It has nothing to do with vmware
you are currently doing
:ommysql:127.0.0.1,syslog,syslogadmin,init1234;syslogitmon
you could have a password wrong, the format could be wrong for the database
schema that you have, or there could be something else.
I asked early on if you had other logs getting into the database, and you said
that you did, which is why I then started down the road of checking the filter
conditions.
But now that we know the filter conditions work, we need to go back to the
database portion.
What is the difference between logs that are getting into the database and logs
that are not?
try changing the output to testmessages to the same format that you are using
for the database insert
& /var/log/testmessages;syslogitmon
then try accessing the mysql database with the userid and password that you have
in the config file, and executing the commands that show up in the testmessges
file (cut-n-past them into your command line). Does this generate an error?
do you have any other errors from the database?
David Lang
On Mon, 9 Sep 2013, Walther, Thomas wrote:
Hi,
put which parameters are correctly for vmware and db??
Thomas
-----Urspr?ngliche Nachricht-----
Von: [email protected]
[mailto:[email protected]] Im Auftrag von David Lang
Gesendet: Samstag, 7. September 2013 09:21
An: rsyslog-users
Betreff: Re: [rsyslog] WG: problem with rsyslog and vmware
it probably has nothing to do with vmware, just some error in your parameters to
put the logs into the database.
David Lang
On Sat, 7 Sep 2013, Walther, Thomas wrote:
Date: Sat, 7 Sep 2013 06:28:46 +0000
From: "Walther, Thomas" <[email protected]>
Reply-To: rsyslog-users <[email protected]>
To: rsyslog-users <[email protected]>
Subject: Re: [rsyslog] WG: problem with rsyslog and vmware
hi,
what is the problem with db and vmware .. ??? ...
thanks for help
thomas
Durch MOTOBLUR? verbunden
-----Urspr?ngliche Nachricht-----
Von: David Lang <[email protected]>
An: rsyslog-users <[email protected]>
Gesendet: Donnerstag, 05. September 2013 21:33:40 GMT+00:00
Betreff: Re: [rsyslog] WG: problem with rsyslog and vmware
the & needs to be on a separate line.
If you still do not get any messages in testmessages, then try removing all the
database stuff and just output to testmessages instead. If this doesn't work
then the problme is your filter.
since you are using 5.8, the if..then will be singificantly slower than the
other format I described.
David Lang
On Thu, 5 Sep 2013, Walther, Thomas wrote:
Hi David,
This is my rsyslog version:
rsyslogd -version
rsyslogd 5.8.10, compiled with:
FEATURE_REGEXP: Yes
FEATURE_LARGEFILE: No
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
Runtime Instrumentation (slow code): No
I edit my esx.host with this:
if $hostname contains 'ibkesxief205' then
:ommysql:127.0.0.1,syslog,syslogadmin,init1234;syslogitmon &
/var/log/testmessages
when I enabled on esx syslog ... I don't see any log records in testmessages
but I can see in /var/log/messages the esx records
this is my rsyslog.conf
#geladene Modules
$ModLoad imuxsock
$ModLoad imklog
$ModLoad ommysql
$ModLoad imudp.so
#UDP syslog Empfaenger
$UDPServerRun 514
$AllowedSender UDP, 127.0.0.1, 192.168.160.205
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Lokale Filter
*.* /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
# Remote Filter
$EscapeControlCharactersOnReceive off
# Template Syslog to DB
$template syslogitmon,"INSERT INTO logs (host,facility,
priority,level,tag,datetime,program,msg) VALUES
('%HOSTNAME%','%syslogfacility-text%','%syslogpriority-text%','%syslogseverity-text%','%syslogtag%','%timereported:::date-mysql%','%programname%',
'%msg:::space-cc%')", SQL
# Config Files /etc/rsyslog.d
$IncludeConfig /etc/rsyslog.d/localhost.host
$IncludeConfig /etc/rsyslog.d/esx.host
thomas
-----Urspr?ngliche Nachricht-----
Von: [email protected]
[mailto:[email protected]] Im Auftrag von David Lang
Gesendet: Donnerstag, 5. September 2013 16:29
An: rsyslog-users
Betreff: Re: [rsyslog] WG: problem with rsyslog and vmware
Ok, that should mean that the problem is in the filter, not the database
connection. to confirm this, please add a line to esx.cfg right after the
filter you have that does something like
& /var/log/testmessages
this will use the same filter and write the messages out to a file.
If the problem is in the filter, nothing will show up here either
what version of rsyslog are you using? if it's prior to 7.x, the if..then
filter format is much slower than other filters, so you may want to try
:hostname, startswith, 'ibkesxief205' /var/log/testmessages
(startswith is going to be faster than contains)
David Lang
On Thu, 5 Sep 2013, Walther, Thomas wrote:
Hi,
no this is a copy and paste failure :-) ... the config file is esx.cfg ... when
i start up i don't have any errors and other remote server (firewall, windows
server, printer, switches) log to d band localhost also ...
&g
________________________________
IBYKUS AG f?r Informationstechnologie, Erfurt / HRB 108616 - D-Jena / Vorstand:
Helmut C. Henkel, Dr. Lutz Richter
Vorsitzender des Aufsichtsrates: Dr. Wolfgang Habel
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
________________________________
IBYKUS AG f?r Informationstechnologie, Erfurt / HRB 108616 - D-Jena / Vorstand:
Helmut C. Henkel, Dr. Lutz Richter
Vorsitzender des Aufsichtsrates: Dr. Wolfgang Habel
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
