Hello, My name is David and I hope I am sending this to the correct list. I am needing some assistance with my rsyslog setup. I am trying to setup an rsyslog server that will take incoming syslog messages from other systems, convert them to JSON output and then forward them to elasticsearch. I am attaching my non-working config (rsyslog.conf.broken file), my old working config (rsyslog.conf.worked file) and my omelasticsearch module config (rsyslog.omelasticsearch.conf file). This setup was working during my initial rsyslog -> elasticsearch setup using no security and plain HTTP. When I tried to setup SSL and BASIC auth is when things broke and before I could get everything set back up rsyslog also updated to a new version. I have since been unable to get it to forward the TCP received syslog messages to elasticsearch, but it is sending the local messages from the Rsyslog Server to elasticsearch, so I think I have this partially correct? To be clear, Client messages are coming into the Rsyslog Server as confirmed by tcpdump, but are not forwarding to Elasticsearch. More information below:
To clarify the flow it should go: Client (syslog/rsyslog) -> Rsyslog Server (converts to JSON forwards to Elasticsearch, this is where it breaks) -> Elasticsearch Rsyslog.conf.broken - rsyslog v8.2002 Rsyslog.conf.worked - rsyslog v7.6(?) Rsyslog.elasticsearch.conf - no change between versions OS: Centos 7 latest Firewall: disabled SELinux: Permissive Difference between rsyslog.conf.broken and Rsyslog.conf.worked is that "worked" has a definition for a Ruleset named "remote" that is bound to TCP input and assigns the TCP input to "*.*", at least I hope my understanding of that is correct. Thank you for any assistance you can offer and please let me know if I need to provide any additional information. David Stephens
rsyslog.conf.broken
Description: Binary data
rsyslog.conf.worked
Description: Binary data
rsyslog.omelasticsearch.conf
Description: Binary data
_______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
