On Thu, 2013-04-04 at 15:55 -0700, David Lang wrote:
> In general, upgrading a package should not change your configuration files,
> especially if you have customized them.
>
> Rsyslog packages should not change the config file.
>
That's what they are supposed to do (NOT change the config). Anyt
In general, upgrading a package should not change your configuration files,
especially if you have customized them.
Rsyslog packages should not change the config file.
David Lang
On Thu, 4 Apr 2013, Josh Bitto wrote:
When I installed the stable version of rsyslog from the yum package was it
When I installed the stable version of rsyslog from the yum package was it
supposed to do anything the rsyslog.conf? I just noticed that the top of the
file still says v5 config.
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
Took me a while to understand what you were sayingbut I removed if
$syslogfacility-text == 'local6' and $programname == 'httpd' then ~
And it logs the other file now. They are being forwarded :D
-Original Message-
From: rsyslog-boun...@lists.adiscon.com
[mailto:rsyslog-boun...@lists
On Thu, 4 Apr 2013, Josh Bitto wrote:
All I know is that it isn't creating that file for errorsThe access one
works. They still are not being forwarded. Is there something on my central
syslog server I need to put in the config? Something that saysif this file
comes in put it here?
I
All I know is that it isn't creating that file for errorsThe access one
works. They still are not being forwarded. Is there something on my central
syslog server I need to put in the config? Something that saysif this file
comes in put it here?
-Original Message-
From: rsyslog
Then, unless you have something throwing logs away before that (some line
matching the logs with a destination of ~), the logs will be forwarded.
David Lang
On Thu, 4 Apr 2013, Josh Bitto wrote:
Date: Thu, 4 Apr 2013 14:44:23 -0700
From: Josh Bitto
Reply-To: rsyslog-users
To: rsyslog-users
Here is my config...
I do have the *.* @destination already.
-Original Message-
From: rsyslog-boun...@lists.adiscon.com
[mailto:rsyslog-boun...@lists.adiscon.com] On Behalf Of David Lang
Sent: Thursday, April 04, 2013 2:39 PM
To: rsyslog-users
Subject: Re: [rsyslog] httpd logs
you nee
you need to add a line to forward the logs.
Without seeing the rest of your configuration, we can't say if it's going to be
forwarded by an existing configuration.
My personal belief is that logs are small enough bandwidth wise, and rsyslog is
fast enough that I tjust do
*.* @destination
(
If you are upgrading anyway, you should see how far you can upgrade. The current
version is 7.2 (with 7.4 due shortly based off the current 7.3)
There are a lot of cleanups and a new config language that can significantly
clarify more complex configurations in the new versions.
David Lang
On
Well ok so I followed the doc that explains how to setup httpd access and error
logs to be configured to use rsyslog. I think it "mostly" works. I have a file
that is created that is in /var/log/httpd-access.log which is on my remote
machine.
How do I get that to be forwarded to my central sysl
When setting rsyslog to obtain httpd logs I did the following:
In httpd.conf
ErrorLog syslog:local7
In rsyslog.conf
Would I add the rule like this?
Local1.err/var/log/apache.err
Or for the file use any file name? And will this file be forwarded to my
central syslog server.
Joshua Bitto
I
On Thu, 2013-04-04 at 23:59 +0530, Soham Chakraborty wrote:
> Ah, thanks Rainer. I have primarily worked on v5 and hardly tried to
> migrate. That was an incoherent musing.
>
> Thanks, I stand corrected.
>
no problem - these facts should probably more prominently mentioned (as
an old datacenter g
Ah, thanks Rainer. I have primarily worked on v5 and hardly tried to
migrate. That was an incoherent musing.
Thanks, I stand corrected.
On Thu, Apr 4, 2013 at 10:36 PM, Rainer Gerhards
wrote:
> On Thu, 2013-04-04 at 22:28 +0530, Soham Chakraborty wrote:
> > Hi,
> >
> > I think a sane approach w
I'm on centos 6.4. Probably because I do things the hard way without thinking
of just adding a package.
