LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-16-2014, 11:04 AM   #1
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Rep: Reputation: 33
Fedora 19 : Cannot get rsyslog service to work


Hello,

I'm trying to use the rsyslog server on my Fedora 19 but it does not seem to work :

Code:
[root@jonashp Jonas]# /sbin/service rsyslog status
Redirecting to /bin/systemctl status  rsyslog.service
rsyslog.service - System Logging Service
   Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled)
   Active: failed (Result: start-limit) since do 2014-01-16 17:41:51 CET; 15s ago
  Process: 10009 ExecStart=/sbin/rsyslogd -n $SYSLOGD_OPTIONS (code=exited, status=1/FAILURE)

jan 16 17:41:51 jonashp.jocan.local systemd[1]: Unit rsyslog.service entered failed state.
jan 16 17:41:51 jonashp.jocan.local systemd[1]: Starting System Logging Service...
jan 16 17:41:51 jonashp.jocan.local systemd[1]: Started System Logging Service.
jan 16 17:41:51 jonashp.jocan.local systemd[1]: rsyslog.service: main process exited, code=exited, status=1/FAILURE
jan 16 17:41:51 jonashp.jocan.local systemd[1]: Unit rsyslog.service entered failed state.
jan 16 17:41:51 jonashp.jocan.local systemd[1]: Starting System Logging Service...
jan 16 17:41:51 jonashp.jocan.local systemd[1]: Started System Logging Service.
jan 16 17:41:51 jonashp.jocan.local systemd[1]: rsyslog.service: main process exited, code=exited, status=1/FAILURE
jan 16 17:41:51 jonashp.jocan.local systemd[1]: Unit rsyslog.service entered failed state.
jan 16 17:41:51 jonashp.jocan.local systemd[1]: Starting System Logging Service...
The /var/log/messages logfile does not report much :

Code:
Jan 16 17:17:52 jonashp systemd[1]: Starting System Logging Service...
Jan 16 17:17:52 jonashp systemd[1]: Started System Logging Service.
Jan 16 17:20:28 jonashp rsyslogd: [origin software="rsyslogd" swVersion="7.2.6" x-pid="9512" x-info="http://www.rsyslog.com"] exiting on signal 15.
Jan 16 17:38:59 jonashp rsyslogd: [origin software="rsyslogd" swVersion="7.2.6" x-pid="9894" x-info="http://www.rsyslog.com"] start
So how can I change the "Active: failed" and "(code=exited, status=1/FAILURE)" ?

Thanks.
 
Old 01-16-2014, 02:13 PM   #2
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: CentOS 6 (pre-systemd)
Posts: 2,744

Rep: Reputation: 732Reputation: 732Reputation: 732Reputation: 732Reputation: 732Reputation: 732Reputation: 732
Most likely /var/log/messages doesn't have anything because rsyslog isn't running. You need to figure out what is misconfigured. Post the contents of /etc/rsyslog.conf.
 
Old 01-17-2014, 03:49 AM   #3
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Original Poster
Rep: Reputation: 33
Code:
[root@jonashp Jonas]# cat /etc/rsyslog.conf
# rsyslog v5 configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
#$ModLoad immark  # provides --MARK-- message capability

# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514


#### GLOBAL DIRECTIVES ####

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf


#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 :omusrmsg:*

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log


# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$WorkDirectory /var/lib/rsyslog # where to place spool files
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList   # run asynchronously
#$ActionResumeRetryCount -1    # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###
 
Old 01-17-2014, 05:10 AM   #4
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Original Poster
Rep: Reputation: 33
I re-installed rsyslogd from yum and now it works again.

However, there is no logging from a network client coming in. Even with syslogd listening on port 514 :

Code:
[root@jonashp Jonas]# netstat -anup | grep 514
udp        0      0 0.0.0.0:514             0.0.0.0:*                           7011/rsyslogd       
udp6       0      0 :::514                  :::*                                7011/rsyslogd
How can I capture logging from a network client that is pointed to this syslog server ? Nothing appears in the file /var/log/messages.

Last edited by jonaskellens; 01-17-2014 at 05:50 AM.
 
Old 01-17-2014, 05:39 AM   #5
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Original Poster
Rep: Reputation: 33
I also do not seem able to stop the service (how crazy is that ??) :

Code:
[root@jonashp Jonas]# ps aux | grep syslog
root      6943  0.0  0.0 267040  3796 ?        Ssl  12:35   0:00 /sbin/rsyslogd -n
root      6999  0.0  0.0 112648   948 pts/2    S+   12:36   0:00 grep --color=auto syslog
[root@jonashp Jonas]# kill -s 9 6943
[root@jonashp Jonas]# ps aux | grep syslog
root      7011  0.0  0.0 267040  1884 ?        Ssl  12:36   0:00 /sbin/rsyslogd -n
root      7020  0.0  0.0 112648   948 pts/2    R+   12:36   0:00 grep --color=auto syslog
[root@jonashp Jonas]# /sbin/service rsyslog status
Redirecting to /bin/systemctl status  rsyslog.service
rsyslog.service - System Logging Service
   Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled)
   Active: active (running) since vr 2014-01-17 12:36:37 CET; 19s ago
 Main PID: 7011 (rsyslogd)
   CGroup: name=systemd:/system/rsyslog.service
           └─7011 /sbin/rsyslogd -n

jan 17 12:36:37 jonashp.jocan.local systemd[1]: Started System Logging Service.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] usr.sbin.rsyslogd apparmor audit.log /var/rsyslog/work/dbq.00000001 problem masuch Linux - Newbie 2 11-05-2012 09:07 AM
Squid service monitor with rsyslog athreyavc Linux - Newbie 3 01-24-2012 12:40 PM
How to config rsyslog on Fedora 10 to collect the log from Cisco ASA5510 ? gutiojj Linux - Server 2 03-30-2010 03:08 PM
Has anyone got rsyslog to work using TLS? I see traffic, but nothing gets logged? abefroman Linux - Software 0 06-15-2008 10:16 PM


All times are GMT -5. The time now is 10:55 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration