Thanks! Updating the SELinux mode fixed my issue. I changed /etc/selinux/config to have this: SELINUX=permissive
After reboot, rsyslog-omhttp can successfully send to the REST api. Kevin On Mon, 25 Apr 2022 at 11:06, Mariusz Kruk via rsyslog < [email protected]> wrote: > Is your SELinux in Enforcing mode? > > MK > > On 25.04.2022 17:15, Kevin McKibbin via rsyslog wrote: > > The curl command works properly. I can see the http message in the REST > > application. > > > > When trying sending through rsyslog, I can't see anything happening: > > - tcpdump doesn't report anything captured (but running the curl command > > shows captured packets) > > - ss -an doesn't report any ports being opened to send to the rest > > application (but running the curl command shows a port getting opened) > > - the omhttp log shows one line when the first syslog message is > processed > > and then does not print any additional lines in the log until I restart > > rsyslog > > > > This is basic http, not https so there's no cert errors. > > > > Is there any additional debug logging I can look at to figure out what's > > wrong? > > > > Kevin > > > > On Sat, 23 Apr 2022 at 00:32, David Lang <[email protected]> wrote: > > > >> what do you get on the server that you are posting to? does it show the > >> connection, does it show any error? > >> > >> do a tcpdump and see if the connection is happening > >> > >> try doing a curl manually, see if you get an error (a possibility would > be > >> a > >> certificate error for example) > >> > >> David Lang > >> > >> > >> On Sat, 23 Apr 2022, Kevin McKibbin via rsyslog wrote: > >> > >>> Date: Sat, 23 Apr 2022 00:14:21 -0600 > >>> From: Kevin McKibbin via rsyslog <[email protected]> > >>> To: [email protected] > >>> Cc: Kevin McKibbin <[email protected]> > >>> Subject: [rsyslog] omhttp - can't get simple case to send http > >>> > >>> I have a simple configuration where I'm trying to post the syslog > message > >>> to a REST application. But the omhttp module doesn't seem to be > sending. > >>> > >>> This is my configuration: > >>> module (load="omhttp") > >>> template(name="tpl1" type="string" string="{\"type\":\"syslog\", > >>> \"host\":\"%HOSTNAME%\"}") > >>> if (re_match($msg, "(.*REST.*)")) then { > >>> action( > >>> type="omhttp" > >>> server="192.168.55.4" > >>> serverport="8080" > >>> restpath="log" > >>> template="tpl1" > >>> action.resumeRetryCount="3" > >>> errorfile="/var/log/omhttp_errors.log" > >>> checkpath="" > >>> ) > >>> } > >>> > >>> This is the log that gets printed in /var/log/omhttp_errors.log when I > >>> inject a matching syslog message: > >>> { "request": { "url": "https:\/\/192.168.55.4:8080\/log", "postdata": > >>> "{\"type\":\"syslog\", \"host\":\"localhost\"}" }, "response": { > >> "status": > >>> 0, "message": "NULL: curl request failed or no response" } } > >>> > >>> > >>> This curl command successfully sends the request to my REST application > >> so > >>> I know that the application is running and the send is possible from > the > >> VM. > >>> curl -X POST -H "Content-Type: application/json" -d '{"name": "test"}' > >>> http://192.168.55.4:8080/log > >>> > >>> What am I doing wrong? > >>> > >>> I was using version 2202, but also tried upgrading to 2204. > >>> > >>> Thanks. > >>> Kevin > >>> _______________________________________________ > >>> rsyslog mailing list > >>> https://lists.adiscon.net/mailman/listinfo/rsyslog > >>> http://www.rsyslog.com/professional-services/ > >>> What's up with rsyslog? Follow https://twitter.com/rgerhards > >>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > myriad > >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > >> DON'T LIKE THAT. > > _______________________________________________ > > rsyslog mailing list > > https://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ > rsyslog mailing list > https://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
