Hi,ALL I have seen the modification history of rsyslog on github. This source code has been modified in v8.29. The version of rsyslog I use is v8.24, which is a fixed bug.
At 2020-03-27 10:16:22, "来自小七and雨 via rsyslog" <[email protected]> wrote: >Hi,all >I tried the following command and got the same error: >curl -H "Content-Type: text/json" -XPOST 'manager.server:9200/books/es/1' -d >'{"title":"Elasticsearch Server", "publicshed":2013}' >ERROR: >{"error":"Content-Type header [text/json] is not supported","status":406} >I changed the comand to this: >curl -H "Content-Type: application/json" -XPOST >'manager.server:9200/books/es/1' -d '{"title":"Elasticsearch Server", >"publicshed":2013}' >This is right! >So, can anyone tell me how to modify the Content-Type of rsyslog sending >request,Where can I set or modify this parameter? > > > >At 2020-03-27 09:38:36, "来自小七and雨 via rsyslog" <[email protected]> >wrote: >>Thanks David Lang. >>Now I get an error msg: >>{ "request": { "url": "http:\/\/manager.server:9200\/test-index\/test-type", >>"postdata": "{\"message\":\"Unregistered Authentication Agent for >>unix-process:12318:17143977 (system bus name >>:1.345163, object path >>\\\/org\\\/freedesktop\\\/PolicyKit1\\\/AuthenticationAgent, locale >>en_US.UTF-8) (disconnected from >>bus)\",\"fromhost\":\"master\",\"facility\":\"authpriv\",\"priority\ >>":\"notice\",\"timereported\":\"2020-03-27T09:33:46.020173+08:00\",\"timegenerated\":\"2020-03-27T09:33:46.020173+08:00\"}" >> }, >>"reply": { "error": "Content-Type header [text\/json; charset=utf-8] is not >>supported", "status": 406 } } >>_________________________________________________________________________ >>"Content-Type header [text\/json; charset=utf-8] is not supported", "status": >>406 >>I used the template of the official document. Is there a problem? >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >>At 2020-03-27 09:22:35, "来自小七and雨 via rsyslog" <[email protected]> >>wrote: >>>All Config: >>>—————————————————————————————————— >>># rsyslog configuration file >>> >>> >>># For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html >>># If you experience problems, see >>>http://www.rsyslog.com/doc/troubleshoot.html >>> >>> >>>#### MODULES #### >>> >>> >>># The imjournal module bellow is now used as a message source instead of >>>imuxsock. >>>$ModLoad imuxsock # provides support for local system logging (e.g. via >>>logger command) >>>$ModLoad imjournal # provides access to the systemd journal >>>#$ModLoad imklog # reads kernel messages (the same are read from journald) >>>#$ModLoad immark # provides --MARK-- message capability >>> >>> >>># Provides UDP syslog reception >>>$ModLoad imudp >>>$UDPServerRun 514 >>> >>> >>># Provides TCP syslog reception >>>$ModLoad imtcp >>>$InputTCPServerRun 514 >>> >>> >>>#module(load="imfile") #needs to be done just once >>>module(load="imfile" PollingInterval="1") >>>module(load="omkafka") >>>module(load="omelasticsearch") >>>#### GLOBAL DIRECTIVES #### >>> >>> >>># Where to place auxiliary files >>>$WorkDirectory /var/lib/rsyslog >>> >>> >>># Use default timestamp format >>>#$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat >>>$template myFormat,"%timestamp% %fromhost-ip% %msg%\n" >>>$ActionFileDefaultTemplate myFormat >>> >>> >>>template(name="testTemplate" >>> type="list" >>> option.json="on") { >>> constant(value="{") >>> constant(value="\"timestamp\":\"") >>> property(name="timereported" dateFormat="rfc3339") >>> constant(value="\",\"message\":\"") property(name="msg") >>> constant(value="\",\"host\":\"") property(name="hostname") >>> constant(value="\",\"severity\":\"") >>> property(name="syslogseverity-text") >>> constant(value="\",\"facility\":\"") >>> property(name="syslogfacility-text") >>> constant(value="\",\"syslogtag\":\"") property(name="syslogtag") >>> constant(value="\"}") >>>} >>> >>> >>># File syncing capability is disabled by default. This feature is usually >>>not required, >>># not useful and an extreme performance hit >>>#$ActionFileEnableSync on >>> >>> >>># Include all config files in /etc/rsyslog.d/ >>>$IncludeConfig /etc/rsyslog.d/*.conf >>> >>> >>># Turn off message reception via local log socket; >>># local messages are retrieved through imjournal now. >>>$OmitLocalLogging on >>> >>> >>># File to store the position in the journal >>>$IMJournalStateFile imjournal.state >>> >>> >>> >>> >>>#### RULES #### >>> >>> >>># Log all kernel messages to the console. >>># Logging much else clutters up the screen. >>>#kern.* /dev/console >>> >>> >>># Log anything (except mail) of level info or higher. >>># Don't log private authentication messages! >>>*.info;mail.none;authpriv.none;cron.none /var/log/messages >>> >>> >>># The authpriv file has restricted access. >>>authpriv.* /var/log/secure >>> >>> >>># Log all the mail messages in one place. >>>mail.* -/var/log/maillog >>> >>> >>> >>> >>># Log cron stuff >>>cron.* /var/log/cron >>> >>> >>># Everybody gets emergency messages >>>*.emerg :omusrmsg:* >>> >>> >>># Save news errors of level crit and higher in a special file. >>>uucp,news.* /var/log/spooler >>> >>> >>># Save boot messages also to boot.log >>>local7.