Re: [rsyslog] explications about this message: error -2033 deserializing property name

Tue, 08 Apr 2014 10:55:41 -0700

Given that you are compiling this yourself, can you move to the current community supported version (8.2)?
5.10 is quite old. If it was a simple config thing, we try to help, but with deeper issues, the community only has limited manpower, so we try to concentrate it on the current version. Adiscon does offer paid support that covers old versions like this. 


Given the magnatude of the changes since 5.10, there's a very good chance that 
whatever is causing this bug has been fixed, or will at least give you a better 
error message.



you can also try starting rsyslog with -dn to see if the debugging output gives 
you better info on what it doesn't like in the config.


David Lang

On Tue, 8 Apr 2014, gaelor couilleaux wrote:


I can't extract log message because there is sensible informations.

But this is our rsyslog configuration:

We use rsyslog 5.10 (compiled on redhat 5.9 x86_64), with module omrelp, 
omoracle, impstats, gnutls

The
rsyslog 5.10 installation on redhat 5.9:



[root@toto libestr-0.1.9]# CC="gcc
${BUILD64}" ./configure --prefix=/usr --libdir=/usr/lib64

[root@toto libestr-0.1.9]# make &&
make install



[root@toto libee-0.4.1]# CC="gcc
${BUILD64}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH64}" ./configure
--prefix=/usr --libdir=/usr/lib64

[root@toto libee-0.4.1]# make && make
install



[root@toto liblogging-1.0.3]# CC="gcc
${BUILD64}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH64}" ./configure
--prefix=/usr --libdir=/usr/lib64 --disable-journal

[root@toto liblogging-1.0.3]# make &&
make install



[root@toto json-c]# CC="gcc
${BUILD64}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH64}" ./configure
--prefix=/usr --libdir=/usr/lib64

[root@toto json-c]# make && make
install



[root@toto gmp-6.0.0]# CC="gcc
${BUILD64}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH64}" ./configure

[root@toto gmp-6.0.0]# make && make
install



[root@toto nettle-2.7]# CC="gcc
${BUILD64}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH64}" ./configure
--enable-shared --prefix=/usr --libdir=/usr/lib64

[root@toto nettle-2.7]# make install



[root@toto gnutls-3.2.9]# CC="gcc
${BUILD64}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH64}" ./configure
--prefix=/usr --libdir=/usr/lib64

[root@toto gnutls-3.2.9]# make && make
install



[root@toto librelp-1.2.3]# CC="gcc
${BUILD64}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH64}" ./configure
--prefix=/usr --libdir=/usr/lib64

[root@toto librelp-1.2.3]# make &&
make install



[root@toto rsyslog-5.10.0]# CC="gcc
${BUILD64}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH64}" ./configure
--prefix=/usr --libdir=/usr/lib64 --enable-gnutls --enable-relp --enable-oracle
--enable-impstats --enable-cached-man-pages

[root@toto rsyslog-5.10.0]# make &&
make install

-rsyslog.conf:

#module(load="imuxsock") # provides support for local system logging (e.g. via 
logger command)
$ModLoad imuxsock
#module(load="imklog")   # provides kernel logging support (previously done by 
rklogd)
$ModLoad imklog
##module(load"immark")  # provides --MARK-- message capability

# Provides UDP syslog reception
# for parameters see http://www.rsyslog.com/doc/imudp.html
#module(load="imudp") # needs to be done just once
#input(type="imudp" port="514")

# Provides TCP syslog reception
# for parameters see http://www.rsyslog.com/doc/imtcp.html
#module(load="imtcp") # needs to be done just once
#input(type="imtcp" port="514")

$ModLoad imtcp
$InputTCPServerRun 514
$InputTCPFlowControl off

#### GLOBAL DIRECTIVES ####

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$MaxMessageSize 1024k
$EscapeControlCharactersOnReceive off
$WorkDirectory /var/spool/rsyslog
$umask 0000
$DirGroup \dct_apl_syslog_admin
$FileGroup \dct_apl_syslog_admin
$DirCreateMode 0550
$FileCreateMode 0640
#$MaxOpenFiles 2048

# File syncing capability is disabled by default. This feature is usually not 
required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf

-templates.conf:

##################
#### TEMPLATES ###
##################

$MainMsgQueueFileName MainQueue
$MainMsgQueueType FixedArray
$MainMsgQueueType LinkedList
#$MainMsgQueueType Disk
$MainMsgQueueSize 2000000
$MainMsgQueueWorkerThreads 8
$MainMsgQueueSaveOnShutdown on
$MainMsgQueueMaxDiskSpace 7g   # 7gb space limit (use as much as possible)
$MainMsgQueueDequeueSlowdown 50 # timeout in µs (1000 means --> max 1000 messages 
per second) [default 0 -> no delay]

$template DYNmessages,"/syslog/%FROMHOST%/%$YEAR%.%$MONTH%/messages"
$template DYNsecure,"/syslog/%FROMHOST%/%$YEAR%.%$MONTH%/secure"
$template DYNerror,"/syslog/%FROMHOST%/%$YEAR%.%$MONTH%/error"
$template DYNmaillog,"/syslog/%FROMHOST%/%$YEAR%.%$MONTH%/maillog"
$template DYNcron,"/syslog/%FROMHOST%/%$YEAR%.%$MONTH%/cron"
$template DYNspooler,"/syslog/%FROMHOST%/%$YEAR%.%$MONTH%/spooler"
$template DYNboot,"/syslog/%FROMHOST%/%$YEAR%.%$MONTH%/boot.log"
$template DYNoracle,"/syslog/%FROMHOST%/%$YEAR%.%$MONTH%/oracle.log"
$template DYNaudit,"/syslog/%FROMHOST%/%$YEAR%.%$MONTH%/audit.log"
#$template DYNmmog_error,"/syslog/%FROMHOST%/%$YEAR%.%$MONTH%/mmog_error.log"
#$template DYNmmog_debug,"/syslog/%FROMHOST%/%$YEAR%.%$MONTH%/mmog_debug.log"
#$template DYNmmog_info,"/syslog/%FROMHOST%/%$YEAR%.%$MONTH%/mmog_info.log"
#$template DYNmmog_access,"/syslog/%FROMHOST%/%$YEAR%.%$MONTH%/mmog_access.log"

