I have tried to include all relevant information, please let me know
what other info that may be
needed.
We have a successful simple rsyslog installation running on Linux but
are moving
to FreeBSD 11.1-RELEASE.
I want to migrate my current Linux configuration to FREEBSD.
FreeBSD version --- rsyslog-8.31.0
Linux version -- rsyslog-8.34.0-1.el6.x86_64
**** Clients *****
Cisco switches
Cisco routers
Linux hosts (RHEL clones)
FreeBSD 11.1-Release
##################
### Linux Section #### - working
Thu Apr 05 13:33:35 /etc/rsyslog.d
root@ #rsyslogd -f /etc/rsyslog.conf -N1
rsyslogd: version 8.34.0, config validation run (level 1), master config
/etc/rsyslog.conf
rsyslogd: End of config validation run. Bye.
##############
#################
** rsyslog.conf ** -- Linux
#############################
# rsyslog configuration file
# note that most of this config file uses old-style format,
# because it is well-known AND quite suitable for simple cases
# like we have with the default config. For more advanced
# things, RainerScript configuration is suggested.
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems,
seehttp://www.rsyslog.com/doc/troubleshoot.html
#### MODULES ####
module(load="imuxsock") # provides support for local system logging
(e.g. via logger command)
module(load="imklog") # provides kernel logging support (previously
done by rklogd)
#module(load"immark") # provides --MARK-- message capability
# Provides UDP syslog reception
# for parameters seehttp://www.rsyslog.com/doc/imudp.html
module(load="imudp") # needs to be done just once
input(type="imudp" port="514")
# Provides TCP syslog reception
# for parameters seehttp://www.rsyslog.com/doc/imtcp.html
#module(load="imtcp") # needs to be done just once
#input(type="imtcp" port="514")
#### GLOBAL DIRECTIVES ####
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# File syncing capability is disabled by default. This feature is
usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* /var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg :omusrmsg:*
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$WorkDirectory /var/lib/rsyslog # where to place spool files
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###
#############################
#############################
rsyslog.d/
#### TEMPLATES ####
template(name="DynFile" type="string"
string="/var/log/rsyslog/%FROMHOST%/%syslogfacility-text%.log")
template(name="SyslFormat" type="string"
string="%timestamp:::date-rfc3339% %FROMHOST% %syslogseverity-text%
%syslogfacility-text% %programname%[%procid%]: %msg%\n")
#############################
### End Linux Section ####
#### FreeBSD Section ####
Rsyslog ---- FreeBSD package notes
===================================================================
To start using rsyslogd(8), stop syslogd(8) if it's running and
add the following lines to rc.conf(5):
syslogd_enable="NO"
rsyslogd_enable="YES"
It's recommended to copy syslog.conf(5) to
/usr/local/etc/rsyslog.conf and edit it there. Otherwise add
this:
rsyslogd_config="/etc/syslog.conf"
Add the following (3) lines to the beginning of the config file, for
basic functionality:
module(load="immark") # provides --MARK-- message capability
module(load="imuxsock") # provides support for local system logging
module(load="imklog") # kernel logging
newsyslog(8) has the path of syslogd's pid file hardcoded. To
make it work seamlessly with rsyslog, add this:
rsyslogd_pidfile="/var/run/syslog.pid"
===================================================================
#######
11.1-RELEASE-p8
Thu Apr 05 13:31:17 ~/bin
root@ #rsyslogd -f /usr/local/etc/rsyslog.conf -N1
rsyslogd: version 8.31.0, config validation run (level 1), master config
/usr/local/etc/rsyslog.conf
rsyslogd: End of config validation run. Bye.
########
**** rsyslog.conf **** FreeBSD
#### MODULES ####
module(load="imuxsock") # provides support for local system logging
(e.g. via logger command)
module(load="imklog") # provides kernel logging support (previously
done by rklogd)
#module(load"immark") # provides --MARK-- message capability
#module(load="mmjsonparse") #for parsing CEE-enhanced syslog messages
# Provides UDP syslog reception
# for parameters seehttp://www.rsyslog.com/doc/imudp.html
module(load="imudp") # needs to be done just once
input(type="imudp" port="514")
# Provides TCP syslog reception
# for parameters seehttp://www.rsyslog.com/doc/imtcp.html
# module(load="imtcp") # needs to be done just once
# input(type="imtcp" port="514")
#### GLOBAL DIRECTIVES ####
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# File syncing capability is disabled by default. This feature is
usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on
# Include all config files in /etc/rsyslog.d/
# $IncludeConfig /usr/local/etc/rsyslog.d/*.conf
#### TEMPLATES ####
template(name="DynFile" type="string"
string="/var/log/rsyslog/%FROMHOST%/%syslogfacility-text%.log")
template(name="SyslFormat" type="string"
string="%timestamp:::date-rfc3339% %FROMHOST% %syslogseverity-text%
%syslogfacility-text% %programname%[%procid%]: %msg%\n")
# $FreeBSD: releng/11.1/etc/syslog.conf 308721 2016-11-16 07:04:49Z bapt $
#
# Spaces ARE valid field separators in this file. However,
# other *nix-like systems still insist on using tabs as field
# separators. If you are sharing this file between systems, you
# may want to use only tabs as field separators here.
# Consult the syslog.conf(5) manpage.
*.err;kern.warning;auth.notice;mail.crit /dev/console
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err
/var/log/messages
security.* /var/log/security
auth.info;authpriv.info /var/log/auth.log
mail.info /var/log/maillog
lpr.info /var/log/lpd-errs
ftp.info /var/log/xferlog
cron.* /var/log/cron
# !-devd
*.=debug /var/log/debug.log
# *.emerg *
*.emerg :omusrmsg:*
# uncomment this to log all writes to /dev/console to /var/log/console.log
# touch /var/log/console.log and chmod it to mode 600 before it will work
#console.info /var/log/console.log
# uncomment this to enable logging of all log messages to /var/log/all.log
# touch /var/log/all.log and chmod it to mode 600 before it will work
#*.* /var/log/all.log
# uncomment this to enable logging to a remote loghost named loghost
#*.* @loghost
# uncomment these if you're running inn
# news.crit /var/log/news/news.crit
# news.err /var/log/news/news.err
# news.notice /var/log/news/news.notice
# Uncomment this if you wish to see messages produced by devd
# !devd
# *.>=notice /var/log/devd.log
# !ppp
# *.* /var/log/ppp.log
# !*
#### End FreeBSD Section ###
Testing
I only get some messages in
/var/log/messages
the
/var/log/messages/rsyslog is in place but doesn't populate with any
information based on the template.
Linux - rsyslog.conf has:
*.* @linux-syslog-server-IP (works without issue)
added
*.* @new-FreeBSD-syslog-IP (not working correctly)
Thx
RK
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.