LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-14-2014, 07:52 AM   #1
george_john
LQ Newbie
 
Registered: Sep 2014
Posts: 9
Blog Entries: 1

Rep: Reputation: Disabled
Smile forwarding a new log file to rsyslog server


Hello,
I'm trying to setup my rsyslog to send logs generated by yum (/var/log/yum.log) to a remote syslog server. I have already configured rsyslog to send OS level logs but wanted to see if it can also send logs of yum. Iím using imfile module to implement this, however errors are detected in the syslog configuration file after adding new lines of imfile. Searched in n number of syslog related sites for a solution, but Iím not able to correct it.
Here are the modifications related to yum log forwarding and imfile (/etc/rsyslog.conf - top to bottom order )
#### MODULES ####
$ModLoad imfile
# Save yum logs
local3.info /var/log/yum.log
# ### begin forwarding rule ###
$WorkDirectory /var/lib/rsyslog # where to place spool files
module(load="imfile" PollingInterval="10")
# yum log
input(type="imfile"
File="/var/log/yum.log"
Tag="tag123"
StateFile="statefile123"
Severity="info"
Facility="local3")

Errors in /var/log/messages when I restart rsyslog service,

Oct 14 18:15:00 yumreposerver kernel: Kernel logging (proc) stopped.
Oct 14 18:15:00 yumreposerver rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="3410" x-info="http://www.rsyslog.com"] exiting on signal 15.
Oct 14 18:15:00 yumreposerver kernel: imklog 5.8.10, log source = /proc/kmsg started.
Oct 14 18:15:00 yumreposerver rsyslogd3: No files configured to be monitored [try http://www.rsyslog.com/e/-3 ]
Oct 14 18:15:00 yumreposerver rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="3516" x-info="http://www.rsyslog.com"] start
Oct 14 18:15:00 yumreposerver rsyslogd-3000: unknown priority name "" [try http://www.rsyslog.com/e/3000 ]
Oct 14 18:15:00 yumreposerver rsyslogd: the last error occured in /etc/rsyslog.conf, line 107:"module(load="imfile" PollingInterval="10")"
Oct 14 18:15:00 yumreposerver rsyslogd: warning: selector line without actions will be discarded
Oct 14 18:15:00 yumreposerver rsyslogd-3000: unknown priority name "" [try http://www.rsyslog.com/e/3000 ]
Oct 14 18:15:00 yumreposerver rsyslogd: the last error occured in /etc/rsyslog.conf, line 109:"input(type="imfile""
Oct 14 18:15:00 yumreposerver rsyslogd: warning: selector line without actions will be discarded
Oct 14 18:15:00 yumreposerver rsyslogd-3000: unknown priority name "log"" [try http://www.rsyslog.com/e/3000 ]
Oct 14 18:15:00 yumreposerver rsyslogd: the last error occured in /etc/rsyslog.conf, line 110:" File="/var/log/yum.log""
Oct 14 18:15:00 yumreposerver rsyslogd: warning: selector line without actions will be discarded
Oct 14 18:15:00 yumreposerver rsyslogd-3000: unknown priority name "" [try http://www.rsyslog.com/e/3000 ]
Oct 14 18:15:00 yumreposerver rsyslogd: the last error occured in /etc/rsyslog.conf, line 111:" Tag="tag123""
Oct 14 18:15:00 yumreposerver rsyslogd: warning: selector line without actions will be discarded
Oct 14 18:15:00 yumreposerver rsyslogd-3000: unknown priority name "" [try http://www.rsyslog.com/e/3000 ]
Oct 14 18:15:00 yumreposerver rsyslogd: the last error occured in /etc/rsyslog.conf, line 112:" StateFile="statefile123""
Oct 14 18:15:00 yumreposerver rsyslogd: warning: selector line without actions will be discarded
Oct 14 18:15:00 yumreposerver rsyslogd-3000: unknown priority name "" [try http://www.rsyslog.com/e/3000 ]
Oct 14 18:15:00 yumreposerver rsyslogd: the last error occured in /etc/rsyslog.conf, line 113:" Severity="info""
Oct 14 18:15:00 yumreposerver rsyslogd: warning: selector line without actions will be discarded
Oct 14 18:15:00 yumreposerver rsyslogd-3000: unknown priority name "" [try http://www.rsyslog.com/e/3000 ]
Oct 14 18:15:00 yumreposerver rsyslogd: the last error occured in /etc/rsyslog.conf, line 114:" Facility="local3")"
Oct 14 18:15:00 yumreposerver rsyslogd: warning: selector line without actions will be discarded
Oct 14 18:15:00 yumreposerver rsyslogd-2124: CONFIG ERROR: could not interpret master config file '/etc/rsyslog.conf'. [try http://www.rsyslog.com/e/2124 ]

Could you please help me on this? Iíve done this configuration at client end to forward one of its log file, not sure something need to update in rsyslog server configuration file.

Thanks, //George
 
Old 10-16-2014, 03:26 PM   #2
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,204

Rep: Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611
Can you share the whole rsyslog config please?

You have an improperly formatted config showing.
 
