[rsyslog] Linux to FreeBSD migration

Fri, 06 Apr 2018 05:44:23 -0700

I have tried to include all relevant information, please let me know what other info that may be 
needed.
We have a successful simple rsyslog installation running on Linux but are moving 
to FreeBSD 11.1-RELEASE.
I want to migrate my current Linux configuration to FREEBSD.

FreeBSD version --- rsyslog-8.31.0
Linux version -- rsyslog-8.34.0-1.el6.x86_64

**** Clients *****
Cisco switches
Cisco routers
Linux hosts (RHEL clones)
FreeBSD 11.1-Release
##################

### Linux Section #### - working

Thu Apr 05 13:33:35 /etc/rsyslog.d
root@ #rsyslogd -f /etc/rsyslog.conf -N1
rsyslogd: version 8.34.0, config validation run (level 1), master config /etc/rsyslog.conf 
rsyslogd: End of config validation run. Bye.
##############
#################

** rsyslog.conf ** -- Linux
#############################
# rsyslog configuration file
# note that most of this config file uses old-style format,
# because it is well-known AND quite suitable for simple cases
# like we have with the default config. For more advanced
# things, RainerScript configuration is suggested.
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, seehttp://www.rsyslog.com/doc/troubleshoot.html 

#### MODULES ####
module(load="imuxsock") # provides support for local system logging (e.g. via logger command) module(load="imklog")   # provides kernel logging support (previously done by rklogd) 
#module(load"immark")  # provides --MARK-- message capability

# Provides UDP syslog reception
# for parameters seehttp://www.rsyslog.com/doc/imudp.html
module(load="imudp") # needs to be done just once
input(type="imudp" port="514")

# Provides TCP syslog reception
# for parameters seehttp://www.rsyslog.com/doc/imtcp.html
#module(load="imtcp") # needs to be done just once
#input(type="imtcp" port="514")

#### GLOBAL DIRECTIVES ####
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# File syncing capability is disabled by default. This feature is usually not required, 
# not useful and an extreme performance hit
#$ActionFileEnableSync on
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure
# Log all the mail messages in one place.
mail.*                                                  /var/log/maillog
# Log cron stuff
cron.*                                                  /var/log/cron
# Everybody gets emergency messages
*.emerg :omusrmsg:*
# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler
# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$WorkDirectory /var/lib/rsyslog # where to place spool files
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList   # run asynchronously
#$ActionResumeRetryCount -1    # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###
#############################

#############################
rsyslog.d/
#### TEMPLATES ####
template(name="DynFile" type="string" string="/var/log/rsyslog/%FROMHOST%/%syslogfacility-text%.log") template(name="SyslFormat" type="string" string="%timestamp:::date-rfc3339% %FROMHOST% %syslogseverity-text% %syslogfacility-text% %programname%[%procid%]: %msg%\n") 
#############################
### End Linux Section ####

#### FreeBSD Section ####

Rsyslog ---- FreeBSD  package notes
===================================================================
To start using rsyslogd(8), stop syslogd(8) if it's running and
add the following lines to rc.conf(5):

  syslogd_enable="NO"
  rsyslogd_enable="YES"

It's recommended to copy syslog.conf(5) to
/usr/local/etc/rsyslog.conf and edit it there. Otherwise add
this:

  rsyslogd_config="/etc/syslog.conf"

Add the following (3) lines to the beginning of the config file, for
basic functionality:

  module(load="immark")   # provides --MARK-- message capability
  module(load="imuxsock") # provides support for local system logging
  module(load="imklog")   # kernel logging

newsyslog(8) has the path of syslogd's pid file hardcoded. To
make it work seamlessly with rsyslog, add this:

  rsyslogd_pidfile="/var/run/syslog.pid"
===================================================================

#######
11.1-RELEASE-p8
Thu Apr 05 13:31:17 ~/bin
root@ #rsyslogd -f /usr/local/etc/rsyslog.conf -N1
rsyslogd: version 8.31.0, config validation run (level 1), master config /usr/local/etc/rsyslog.conf 
rsyslogd: End of config validation run. Bye.
########

**** rsyslog.conf **** FreeBSD
#### MODULES ####
module(load="imuxsock") # provides support for local system logging (e.g. via logger command) module(load="imklog")   # provides kernel logging support (previously done by rklogd) 
#module(load"immark")  # provides --MARK-- message capability
#module(load="mmjsonparse") #for parsing CEE-enhanced syslog messages

# Provides UDP syslog reception
# for parameters seehttp://www.rsyslog.com/doc/imudp.html
module(load="imudp") # needs to be done just once
input(type="imudp" port="514")

# Provides TCP syslog reception
# for parameters seehttp://www.rsyslog.com/doc/imtcp.html
# module(load="imtcp") # needs to be done just once
# input(type="imtcp" port="514")

#### GLOBAL DIRECTIVES ####

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# File syncing capability is disabled by default. This feature is usually not required, 
# not useful and an extreme performance hit
#$ActionFileEnableSync on

# Include all config files in /etc/rsyslog.d/
# $IncludeConfig /usr/local/etc/rsyslog.d/*.conf

#### TEMPLATES ####
template(name="DynFile" type="string" string="/var/log/rsyslog/%FROMHOST%/%syslogfacility-text%.log") template(name="SyslFormat" type="string" string="%timestamp:::date-rfc3339% %FROMHOST% %syslogseverity-text% %syslogfacility-text% %programname%[%procid%]: %msg%\n") 

# $FreeBSD: releng/11.1/etc/syslog.conf 308721 2016-11-16 07:04:49Z bapt $
#
#       Spaces ARE valid field separators in this file. However,
#       other *nix-like systems still insist on using tabs as field
#       separators. If you are sharing this file between systems, you
#       may want to use only tabs as field separators here.
#       Consult the syslog.conf(5) manpage.
*.err;kern.warning;auth.notice;mail.crit                /dev/console
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages 
security.*                                      /var/log/security
auth.info;authpriv.info /var/log/auth.log
mail.info /var/log/maillog
lpr.info                                        /var/log/lpd-errs
ftp.info                                        /var/log/xferlog
cron.*                                          /var/log/cron
# !-devd
*.=debug                                        /var/log/debug.log
# *.emerg                                               *
*.emerg :omusrmsg:*
# uncomment this to log all writes to /dev/console to /var/log/console.log
# touch /var/log/console.log and chmod it to mode 600 before it will work
#console.info /var/log/console.log
# uncomment this to enable logging of all log messages to /var/log/all.log
# touch /var/log/all.log and chmod it to mode 600 before it will work
#*.*                                            /var/log/all.log
# uncomment this to enable logging to a remote loghost named loghost
#*.*                                            @loghost
# uncomment these if you're running inn
# news.crit /var/log/news/news.crit
# news.err                                      /var/log/news/news.err
# news.notice /var/log/news/news.notice
# Uncomment this if you wish to see messages produced by devd
# !devd
# *.>=notice                                    /var/log/devd.log
# !ppp
# *.*                                           /var/log/ppp.log
# !*
#### End FreeBSD Section ###

Testing

I only get some messages in
/var/log/messages
the
/var/log/messages/rsyslog is in place but doesn't populate with any information based on the template. 

Linux - rsyslog.conf has:
*.*        @linux-syslog-server-IP  (works without issue)
added
*.*        @new-FreeBSD-syslog-IP (not working correctly)

Thx
RK






_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Reply via email to