Dear All,
I installed the Rsyslog(8.24.55) on Redhat 7.5.
everything looks like okay, but i found an issue that I can only receive
the last input block log(oracle: mysky) from the remote soc
server(192.168.1.1).
If i rearranged them, move the Tag="oracle: mysyk" to the top one and the
Tag="oracle: pce" move to the last one than I only received Tag="oracle:
pce" log. the configuration showed as below
module(load="imfile" mode="inotify")
input(
type="imfile"
File="/PC/PCDB/PCDB_ora_*.xml"
Tag="oracle: pce"
ignoreOlderThan="86400"
startmsg.regex="^(<AuditRecord>|</Audit>).*"
freshStartTail="off"
deleteStateOnFileDelete="on"
Severity="info"
Facility="local5"
ruleset="sentinel-1468"
)
input(
type="imfile"
File="/PC/PDDB/PDDB_ora*.xml"
Tag="oracle: pde"
ignoreOlderThan="86400"
startmsg.regex="^(<AuditRecord>|</Audit>).*"
freshStartTail="off"
deleteStateOnFileDelete="on"
Severity="info"
Facility="local5"
ruleset="sentinel-1468"
)
input(
type="imfile"
File="/PC/MYSYK/MYSYK_ora_*.xml"
Tag="oracle: mysyk"
ignoreOlderThan="86400"
startmsg.regex="^(<AuditRecord>|</Audit>).*"
freshStartTail="off"
deleteStateOnFileDelete="on"
Severity="info"
Facility="local5"
ruleset="sentinel-1468"
)
ruleset(name="sentinel-1468"){
action(type="omfwd" target="192.168.1.1" port="1468" protocol="tcp")
}
Could members help me to find out the root cause.
Thanks in advance
TerenceLee
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
