Is your SELinux in Enforcing mode?
MK
On 25.04.2022 17:15, Kevin McKibbin via rsyslog wrote:
The curl command works properly. I can see the http message in the REST
application.
When trying sending through rsyslog, I can't see anything happening:
- tcpdump doesn't report anything captured (but running the curl command
shows captured packets)
- ss -an doesn't report any ports being opened to send to the rest
application (but running the curl command shows a port getting opened)
- the omhttp log shows one line when the first syslog message is processed
and then does not print any additional lines in the log until I restart
rsyslog
This is basic http, not https so there's no cert errors.
Is there any additional debug logging I can look at to figure out what's
wrong?
Kevin
On Sat, 23 Apr 2022 at 00:32, David Lang <[email protected]> wrote:
what do you get on the server that you are posting to? does it show the
connection, does it show any error?
do a tcpdump and see if the connection is happening
try doing a curl manually, see if you get an error (a possibility would be
a
certificate error for example)
David Lang
On Sat, 23 Apr 2022, Kevin McKibbin via rsyslog wrote:
Date: Sat, 23 Apr 2022 00:14:21 -0600
From: Kevin McKibbin via rsyslog <[email protected]>
To: [email protected]
Cc: Kevin McKibbin <[email protected]>
Subject: [rsyslog] omhttp - can't get simple case to send http
I have a simple configuration where I'm trying to post the syslog message
to a REST application. But the omhttp module doesn't seem to be sending.
This is my configuration:
module (load="omhttp")
template(name="tpl1" type="string" string="{\"type\":\"syslog\",
\"host\":\"%HOSTNAME%\"}")
if (re_match($msg, "(.*REST.*)")) then {
action(
type="omhttp"
server="192.168.55.4"
serverport="8080"
restpath="log"
template="tpl1"
action.resumeRetryCount="3"
errorfile="/var/log/omhttp_errors.log"
checkpath=""
)
}
This is the log that gets printed in /var/log/omhttp_errors.log when I
inject a matching syslog message:
{ "request": { "url": "https:\/\/192.168.55.4:8080\/log", "postdata":
"{\"type\":\"syslog\", \"host\":\"localhost\"}" }, "response": {
"status":
0, "message": "NULL: curl request failed or no response" } }
This curl command successfully sends the request to my REST application
so
I know that the application is running and the send is possible from the
VM.
curl -X POST -H "Content-Type: application/json" -d '{"name": "test"}'
http://192.168.55.4:8080/log
What am I doing wrong?
I was using version 2202, but also tried upgrading to 2204.
Thanks.
Kevin
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
