Thanks for the answer. Yes I know it's quite old, but it's the stock version on centos. Was trying to avoid to install stuff not on the repos. I had a suspicion that the guide I was following would not work on my version of centos... :/
Will definitely explore this. Thanks. On 2 September 2014 10:14, David Lang <[email protected]> wrote: > a couple things > > first rsyslog 3.22 is extremely ancient, there are a lot of features that > just didn't exist back then. I think that rulesets were one of them. > > The current version is 8.x > > Second, I think you need to put the lines that bind rulesets above the > lines that listen to the inputs, and way before any processing of data. > > version 8 also supports the newer config syntax that makes complex setups > like yours much easier to figure out. > > David Lang > > On Tue, 2 Sep 2014, Makimoto wrote: > > Date: Tue, 2 Sep 2014 10:08:44 +0100 >> From: Makimoto <[email protected]> >> Reply-To: rsyslog-users <[email protected]> >> To: [email protected] >> Subject: [rsyslog] could not interpret master config file >> >> Hi >> >> New to rsyslog, and trying to replace syslog-ng. >> This is swVersion="3.22.1" on centos 5.4 >> >> So I'm trying to move off UDP to TCP. >> Based my config on: >> >> http://www.rsyslog.com/storing-and-forwarding-remote-messages/ >> >> But I'm getting more problems than expected, the main one is this: >> >> 2014-09-02T09:34:38.251444+01:00 accentor2 rsyslogd: [origin >> software="rsyslogd" swVersion="3.22.1" x-pid="25625" x-info=" >> http://www.rsyslog.com";] (re)start >> 2014-09-02T09:34:38.250067+01:00 accentor2 rsyslogd-3003: invalid or >> yet-unknown config file command - have you forgotten to load a module? >> [try >> http://www.rsyslog.com/e/3003 ] >> 2014-09-02T09:34:38.250190+01:00 accentor2 rsyslogd: the last error >> occured >> in /etc/rsyslog.conf, line 50 >> 2014-09-02T09:34:38.250208+01:00 accentor2 rsyslogd-3003: invalid or >> yet-unknown config file command - have you forgotten to load a module? >> [try >> http://www.rsyslog.com/e/3003 ] >> 2014-09-02T09:34:38.250219+01:00 accentor2 rsyslogd: the last error >> occured >> in /etc/rsyslog.conf, line 54 >> 2014-09-02T09:34:38.250233+01:00 accentor2 rsyslogd-3003: invalid or >> yet-unknown config file command - have you forgotten to load a module? >> [try >> http://www.rsyslog.com/e/3003 ] >> 2014-09-02T09:34:38.250238+01:00 accentor2 rsyslogd: the last error >> occured >> in /etc/rsyslog.conf, line 58 >> 2014-09-02T09:34:38.250667+01:00 accentor2 rsyslogd-3003: invalid or >> yet-unknown config file command - have you forgotten to load a module? >> [try >> http://www.rsyslog.com/e/3003 ] >> 2014-09-02T09:34:38.250675+01:00 accentor2 rsyslogd: the last error >> occured >> in /etc/rsyslog.conf, line 61 >> 2014-09-02T09:34:38.250682+01:00 accentor2 rsyslogd-3003: invalid or >> yet-unknown config file command - have you forgotten to load a module? >> [try >> http://www.rsyslog.com/e/3003 ] >> 2014-09-02T09:34:38.250692+01:00 accentor2 rsyslogd: the last error >> occured >> in /etc/rsyslog.conf, line 64 >> 2014-09-02T09:34:38.250826+01:00 accentor2 rsyslogd-2123: CONFIG ERROR: >> could not interpret master config file '/etc/rsyslog.conf'. [try >> http://www.rsyslog.com/e/2123 ] >> >> The offending lines for your convenience are: >> >> 50 $RuleSet remoteTCP >> 54 $RuleSet remoteUDP >> 58 $InputTCPServerBindRuleset remoteTCP >> 61 $TCPServerRun 601 >> 64 $InputUDPServerBindRuleset remoteUDP >> >> The whole config file looks like this: >> >> # Use traditional timestamp format >> #$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat >> >> # Provides kernel logging support (previously done by rklogd) >> $ModLoad imklog >> >> # Provides support for local system logging (e.g. via logger command) >> $ModLoad imuxsock >> >> # Provides TCP syslog reception >> $ModLoad imtcp >> >> # Provides UDP syslog reception >> $ModLoad imudp >> >> # Log all kernel messages to the console. >> # Logging much else clutters up the screen. >> #kern.* /dev/console >> kern.* >> /var/log/kernel_msg.log >> >> # Log anything (except mail) of level info or higher. >> # Don't log private authentication messages! >> *.info;mail.none;authpriv.none;cron.none >> /var/log/rmessages >> >> # The authpriv file has restricted access. >> authpriv.* /var/log/secure >> >> # Log all the mail messages in one place. >> mail.* -/var/log/maillog >> >> # Log cron stuff >> cron.* /var/log/cron >> >> # Everybody gets emergency messages >> *.emerg * >> >> # Save news errors of level crit and higher in a special file. >> uucp,news.crit /var/log/spooler >> >> # Save boot messages also to boot.log >> local7.* /var/log/boot.log >> >> ##### receive and store syslog messages >> >> # template >> $template >> Remotetcp,"/var/log/messages/%$YEAR%/%$MONTH%/%$YEAR%%$ >> MONTH%%$DAY%.tcp.log" >> $template >> Remoteudp,"/var/log/messages/%$YEAR%/%$MONTH%/%$YEAR%%$ >> MONTH%%$DAY%.udp.log" >> >> # Remote Logging >> $RuleSet remoteTCP >> *.* ?Remotetcp >> >> # Remote Logging >> $RuleSet remoteUDP >> *.* ?Remoteudp >> >> # bind ruleset to tcp listener >> $InputTCPServerBindRuleset remoteTCP >> # and activate it: >> $InputTCPServerRun 601 >> $TCPServerRun 601 >> >> # bind ruleset to udp listener >> $InputUDPServerBindRuleset remoteUDP >> # and activate it: >> $InputTCPServerRun 514 >> $UDPServerRun 514 >> >> >> I am invoking rsyslogd with -c3 >> >> If anyone is wondering why 2 listeners, I need to listen on to UDP until I >> install rsyslog into a couple of client boxes and send the logs over TCP. >> Then UDP will be hopefully gone. >> >> Any help appreciated. >> >> >> >> _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > -- =============== Gnothi Seauton _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
