang Gesendet: Samstag, 7. September 2013 09:21 An: rsyslog-users Betreff: Re: [rsyslog] WG: problem with rsyslog and vmware it probably has nothing to do with vmware, just some error in your parameters to put the logs into the database. David Lang On Sat, 7 Sep 2013, Walther, Thomas wrote: > Date: Sat, 7 Sep 2013 06:28:46 +0000 > From: "Walther, Thomas" <[email protected]> > Reply-To: rsyslog-users <[email protected]> > To: rsyslog-users <[email protected]> > Subject: Re: [rsyslog] WG: problem with rsyslog and vmware > > hi, > > what is the problem with db and vmware .. ??? ... > > thanks for help > > thomas > > Durch MOTOBLUR? verbunden > > > -----Urspr?ngliche Nachricht----- > Von: David Lang <[email protected]> > An: rsyslog-users <[email protected]> > Gesendet: Donnerstag, 05. September 2013 21:33:40 GMT+00:00 > Betreff: Re: [rsyslog] WG: problem with rsyslog and vmware > > the & needs to be on a separate line. > > If you still do not get any messages in testmessages, then try removing all > the > database stuff and just output to testmessages instead. If this doesn't work > then the problme is your filter. > > since you are using 5.8, the if..then will be singificantly slower than the > other format I described. > > David Lang > > On Thu, 5 Sep 2013, Walther, Thomas wrote: > >> Hi David, >> >> This is my rsyslog version: >> >> rsyslogd -version >> rsyslogd 5.8.10, compiled with: >> FEATURE_REGEXP: Yes >> FEATURE_LARGEFILE: No >> GSSAPI Kerberos 5 support: Yes >> FEATURE_DEBUG (debug build, slow code): No >> 32bit Atomic operations supported: Yes >> 64bit Atomic operations supported: Yes >> Runtime Instrumentation (slow code): No >> >> I edit my esx.host with this: >> >> if $hostname contains 'ibkesxief205' then >> :ommysql:127.0.0.1,syslog,syslogadmin,init1234;syslogitmon & >> /var/log/testmessages >> >> when I enabled on esx syslog ... I don't see any log records in testmessages >> but I can see in /var/log/messages the esx records >> >> this is my rsyslog.conf >> >> #geladene Modules >> $ModLoad imuxsock >> $ModLoad imklog >> $ModLoad ommysql >> $ModLoad imudp.so >> >> #UDP syslog Empfaenger >> $UDPServerRun 514 >> $AllowedSender UDP, 127.0.0.1, 192.168.160.205 >> >> # Use default timestamp format >> $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat >> >> # Lokale Filter >> *.* /var/log/messages >> # The authpriv file has restricted access. >> authpriv.* /var/log/secure >> # Log all the mail messages in one place. >> mail.* -/var/log/maillog >> # Log cron stuff >> cron.* /var/log/cron >> # Everybody gets emergency messages >> *.emerg * >> # Save news errors of level crit and higher in a special file. >> uucp,news.crit /var/log/spooler >> # Save boot messages also to boot.log >> local7.* /var/log/boot.log >> >> >> # Remote Filter >> $EscapeControlCharactersOnReceive off >> >> # Template Syslog to DB >> $template syslogitmon,"INSERT INTO logs (host,facility, >> priority,level,tag,datetime,program,msg) VALUES >> ('%HOSTNAME%','%syslogfacility-text%','%syslogpriority-text%','%syslogseverity-text%','%syslogtag%','%timereported:::date-mysql%','%programname%', >> '%msg:::space-cc%')", SQL >> >> # Config Files /etc/rsyslog.d >> $IncludeConfig /etc/rsyslog.d/localhost.host >> $IncludeConfig /etc/rsyslog.d/esx.host >> >> thomas >> >> -----Urspr?ngliche Nachricht----- >> Von: [email protected] >> [mailto:[email protected]] Im Auftrag von David Lang >> Gesendet: Donnerstag, 5. September 2013 16:29 >> An: rsyslog-users >> Betreff: Re: [rsyslog] WG: problem with rsyslog and vmware >> >> Ok, that should mean that the problem is in the filter, not the database >> connection. to confirm this, please add a line to esx.cfg right after the >> filter you have that does something like >> >> & /var/log/testmessages >> >> this will use the same filter and write the messages out to a file. >> >> If the problem is in the filter, nothing will show up here either >> >> what version of rsyslog are you using? if it's prior to 7.x, the if..then >> filter format is much slower than other filters, so you may want to try >> >> :hostname, startswith, 'ibkesxief205' /var/log/testmessages >> >> (startswith is going to be faster than contains) >> >> David Lang >> >> On Thu, 5 Sep 2013, Walther, Thomas wrote: >> >>> Hi, >>> >>> no this is a copy and paste failure :-) ... the config file is esx.cfg ... >>> when i start up i don't have any errors and other remote server (firewall, >>> windows server, printer, switches) log to d band localhost also ... >>> > &g > > ________________________________ > IBYKUS AG f?r Informationstechnologie, Erfurt / HRB 108616 - D-Jena / > Vorstand: Helmut C. Henkel, Dr. Lutz Richter > Vorsitzender des Aufsichtsrates: Dr. Wolfgang Habel > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. ________________________________ IBYKUS AG für Informationstechnologie, Erfurt / HRB 108616 - D-Jena / Vorstand: Helmut C. Henkel, Dr. Lutz Richter Vorsitzender des Aufsichtsrates: Dr. Wolfgang Habel _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
