Hi All
I am having an issue with Rsyslog and it driving my up the wall.
I have a few hosts that don't send logging that is correctly formatted ( it
changes depending on the error they generate , sigh )
I have the following config
/etc/rsyslog.conf:
$MaxMessageSize 32k
$ModLoad imuxsock.so # provides support for local system logging (e.g. via
logger command)
$ModLoad imjournal # provides access to the systemd journal
$WorkDirectory /var/lib/rsyslog
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$OmitLocalLogging on
$IMJournalStateFile imjournal.state
$IncludeConfig /etc/rsyslog.d/*.conf
/etc/rsyslog.d/1-rules.conf:
$ModLoad imtcp
$ModLoad imudp
if $fromhost-ip == 'XXXXXX' then {
action(type="omfile" file="/var/log/host1/test.log")
}
/etc/rsyslog.d/98-rules.conf:
$ModLoad imtcp
$ModLoad imudp
# Server logs
$template Server,"/user_data3//syslog/server/%HOSTNAME%/%$NOW%-syslog.log"
$RuleSet server
*.* ?Server
$InputTCPServerBindRuleset server
$InputUDPServerBindRuleset server
$UDPServerRun 514
$InputTCPServerRun 5514
On my test host i send the following
echo -n " test12434 sdcsd sdcvdscds sdfds " | nc -4u -w1 syslogserver
514
but no mater what i do the messages alawys go to
/user_data3//syslog/server/%HOSTNAME%/%$NOW%-syslog.log", seems like it is
hitting 98-rules.conf
any suggestions
Thanks
--
Adam Barnett
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
