Hi I am struggling a bit to get rsyslog to work as described. <rant> Firstly the documentation is a struggle. There is some reference to old and new style configuration but no clear differentiation between the two. What makes it more confusing is that documents like http://www.rsyslog.com/doc/queues.html then refers to what looks like the old style of config and none of the examples contains new syntax examples.
There was also an expectation that the new rsyslog package would install a new style config but that turned out to be not the case. I deleted the config file and did a yum reinstall just to be sure. </rant> OS: CentOS 7 RSyslog: rsyslog-8.11.0-1.el7.x86_64 rsyslog-relp-8.11.0-1.el7.x86_64 rsyslog-gnutls-8.11.0-1.el7.x86_64 So basically what I am trying to achieve is the following: - Log remotely to a rsyslog server - Turn off the remote server ( via firewall ) - Have logs be cached locally and saved to disk - Restart client server - Turn remote server back on - See cached logs appear in the remote server It does not work... - So more specifically, if I turn the firewall off, log a few messages and turn it back on then the caching works and I get the messages. - If however I restart the client server, the logs never make it to the remote sever, I can see the logs in the cached file but it does not get send to the remote server. My config on the client: #### MODULES #### module(load="imuxsock") # provides support for local system logging (e.g. via logger command) module(load="imklog") # provides kernel logging support (previously done by rklogd) #### GLOBAL DIRECTIVES #### $IncludeConfig /etc/rsyslog.d/*.conf #### RULES #### *.info;mail.none;authpriv.none;cron.none /var/log/messages authpriv.* /var/log/secure mail.* /var/log/maillog cron.* /var/log/cron *.emerg :omusrmsg:* uucp,news.crit /var/log/spooler local7.* /var/log/boot.log # ### begin forwarding rule ### $WorkDirectory /var/lib/rsyslog # where to place spool files $MainMsgQueueFileName LocalCaching # unique name prefix for spool files $MainMsgQueueSaveOnShutdown on # save messages to disk on shutdown # $MainMsgQueueType LinkedList $MainMsgQueueType Disk $MainMsgResumeRetryCount -1 # infinite retries if host is down *.* @@192.168.8.253:514 # ### end of the forwarding rule ### My config on the remote server: module(load="imuxsock") # provides support for local system logging (e.g. via logger command) module(load="imklog") # provides kernel logging support (previously done by rklogd) module(load="imtcp") # needs to be done just once input(type="imtcp" port="514") $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $IncludeConfig /etc/rsyslog.d/*.conf *.info;mail.none;authpriv.none;cron.none /var/log/messages authpriv.* /var/log/secure mail.* /var/log/maillog cron.* /var/log/cron *.emerg :omusrmsg:* uucp,news.crit /var/log/spooler local7.* Any pointers would be appreciated. I am hoping I am missing something obvious or misunderstanding what I am suppose to be doing. Regards -- Gerhardus Geldenhuis _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
