On Tue, Nov 20, 2018 at 9:53 AM Jacob Steinberger via rsyslog <
[email protected]> wrote:
> Try this in your config:
>
> $template tpltext, "insert into SystemEvents (Message, Facility, FromHost,
> Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values
> ('%msg%', %syslogfacility%, '%HOSTNAME%',
> %syslogpriority%,'%timereported:::date-mysql%',
> '%timegenerated:::date-mysql%', %iut%,
> '%syslogtag%')"
> module(load="builtin:omfile" file="/var/log/rsyslog-debug.log"
> template="tpltext")
>
What am I missing now?
I added the suggested two lines, restarted, and now these status errors:
# /bin/systemctl status -l rsyslog.service
* rsyslog.service - System Logging Service
Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor
preset: enabled)
Active: active (running) since Tue 2018-11-20 10:16:42 CST; 3s ago
Docs: man:rsyslogd(8)
http://www.rsyslog.com/doc/
Main PID: 20954 (rsyslogd)
CGroup: /system.slice/rsyslog.service
`-20954 /usr/sbin/rsyslogd -n
Nov 20 10:16:42 hermes.provell.com systemd[1]: Starting System Logging
Service...
Nov 20 10:16:42 hermes.provell.com rsyslogd[20954]: parameters for built-in
module builtin:omfile already set - ignored [v8.39.0 try
http://www.rsyslog.com/e/2220 ]
Nov 20 10:16:42 hermes.provell.com systemd[1]: Started System Logging
Service.
Nov 20 10:16:42 hermes.provell.com rsyslogd[20954]: error during parsing
file /etc/rsyslog.conf, on or before line 139: parameter 'template' not
known -- typo in config file? [v8.39.0 try http://www.rsyslog.com/e/2207 ]
Nov 20 10:16:42 hermes.provell.com rsyslogd[20954]: error during parsing
file /etc/rsyslog.conf, on or before line 139: parameter 'file' not known
-- typo in config file? [v8.39.0 try http://www.rsyslog.com/e/2207 ]
Nov 20 10:16:42 hermes.provell.com rsyslogd[20954]: [origin
software="rsyslogd" swVersion="8.39.0" x-pid="20954" x-info="
http://www.rsyslog.com";] start
For the record, without any comments or empty lines, /etc/rsyslog.conf:
29:module(load="imjournal" StateFile="imjournal.state")
32:module(load="imklog")
35:module(load="immark")
38:module(load="impstats" interval="600" severity="7")
40:syslog.=debug /var/log/rsyslog-stats
49:module(load="imtcp")
50:input(type="imtcp" port="514")
55:module(load="imudp")
56:input(type="imudp" port="514")
59:module(load="ommysql.so")
74:global(workDirectory="/var/lib/rsyslog")
78:module(load="builtin:omfile" template="RSYSLOG_TraditionalFileFormat")
102:authpriv.none;cron.none;*.info;mail.none /var/log/messages
105:authpriv.* /var/log/secure
108:cron.* /var/log/cron
111:*.emerg :omusrmsg:*
114:ftp.* /var/log/vsftpd.log
125:local7.* /var/log/boot.log
128:mail.* /var/log/maillog
131:uucp,news.crit /var/log/spooler
138:$template tpltext, "insert into SystemEvents (Message, Facility,
FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag)
values ('%msg%', %syslogfacility%, '%HOSTNAME%',
%syslogpriority%,'%timereported:::date-mysql%',
'%timegenerated:::date-mysql%', %iut%, '%syslogtag%')"
139:module(load="builtin:omfile" file="/var/log/rsyslog-debug.log"
template="tpltext")
216:$ActionName SIEM
217:$ActionQueueDequeueSlowdown 1000 # How long (in microseconds)
dequeueing should be delayed
218:$ActionQueueFileName SIEMQueue # Set file name, also enables disk
mode
219:$ActionQueueSaveOnShutdown on # Save messages to disk on shutdown
220:$ActionQueueType LinkedList # Use asynchronous processing
221:$ActionResumeRetryCount -1 # Infinite retries on insert failure
223:*.* @@192.99.99.99
240:$ActionName Zenoss
241:$ActionQueueDequeueSlowdown 1000 # How long (in microseconds)
dequeueing should be delayed
242:$ActionQueueFileName ZenossQueue # Set file name, also enables disk
mode
243:$ActionQueueSaveOnShutdown on # Save messages to disk on shutdown
244:$ActionQueueType LinkedList # Use asynchronous processing
245:$ActionResumeRetryCount -1 # Infinite retries on insert failure
247:*.* @@172.99.99.52
260:$ActionName Ftp
261:$ActionQueueDequeueSlowdown 1000 # How long (in microseconds)
dequeueing should be delayed
262:$ActionQueueFileName dbFtpQueue # Set file name, also enables disk
mode
263:$ActionQueueSaveOnShutdown on # Save messages to disk on shutdown
264:$ActionQueueType LinkedList # Use asynchronous processing
265:$ActionResumeRetryCount -1 # Infinite retries on insert failure
268:ftp.*
:ommysql:172.99.99.125,vsftplog,hermesvsftplog,_PASSWORD_
279:$ActionName Sftp
280:$ActionQueueDequeueSlowdown 1000 # How long (in microseconds)
dequeueing should be delayed
281:$ActionQueueFileName dbSftpQueue # Set file name, also enables disk
mode
282:$ActionQueueSaveOnShutdown on # Save messages to disk on shutdown
283:$ActionQueueType LinkedList # Use asynchronous processing
284:$ActionResumeRetryCount -1 # Infinite retries on insert failure
287:authpriv.*
:ommysql:172.99.99.125,sftplogDB,hermesvsftplog,_PASSWORD_
~ Mike
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