#$RuleSet dctcentral
if $programname == 'audispd' then ?DYNaudit

local6.warning                                  ?DYNoracle
#Old rule before oracle migration
#if $programname == 'Oracle' then ?DYNoracle

#MMOG syslog
#if $programname == 'httpd' and $syslogfacility-text == 'local5' then 
?DYNmmog_error
#if $programname == 'httpd' and $syslogfacility-text == 'local5.debug' then 
?DYNmmog_debug
#if $programname == 'httpd' and $syslogfacility-text == 'local5.info' then 
?DYNmmog_info
#if $programname == 'httpd' and $syslogfacility-text == 'local4' then 
?DYNmmog_access

& ~

#Exclude syslog message from Oracle, audispd, httpd
:syslogtag, contains, "Oracle" ~
:syslogtag, contains, "audispd" ~
#:syslogtag, contains, "httpd" ~

kern.*,*.emerg;*.alert;*.crit;*.err;*.warning;*.notice;*.info;mail.none;authpriv.none;cron.none
        ?DYNmessages
*.err                                           ?DYNerror
authpriv.*                                      ?DYNsecure
mail.*                                          -?DYNmaillog
cron.*                                          ?DYNcron
uucp,news.crit                                  ?DYNspooler
local7.*                                        ?DYNboot

-oracle.conf

$ModLoad omoracle

#$ActionQueueType Disk
$ActionQueueType FixedArray
$ActionQueueType LinkedList
$ActionQueueWorkerThreads 4
$ActionQueueSize 1000000
$ActionQueueFileName fwdRuleORACLE    # set file name, also enables disk mode
$ActionQueueMaxDiskSpace 4g   # 7gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionResumeRetryCount -1    # infinite retries if host is down
$ActionQueueDequeueSlowdown 50 # timeout in µs (5000 means --> max 200 messages 
per second)[[default0 -> no delay]

$OmoracleDBUser syslog
$OmoracleDBPassword syslog
$OmoracleDB rsyslog.gemalto.com
$OmoracleBatchSize 100
$OmoracleBatchItemSize 64000
$OmoracleStatementTemplate OmoracleStatement

$template OmoracleStatement, "insert into SystemEvents 
(Message,FromHost,SysLogTag,Facility,Priority,ReceivedAt,DeviceReportedTime) values 
(:msg,:hostname,:syslogtag,:syslogfacility,:syslogpriority,to_date(:timegenerated, 'MON 
DD HH24:MI:SS'),to_date(:timereported, 'MON DD HH24:MI:SS'))"

$template 
DCTTEMPLATESQL,"%msg:::space-cc%%hostname:::lowercase%%syslogtag%%syslogfacility%%syslogpriority%%timegenerated%%timereported%"

:fromhost,!contains, "gemalto.com" ~

#Inject all syslog messages in database
#*.*                     :omoracle:;DCTTEMPLATESQL

if $programname == 'audispd' then                                
:omoracle:;DCTTEMPLATESQL
if $programname == 'Oracle' then                                
:omoracle:;DCTTEMPLATESQL
if $programname == 'MSWinEventLog' then                                
:omoracle:;DCTTEMPLATESQL
#if $programname == 'httpd' and $syslogfacility-text == 'local4' then         
:omoracle:;DCTTEMPLATESQL
#if $programname == 'httpd' and $syslogfacility-text == 'local5' then         
:omoracle:;DCTTEMPLATESQL

-relp.conf:

#####################
#### RELP Client ####
#####################
$ModLoad omrelp # Provide RELP syslog emission
$ActionQueueType FixedArray # use asynchronous processing
$ActionQueueFileName fwdRuleRELP # set file name, also enables disk mode
$ActionQueueMaxDiskSpace 3g
$ActionResumeRetryCount 2 # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down

authpriv.*;user.info;auth.* :omrelp:
kern.debug;daemon.notice;mail.crit;*.err :omrelp:
mail.* :omrelp:
## send Windows/Auditd logs to central log server
user.* :omrelp:


THX in Advanced


Date: Mon, 7 Apr 2014 20:10:31 +0200
From: [email protected]
To: [email protected]
Subject: Re: [rsyslog] explications about this message: error -2033 
deserializing property name

I think this can happen due to corrupt disk queue.

Sent from phone, thus brief.
Am 07.04.2014 19:05 schrieb "David Lang" <[email protected]>:


we would need to see your config and possibly the data, but it sounds like
you probably have a typo in your config

David Lang

On Mon, 7 Apr 2014, gaelor couilleaux wrote:

 Date: Mon, 7 Apr 2014 11:46:01 +0200

From: gaelor couilleaux <[email protected]>
Reply-To: rsyslog-users <[email protected]>
To: "[email protected]" <[email protected]>
Subject: [rsyslog] explications about this message: error -2033
deserializing
    property name

Does anybody can give a good traduction of this error ?

How to solve it ?

THX in Advanced

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.

 _______________________________________________

rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.


_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.


_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.





















					Reply via email to