Lolits installed and good to go now.
-Original Message-
From: rsyslog-boun...@lists.adiscon.com
[mailto:rsyslog-boun...@lists.adiscon.com] On Behalf Of Rainer Gerhards
Sent: Thu
--prefix is probably wrong
Any specific reason you don't use the packages? (You are on RH , correct? )
Sent from phone, thus brief.
Ursprüngliche Nachricht
Von: Josh Bitto
Datum: 04.04.2013 20:13 (GMT+01:00)
An: rsyslog-users
Betreff: Re: [rsyslog] rsyslog version
Well
Well the way that I did it per instructions from other online sources I did
cd /tmp
wget http://libestr.adiscon.com/files/download/libestr-0.1.5.tar.gz
tar -xvf libestr-0.1.5.tar.gz
cd libestr-0.1.5
./configure --prefix=/usr
make
make install
I believe you are correct about the pkg-config which
that's coz of pkg-config most probably, make sure you have the correct PATH
for it and that the .pc files were copied when you built libestr.
On Thu, Apr 4, 2013 at 2:28 PM, Josh Bitto wrote:
> Well I'm following the installation instructions and when I did the
> configure it said there was a m
Well I'm following the installation instructions and when I did the configure
it said there was a missing package for libestr.so I downloaded that and
followed the install instructions.configuremake...makeinstall.so
that went without a hitch.
So I go back to rsyslog and try to c
On Thu, 2013-04-04 at 22:28 +0530, Soham Chakraborty wrote:
> Hi,
>
> I think a sane approach would be to note down the directives you are using
> un v5 and then comparing them with v7 to see how they differ, in behavior
> and documentation.
This never happens in rsyslog. Once a directive and it
The global directives are the default. I haven't touched those.
I am however using templates with (including if then statements) the help from
another rsyslog user yesterday. Is there a preferred directory location when
downloading the tarball and unloading it?
-Original Message-
From:
Hi,
I think a sane approach would be to note down the directives you are using
un v5 and then comparing them with v7 to see how they differ, in behavior
and documentation. If your syslog stuff is maintained/supported/used by
others, probably educate them too. Keep the working v5 config file handy
Hello Joshua,
Depending on how sensitive you syslog stuff is, you should test first to be
100% sure.
Otherwise, from what I know, your v5 config should work on v7, although you
might want to check out v7 syntax because:
- it makes your configs much easier to read and maintain
- is much more aweso
Currently I'm running version rsyslog-5.8.10-6.el6.x86_64..So did some
checking and there is a stable release of rsyslog 7.2.6 ST is available. I
looked at the release notes and the bug fixes and should I be cautious when
upgrading or is it pretty straight forward?
Joshua Bitto
Informatio
Philippe,
> FYI: can reproduce, and seems to be present in master branch as well.
OK, this was a very weird issue, related to batch processing and state
tracking. The then-case worked OK, but the else case was applied always, even
for messages that never were intended to go into the inner if.
Great. That was exactly my problem.
But nevertheless - I will upgrade as suggested by Gerhard.
Uli
-Ursprüngliche Nachricht-
Von: rsyslog-boun...@lists.adiscon.com
[mailto:rsyslog-boun...@lists.adiscon.com] Im Auftrag von David Lang
Gesendet: Donnerstag, 4. April 2013 14:24
An: rsyslog-
FYI: can reproduce, and seems to be present in master branch as well.
> -Original Message-
> From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog-
> boun...@lists.adiscon.com] On Behalf Of Rainer Gerhards
> Sent: Thursday, April 04, 2013 2:18 PM
> To: rsyslog-users
> Subject: Re: [rsysl
Try starting rsyslog with the -x option to disable DNS lookups. If that solves
your problem, check that you have reverse DNS working well. Rsyslog will try to
lookup the IP address of the system sending the logs to it.
