Hi New to rsyslog, and trying to replace syslog-ng. This is swVersion="3.22.1" on centos 5.4
So I'm trying to move off UDP to TCP. Based my config on: http://www.rsyslog.com/storing-and-forwarding-remote-messages/ But I'm getting more problems than expected, the main one is this: 2014-09-02T09:34:38.251444+01:00 accentor2 rsyslogd: [origin software="rsyslogd" swVersion="3.22.1" x-pid="25625" x-info=" http://www.rsyslog.com";] (re)start 2014-09-02T09:34:38.250067+01:00 accentor2 rsyslogd-3003: invalid or yet-unknown config file command - have you forgotten to load a module? [try http://www.rsyslog.com/e/3003 ] 2014-09-02T09:34:38.250190+01:00 accentor2 rsyslogd: the last error occured in /etc/rsyslog.conf, line 50 2014-09-02T09:34:38.250208+01:00 accentor2 rsyslogd-3003: invalid or yet-unknown config file command - have you forgotten to load a module? [try http://www.rsyslog.com/e/3003 ] 2014-09-02T09:34:38.250219+01:00 accentor2 rsyslogd: the last error occured in /etc/rsyslog.conf, line 54 2014-09-02T09:34:38.250233+01:00 accentor2 rsyslogd-3003: invalid or yet-unknown config file command - have you forgotten to load a module? [try http://www.rsyslog.com/e/3003 ] 2014-09-02T09:34:38.250238+01:00 accentor2 rsyslogd: the last error occured in /etc/rsyslog.conf, line 58 2014-09-02T09:34:38.250667+01:00 accentor2 rsyslogd-3003: invalid or yet-unknown config file command - have you forgotten to load a module? [try http://www.rsyslog.com/e/3003 ] 2014-09-02T09:34:38.250675+01:00 accentor2 rsyslogd: the last error occured in /etc/rsyslog.conf, line 61 2014-09-02T09:34:38.250682+01:00 accentor2 rsyslogd-3003: invalid or yet-unknown config file command - have you forgotten to load a module? [try http://www.rsyslog.com/e/3003 ] 2014-09-02T09:34:38.250692+01:00 accentor2 rsyslogd: the last error occured in /etc/rsyslog.conf, line 64 2014-09-02T09:34:38.250826+01:00 accentor2 rsyslogd-2123: CONFIG ERROR: could not interpret master config file '/etc/rsyslog.conf'. [try http://www.rsyslog.com/e/2123 ] The offending lines for your convenience are: 50 $RuleSet remoteTCP 54 $RuleSet remoteUDP 58 $InputTCPServerBindRuleset remoteTCP 61 $TCPServerRun 601 64 $InputUDPServerBindRuleset remoteUDP The whole config file looks like this: # Use traditional timestamp format #$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # Provides kernel logging support (previously done by rklogd) $ModLoad imklog # Provides support for local system logging (e.g. via logger command) $ModLoad imuxsock # Provides TCP syslog reception $ModLoad imtcp # Provides UDP syslog reception $ModLoad imudp # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console kern.* /var/log/kernel_msg.log # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none /var/log/rmessages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* -/var/log/maillog # Log cron stuff cron.* /var/log/cron # Everybody gets emergency messages *.emerg * # Save news errors of level crit and higher in a special file. uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log ##### receive and store syslog messages # template $template Remotetcp,"/var/log/messages/%$YEAR%/%$MONTH%/%$YEAR%%$MONTH%%$DAY%.tcp.log" $template Remoteudp,"/var/log/messages/%$YEAR%/%$MONTH%/%$YEAR%%$MONTH%%$DAY%.udp.log" # Remote Logging $RuleSet remoteTCP *.* ?Remotetcp # Remote Logging $RuleSet remoteUDP *.* ?Remoteudp # bind ruleset to tcp listener $InputTCPServerBindRuleset remoteTCP # and activate it: $InputTCPServerRun 601 $TCPServerRun 601 # bind ruleset to udp listener $InputUDPServerBindRuleset remoteUDP # and activate it: $InputTCPServerRun 514 $UDPServerRun 514 I am invoking rsyslogd with -c3 If anyone is wondering why 2 listeners, I need to listen on to UDP until I install rsyslog into a couple of client boxes and send the logs over TCP. Then UDP will be hopefully gone. Any help appreciated. -- =============== Gnothi Seauton _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