* /var/log/boot.log >>> >>> >>> >>> >>># ### begin forwarding rule ### >>># The statement between the begin ... end define a SINGLE forwarding >>># rule. They belong together, do NOT split them. If you create multiple >>># forwarding rules, duplicate the whole block! >>># Remote Logging (we use TCP for reliable delivery) >>># >>># An on-disk queue is created for this action. If the remote host is >>># down, messages are spooled to disk and sent when it is up again. >>>#$ActionQueueFileName fwdRule1 # unique name prefix for spool files >>>#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) >>>#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown >>>#$ActionQueueType LinkedList # run asynchronously >>>#$ActionResumeRetryCount -1 # infinite retries if host is down >>># remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional >>>#*.* @@remote-host:514 >>>input(type="imfile" File="/var/log/app.his.log" Tag="user-cmd" >>>Severity="info" Facility="local1") >>> >>> >>>*.info;mail.none;authpriv.none;cron.none @@info.server.com:514 >>> >>> >>> >>> >>>local1.info/data/log/testkafka >>>&action(type="omkafka" topic="mytopic" confParam="compression.codec=snappy" >>>broker="manager.server:9092") >>> >>> >>>local1.info action(type="omelasticsearch" server="manager.server:9200" >>>searchIndex="test-index" searchType="test-type") >>> >>> >>> >>> >>>_____________________________________________________________________________________________ >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>>At 2020-03-27 08:37:07, "来自小七and雨 via rsyslog" <[email protected]> >>>wrote: >>>> >>>> >>>> >>>>sorry,here is config: >>>>__________________________________________________ >>>>module(load="omkafka") >>>>module(load="omelasticsearch") >>>>template(name="testTemplate" >>>> type="list" >>>> option.json="on") { >>>> constant(value="{") >>>> constant(value="\"timestamp\":\"") >>>> property(name="timereported" dateFormat="rfc3339") >>>> constant(value="\",\"message\":\"") property(name="msg") >>>> constant(value="\",\"host\":\"") property(name="hostname") >>>> constant(value="\",\"severity\":\"") >>>> property(name="syslogseverity-text") >>>> constant(value="\",\"facility\":\"") >>>> property(name="syslogfacility-text") >>>> constant(value="\",\"syslogtag\":\"") >>>> property(name="syslogtag") >>>> constant(value="\"}") >>>> } >>>> >>>> >>>> >>>>local1.info action(type="omelasticsearch" server="manager.server:9200" >>>>searchIndex="test-index" searchType="test-type") >>>> >>>>___________________________________________________________ >>>>And, there is no error log。 >>>>I tried "rsyslogd -n" startup, but there was no extra information output, >>>>no error was reported, and elasticsearch did not receive the messages. This >>>>confuses me. >>>> >>>> >>>>Also, I used it to forward the message to kafka's message successfully. >>>> >>>> >>>>Any suggestions >>>>thanks >>>> >>>> >>>> >>>> >>>>At 2020-03-27 01:04:38, "John Chivian via rsyslog" >>>><[email protected]> wrote: >>>>>No one can help you unless you provide detail. Start with your exact >>>>>rsyslog configuration, and any examples of error messages. >>>>> >>>>>Regards, >>>>> >>>>> >>>>>On 3/26/20 5:34 AM, 来自小七and雨 via rsyslog wrote: >>>>>> Hi everyone, >>>>>> I tried using rsyslog to send log messages to es, but failed. >>>>>> I checked that the IP and port of es are correct, and I have also >>>>>> confirmed that the es plugins is installed. >>>>>> Checking that No corresponding index/type was created in es.. >>>>>> Can anyone help me? Thank you! >>>>>> ______________________________________ >>>>>> env : >>>>>> elasticsearch v7.3 >>>>>> rsyslog v8.24 >>>>>> centos v7.4 >>>>>> _______________________________________________ >>>>>> rsyslog mailing list >>>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog >>>>>> http://www.rsyslog.com/professional-services/ >>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >>>>>> DON'T LIKE THAT. >>>>> >>>>> >>>>>_______________________________________________ >>>>>rsyslog mailing list >>>>>https://lists.adiscon.net/mailman/listinfo/rsyslog >>>>>http://www.rsyslog.com/professional-services/ >>>>>What's up with rsyslog? Follow https://twitter.com/rgerhards >>>>>NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >>>>>of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >>>>>DON'T LIKE THAT. >>>>_______________________________________________ >>>>rsyslog mailing list >>>>https://lists.adiscon.net/mailman/listinfo/rsyslog >>>>http://www.rsyslog.com/professional-services/ >>>>What's up with rsyslog? Follow https://twitter.com/rgerhards >>>>NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of >>>>sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T >>>>LIKE THAT. >>>_______________________________________________ >>>rsyslog mailing list >>>https://lists.adiscon.net/mailman/listinfo/rsyslog >>>http://www.rsyslog.com/professional-services/ >>>What's up with rsyslog? Follow https://twitter.com/rgerhards >>>NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of >>>sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T >>>LIKE THAT. >>_______________________________________________ >>rsyslog mailing list >>https://lists.adiscon.net/mailman/listinfo/rsyslog >>http://www.rsyslog.com/professional-services/ >>What's up with rsyslog? Follow https://twitter.com/rgerhards >>NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of >>sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T >>LIKE THAT. >_______________________________________________ >rsyslog mailing list >https://lists.adiscon.net/mailman/listinfo/rsyslog >http://www.rsyslog.com/professional-services/ >What's up with rsyslog? Follow https://twitter.com/rgerhards >NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of >sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE >THAT. _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