David Lang
On Thu, 4 Apr 2013,
ulrich.her...@t-systems.com wrote:
Som
On Wed, 3 Apr 2013, Josh Bitto wrote:
I have the same setup. I have my central rsyslog server and splunk server on
the same box. I'm having all clients send logs and having rsyslog put them in
different log locations.
Then on the splunk side I'm just indexing those file locations. What method
> > -Original Message-
> > From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog-
> > boun...@lists.adiscon.com] On Behalf Of Philippe Muller
> > Sent: Thursday, April 04, 2013 2:02 PM
> > To: rsyslog-users
> > Subject: Re: [rsyslog] Need help to understand RainerScript behavior
> > (rsys
> -Original Message-
> From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog-
> boun...@lists.adiscon.com] On Behalf Of Philippe Muller
> Sent: Thursday, April 04, 2013 2:02 PM
> To: rsyslog-users
> Subject: Re: [rsyslog] Need help to understand RainerScript behavior (rsyslog
> 7.2.6)
>
Reading my original post again, I guess it shows to bugs:
1. The "JSON-variable equality issue" => That's now fixed
2. The "Nested if-statement issue"
Here is how I test for what I call the "nested if-statement issue" :
1. Run rsyslog with this conf:
---
module(load="imuxsock")
if $app-name start
Upgrade at least to the latest 5.8 version, better a supported one. 99% sure
this will fix your issue.
Sent from phone, thus brief.
Ursprüngliche Nachricht
Von: ulrich.her...@t-systems.com
Datum: 04.04.2013 13:44 (GMT+01:00)
An: rsyslog@lists.adiscon.com
Betreff: [rsyslog] I
Mmmhhh... for me it fixed the problem described in the initial mail. Can you
post what gives you problems now? I guess we are out of sync.
Sent from phone, thus brief.
Ursprüngliche Nachricht
Von: Philippe Muller
Datum: 04.04.2013 13:36 (GMT+01:00)
An: rsyslog-users
Betref
Some additional information:
We see the data coming on UDP with tcpdump in time on the rsyslog server, so we
know, that the cisco device logs everything in time. Just the log data in the
log file is with delay.
Uli
-Ursprüngliche Nachricht-
Von: rsyslog-boun...@lists.adiscon.com
[mail
Hi,
We have a rsyslog 5.8.1:
Input comes on UDP/514 (from a cisco device), output is directed to a logfile -
but there it appears with a delay from about 60 seconds.
This is a low-throughput input, so maybe, our file buffer just fills to slow.
Can I configure that somewhere so that this is wri
Hello,
I did several tests. At first, I could'nt find any behavior difference with
and without the patch. That's because I did the test with the last
configuration snippet I posted. It was intended to illustrate an issue with
nested if-statements.
Reading rainerscript.c, I understood you fixed so
That's great. I'll test it ASAP. :-)
Philippe Muller
On Thu, Apr 4, 2013 at 10:12 AM, Rainer Gerhards
wrote:
> > -Original Message-
> > From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog-
> > boun...@lists.adiscon.com] On Behalf Of Rainer Gerhards
> > Sent: Thursday, April 04, 2013
> -Original Message-
> From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog-
> boun...@lists.adiscon.com] On Behalf Of Rainer Gerhards
> Sent: Thursday, April 04, 2013 9:48 AM
> To: Philippe Muller
> Cc: rsyslog-users (rsyslog@lists.adiscon.com)
> Subject: Re: [rsyslog] Need help to unde
Quick update: I have this in lab now. I can confirm the problem in 7.2.6, but
it seems to be gone in master branch (7.3.9+). Now need to dig down what's
going on.
Rainer
> -Original Message-
> From: Philippe Muller [mailto:philippe.mul...@gmail.com]
> Sent: Friday, March 29, 2013 11:40
> The problem is that Red Hat likes to freeze the versions close to a year
> before the release. This means that RHEL 7 is probably going to have a rsyslog
> 6.x included in it,
It is RH's policy not to share version details with development partners, so I
don't know (really!). HOWEVER, I would
41 matches
Mail list logo