On Wed, Feb 26, 2014 at 8:09 PM, David Lang <[email protected]> wrote: > On Wed, 26 Feb 2014, Bruce Pennypacker wrote: > > On Wed, Feb 26, 2014 at 3:07 PM, David Lang <[email protected]> wrote: >> >> >>> If you use the new action() format, then the parameters very clearly only >>> affect that action (but you do have to specify all parameters for each >>> action) >>> >>> >>> Thanks. I've been trying to wrap my head around the new action format >> but >> without a whole lot of luck. I find the documentation extremely lacking >> as >> far as the new format goes. Are there any good examples that might show >> how to go about doing this sort of thing as an action? I can't seem to >> even find in the documentation how to specify something >> like $ActionSendStreamDriverAuthMode in an action. >> > > take a look at: > > http://www.rsyslog.com/doc/omrelp.html > > start with something like: > > action(type="omrelp" target="centralserv" port="2514") > > tls.authMode="mode" > > does this help? > > Not really. I need to use omfwd and not omrelp because of where we're sending these logs. If I have my /etc/rsyslog.conf cut down to just this then everything works fine:
$ModLoad imuxsock.so $ModLoad imklog.so $DefaultNetstreamDriver gtls $ActionSendStreamDriverAuthMode anon $ActionSendStreamDriverMode 1 $DefaultNetstreamDriverCAFile /etc/pki/rsyslog/ca.pem $DefaultNetstreamDriverCertFile /etc/pki/rsyslog/local-cert.pem $DefaultNetstreamDriverKeyFile /etc/pki/rsyslog/local-key.pem *.* @@10.50.59.241:6514 When I use the above configuration netstat shows the server establishing a connection to 10.50.59.241:6514 and the destination server gets the messages. From what I've been able to figure out I should be able to do something like this using the new syntax: $ModLoad imuxsock.so $ModLoad imklog.so $DefaultNetstreamDriverCAFile /etc/pki/rsyslog/ca.pem $DefaultNetstreamDriverCertFile /etc/pki/rsyslog/local-cert.pem $DefaultNetstreamDriverKeyFile /etc/pki/rsyslog/local-key.pem *.* action (type="omfwd" protocol="tcp" Target="10.50.59.241" Port="6514" StreamDriverMode="1" StreamDriver="gtls" StreamDriverAuthMode="anon") When I launch rsyslog with this configuration it starts up fine but I netstat never even sees a connection attempt to 10.50.59.241. So what am I missing? -Bruce _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
