After configuration syntax error has been made, the rsyslog continued to work, but not as expected. Discovered issues with impstats and no TCP forward was active (4 are configured). Running rsyslog version 8.15.
Config error: =========== # missing 'or' in if condition expression if not ( $fromhost-ip == '10.1.x.y' $fromhost-ip == '10.1.x.z' ) then @@remote-syslog:5514 Errors reported: =========== Jul 12 15:10:31 127.0.0.1 syslog.err rsyslogd-2207:error during parsing file /etc/rsyslog.d/30-forward-siemep1.conf, on or before line 49: syntax error on token '$fromhost-ip' [v8.15.0 try http://www.rsyslog.com/e/2207 ] Jul 12 15:10:31 127.0.0.1 syslog.err rsyslogd-2207:CONFIG ERROR: could not interpret master config file '/etc/rsyslog.conf'. [v8.15.0 try http://www.rsyslog.com/e/2207 ] Result1: =========== impstats module report under syslog.info Jul 12 15:12:06 127.0.0.1 syslog.info rsyslogd-pstats:resource-usage: origin=impstats utime=84000 stime=128000 maxrss=3416 minflt=272 majflt=0 inblock=0 oublock=8312 nvcsw=10303 nivcsw=84 but should report under syslog.debug Jul 12 15:20:51 127.0.0.1 syslog.debug rsyslogd-pstats:resource-usage: origin=impstats utime=1800000 stime=1748000 maxrss=5776 minflt=580 majflt=11 inblock=1552 oublock=43016 nvcsw=106673 nivcsw=492 Result2: =========== no TCP forwarding initiated. Anyone able to explain this situation? -- Peter _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
