Rsyslog server not sending email alerts

linuxlover.chaitanya · 02-22-2013, 03:54 AM

Greeting all,

I have configured rsyslog on CentOS 6 with a client on Windows server 2008.
Server is collecting the log files fine without issues. LogAnalyzer shows proper data. But it is not sending the email alerts. Seems there is some issue with "if" loop used in the configuration.
Here is the config:

Code:

$ModLoad ommail
$ActionMailSMTPServer mx1.<org>.com
$ActionMailFrom rsyslog@<org>.com
$ActionMailTo <me>@<org>.com
$template mailSubject,"Rsyslog alert for %hostname%"
$template mailBody,"Rsyslog alert for %hostname%\r\nmsge='%msg%'"
$ActionMailSubject mailSubject
$ActionExecOnlyOnceEveryInterval 30
if $syslogseverity-text == 'INFO' then :ommail:;mailBody

But I do not receive any alerts even though there are logs with severity INFO.

Any help would be appreciated.

unSpawn · 02-22-2013, 08:26 AM

Quote:

Originally Posted by linuxlover.chaitanya

Seems there is some issue with "if" loop used in the configuration.

How did you come to that conclusion? I suggest you 0) check syslog for clues (usually around the time it gets started or restarted), 1) run a check (see 'man rsyslog.conf' for "-d" and "-N"), 2) attach debug output as plain text file if necessary and 3) post your complete /etc/rsyslog.conf and /etc/rsyslog.d/ contents instead of just a snippet.

linuxlover.chaitanya · 02-24-2013, 12:44 AM

Well, I might surely be incorrect but I am thinking that "if" loop is not working because I get the email alerts if I change the configuration to send alerts for everything.

Like

Code:

*.* :ommail:;mailBody