Re: [rsyslog] range logging

Thu, 27 Feb 2014 21:16:25 -0800 

On Thu, 27 Feb 2014, robert s wrote:


Hello Guys,

First of all, fantastic job on the website, it looks awesome, finding
stuff is easier than ever, the site looks extremely well thought out,
and very clean sleek, so again kudos on all the work being put.

I am running into an issue, and most documentation says it can be done.

I have multiple ranges of devices like switches routers etc, and I
want particular ranges to go to certain locations.

example:

I have an address range

192.168.242.0/24

all of the devices here are routers for a building and I want them to
go to /var/logs/f_buidling2

so I write out

:fromhost-ip startwith, "192.168.242." {
          action (type="omfile"
                  name="buidling2"
                  DirCreateMode="0700"
                  FileCreateMode="0644"
                  File="/var/logs/f_building2"
                  FlushOnTXEnd="on"
                  IOBufferSize="8k"
                          )
                          stop
                          }

I see traffic coming into the interface, but nothing is being logged,
Im curious if my syntax might be off or maybe I need to be using
another property?

if anyone might have run into this issue before, or you see something
that looks wrong please let me know.


nothing looks obviously wrong here, but common troubleshooting steps to take

1. simplify the rsyslog config to make sure it really is getting the logs

just put in the line

/var/log/testlog
before any other filters and see what shows. If this is getting the messages, but you aren't seeing them with the action you define above, then either the log doesn't look like what you expect it to, or you have something wrong in the config.
If the log doesn't show up here, it's time to look earlier, do you get logs from any other remote systems? There are a couple of things that can make the logs visible to tcpdump, but never reach rsyslog. 

A. iptables filters

B. no route to the sender

check this and then we can go into more troubleshooting steps

other things we'll want to double-check

is the input setup properly to receive the logs
do the logs have the content you expect. Log with format RSYSLOG_DebugFormat to see this: 

/var/log/testlog;RSYSLOG_DebugFormat

we'll have to see more of your config to troubleshoot things in more detail.

David Lang


_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Reply via email to