On Tue, 2015-02-03 at 11:51 -0800, David Lang wrote: > On Tue, 3 Feb 2015, Brendan Kearney wrote: > > > Date: Tue, 03 Feb 2015 14:46:11 -0500 > > From: Brendan Kearney <[email protected]> > > Reply-To: rsyslog-users <[email protected]> > > To: rsyslog-users <[email protected]> > > Subject: Re: [rsyslog] rsyslog, journald and phplogcon > > > > On Tue, 2015-02-03 at 11:32 -0800, David Lang wrote: > >> On Tue, 3 Feb 2015, Michael Biebl wrote: > >> > >>> 2015-02-03 20:12 GMT+01:00 David Lang <[email protected]>: > >>>> the module load for imjournal line polls the journal, asking for all logs > >>>> since the last time it asked for logs. This is rather inefficient, but if > >>>> you need the extra journald metadata, you need to do this since the > >>>> journal > >>>> won't send it otherwise. > >>>> > >>>> The alturnative to this is to have journald send the logs to rsyslog (for > >>>> this, lookup the journald documentation where they say that they don't > >>>> break > >>>> syslog because they support delivering logs to syslog) > >>> > >>> It's only an alternative, if you don't need the additional metadata. > >>> In this mode, journald will forward the messages to > >>> /run/systemd/journal/syslog, and syslog will read from this socket > >>> instead of /dev/log. > >>> Those forwarded messages do not have any additional metadata. > >> > >> ok, then to read this (assuming that your version of journald is > >> outputting it) > >> should be: > >> > >> input(type="imuxsock" socket="/run/systemd/journal/syslog") > >> > >> David Lang > >> _______________________________________________ > >> rsyslog mailing list > >> http://lists.adiscon.net/mailman/listinfo/rsyslog > >> http://www.rsyslog.com/professional-services/ > >> What's up with rsyslog? Follow https://twitter.com/rgerhards > >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > >> DON'T LIKE THAT. > > > > using the below, i get nothing in my database... > > > > $ModLoad imuxsock > > $ModLoad imjournal > > $ModLoad imklog > > > > # IMuxSock options > > input(type="imuxsock" socket="/run/systemd/journal/syslog") > > > > # IMJournal options > > $IMJournalPersistStateInterval 100 > > $IMJournalStateFile /var/spool/rsyslog/imjournal.state > > you can't mix legacy and new config syntaxes. If you are going to use legacy > syntax, you have to set the options before you load the module for them to > take > effect. Since you are running a current version, stick to the new syntax as > it > makes it much clearer what options you are using for the load and input > > you don't do both the socket option and the imjournal, pick one or the other > > > # Provides UDP syslog reception > > $ModLoad imudp > > $UDPServerRun 514 > > > > # Provides TCP syslog reception > > $ModLoad imtcp > > $InputTCPServerRun 514 > > > > # Provides RELP syslog reception > > $ModLoad imrelp > > $InputRELPServerRun 20514 > > > > > > #### GLOBAL DIRECTIVES #### > > > > # Where to place auxiliary files > > $WorkDirectory /var/lib/rsyslog > > > > # Use default timestamp format > > $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat > > > > # Include all config files in /etc/rsyslog.d/ > > $IncludeConfig /etc/rsyslog.d/*.conf > > > > # Turn off message reception via local log socket; > > # local messages are retrieved through imjournal now. > > $OmitLocalLogging on > > $AddUnixListenSocket /run/systemd/journal/syslog > > this is doing the same thing with the legacy format that you did earlier with > the input section. > > > # Provides MySQL connectivity > > $ModLoad ommysql > > # MASSIVE INSERT RATE FOR DB / SCALED DB LOGGING > > $WorkDirectory /var/spool/rsyslog > > $ActionQueueType LinkedList > > $ActionQueueFileName dbq > > $ActionResumeRetryCount -1 > > *.* :ommysql:server1.bpk2.com,Syslog,username,password > > any time you have stuff that's not getting logged to a database the way you > expect, first see that you have the data and can log it to a local file. Then > write to a local file using the template that you would use for the database > and > look to see if the database is logging any errors. > > David Lang > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT.
i am getting this in /var/log/messages: Feb 3 15:53:08 server1 rsyslogd: db error (1062): Duplicate entry 'server1' for key 'FromHost' is a unique value constraint being enforced or something? of course that field will be duplicated... _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