Old 10-20-2014, 03:29 AM   #3
george_john
LQ Newbie
 
Registered: Sep 2014
Posts: 9
Blog Entries: 1

Original Poster
Rep: Reputation: Disabled
Hi, Thanks a lot for your reply. I've made some changes in the client rsyslog.conf file related to imfile. Now i'm not getting any compilation errors.
Server and client installed OS - Red Hat Enterprise Linux Server release 6.4 (Santiago), 64 bit
Here is the client configuration file,
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++
# cat /etc/rsyslog.conf


# rsyslog v5 configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
$ModLoad imfile
#$ModLoad immark # provides --MARK-- message capability

# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514


#### GLOBAL DIRECTIVES ####

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf


#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access.
authpriv.* /var/log/secure

# Log all the mail messages in one place.
mail.* -/var/log/maillog


# Log cron stuff
cron.* /var/log/cron

# Everybody gets emergency messages
*.emerg *

# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler

# Save boot messages also to boot.log
local7.* /var/log/boot.log

# Save yum logs
local3.notice /var/log/yum.log

# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$WorkDirectory /var/lib/rsyslog # where to place spool files
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/iport, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###
##################################################################
# This sends all sudo messages to secure log
local2.notice /var/log/secure
##################################################################
# Network logging
##################################################################
# This sends all messages with err level, except auth, to loghost
*.err;auth.none @192.168.56.30
# This sends all security messages to loghost
auth.debug @192.168.56.30
# This sends all sudo messages to loghost
local2.notice @192.168.56.30
##################################################################
*.err;authpriv.none @@192.168.56.30
& ~
# This sends all security messages to loghost
authpriv.* @@192.168.56.30
& ~
# This sends all sudo messages to loghost
local2.notice @@192.168.56.30
& ~

#imfile log forwarding lines below

$InputFileName /var/log/yum.log
$InputFileTag myapp
$InputFileStateFile myapp-file1
$InputFileSeverity info
$InputFileFacility local3
$InputRunFileMonitor
$InputFilePollInterval 10
$InputFilePersistStateInterval 1000



# This is to send yum log to loghost, not sure this is required or not.
local3.info @@192.168.56.30
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++

Three more doubts,
1> Is it possible to forward a live file to syslog server?
2> Do i need to rotate the logs (log rotate) which i want to forward?
3> The imfile module can be added to /etc/rsyslog.conf or is there any recommendations to put the configuration in a separate file? If yes, how it can be configured as a separate file?

Also there could be some additions need to perform at server end when we need to forward a new log file i believe.
Please see my server configuration file also,
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++

# cat /etc/rsyslog.conf

# rsyslog v5 configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
$ModLoad imfile
#$ModLoad immark # provides --MARK-- message capability

# Provides UDP syslog reception
$ModLoad imudp
#$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
#$InputTCPServerRun 514


#### GLOBAL DIRECTIVES ####

# Use default timestamp format
$MainMsgQueueSize 50000
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf


#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access.
authpriv.* /var/log/secure

# Log all the mail messages in one place.
mail.* -/var/log/maillog


# Log cron stuff
cron.* /var/log/cron

# Everybody gets emergency messages
*.emerg *

# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler

# Save boot messages also to boot.log
local7.* /var/log/boot.log



# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$WorkDirectory /var/lib/rsyslog # where to place spool files
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/iport, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###


#### MODULES ####

$ModLoad imtcp.so
$ModLoad imudp.so

# Provides TCP syslog reception
$Ruleset RSYSLOG_DefaultRuleset

#### GLOBAL DIRECTIVES ####
$MainMsgQueueSize 50000
# Use default timestamp format

$Ruleset log
$template HostAuth, "/var/log/syslog/%HOSTNAME%/%$YEAR%/%$MONTH%/%$DAY%/secure.l
authpriv.* -?HostAuth
$template HostAudit,"/var/log/syslog/%HOSTNAME%/%$YEAR%/%$MONTH%/%$DAY%/sudo.log
local2.* -?HostAudit
$template DynFile,"/var/log/syslog/%HOSTNAME%/%$YEAR%/%$MONTH%/%$DAY%/messages.l
*.err;authpriv.none -?DynFile

$template DynFile,"/var/log/syslog/%HOSTNAME%/%$YEAR%/%$MONTH%/%DAY%/yum.log
local3.* -?DynFile

$InputTCPServerBindRuleset log
$InputTCPServerRun 514
$InputUDPServerBindRuleset log
$UDPServerRun 514
$Ruleset RSYSLOG_DefaultRuleset

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++

I'm so worried about the below lines,

$template DynFile,"/var/log/syslog/%HOSTNAME%/%$YEAR%/%$MONTH%/%DAY%/yum.log
local3.* -?DynFile

I hope the first line is correct but not sure about "local3.* -?DynFile"
DyneFile can be used for yum.log? or for any log files?

Is there anything more need to do at server and client end? or total configuration for yum.log is incorrect?
This is the first time i'm configuring rsyslog, the goal is i need to forward yum.log file to rsyslog server at the mentioned path in template.

This is the latest file which forwarded from client,
[root@bash_server ~]# cd /var/log/syslog/yumreposerver/2014/10/18/
[root@bash_server 18]# ls
secure.l

Can you please check and guide me to do this?
Thanks // George
 
Old 11-12-2014, 07:10 AM   #4
george_john
LQ Newbie
 
Registered: Sep 2014
Posts: 9
Blog Entries: 1

Original Poster
Rep: Reputation: Disabled
Still waiting for some solution..
Can anyone help plz...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Rsyslog server cant log logs owned by root nico34 Linux - Server 2 03-19-2012 05:46 AM
[SOLVED] Send syslog log to rsyslog server? is possible? JohnV2 Slackware 9 10-13-2011 01:37 PM
[SOLVED] I can send syslog log to rsyslog server? how? JohnV2 Linux - Server 6 10-13-2011 08:55 AM
In Apache server, How to change log file location and log format for access log fil? since1993 Linux - Server 1 08-19-2009 04:14 PM
how to write log data to disk when the server is down while using rsyslog prakash.akumalla Linux - Newbie 1 06-25-2008 01:15 AM


All times are GMT -5. The time now is 02:53 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration