Hi,
I am getting an error saying 'activation of module imptcp failed'. So far I
have not been able to pinpoint the problem. Here are the details:
[root@HOSTNAME rsyslog.d]# cat ../rsyslog.conf
# rsyslog configuration file
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see
http://www.rsyslog.com/doc/troubleshoot.html
#### MODULES ####
# The imjournal module bellow is now used as a message source instead of
imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via
logger command)
$ModLoad imjournal # provides access to the systemd journal
#$ModLoad imklog # reads kernel messages (the same are read from journald)
#$ModLoad immark # provides --MARK-- message capability
module(load="imptcp")
# Provides UDP syslog reception
$ModLoad imudp
#$UDPServerRun 514
# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
#### GLOBAL DIRECTIVES ####
# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# File syncing capability is disabled by default. This feature is usually
not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
# Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
$OmitLocalLogging on
# File to store the position in the journal
$IMJournalStateFile imjournal.state
#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg :omusrmsg:*
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###
This is a sample file in /etc/rsyslog.d directory:
[root@HOSTNAME rsyslog.d]# cat veeam.conf
input(type="imptcp" port="8518" ruleset="veeam")
ruleset(name="veeam"
queue.type="fixedArray"
queue.size="250000"
queue.dequeueBatchSize="4096"
queue.workerThreads="4"
queue.workerThreadMinimumMessages="60000"
) {
$FileOwner splunk
$FileGroup splunk
$DirOwner splunk
$DirGroup splunk
$DirCreateMode 0755
$FileCreateMode 0640
$Template
veeam-logs,"/opt/data/syslog/veeam/%HOSTNAME%/veeam_%$YEAR%-%$MONTH%-%$DAY%-%$HOUR%.log"
*.*-?veeam-logs
}
This is the error:
[root@HOSTNAME rsyslog.d]# systemctl status -l --no-pager rsyslog
? rsyslog.service - System Logging Service
Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor
preset: enabled)
Active: active (running) since Tue 2020-09-15 10:15:36 EDT; 1min 43s ago
Docs: man:rsyslogd(8)
http://www.rsyslog.com/doc/
Main PID: 24237 (rsyslogd)
CGroup: /system.slice/rsyslog.service
+-24237 /usr/sbin/rsyslogd -n
Sep 15 10:15:36 HOSTNAME systemd[1]: Starting System Logging Service...
Sep 15 10:15:36 HOSTNAME rsyslogd[24237]: [origin software="rsyslogd"
swVersion="8.24.0-52.el7_8.2" x-pid="24237" x-info="http://www.rsyslog.com"]
start
*Sep 15 10:15:36 HOSTNAME rsyslogd[24237]: activation of module imptcp
failed [v8.24.0-52.el7_8.2 try http://www.rsyslog.com/e/2077
<http://www.rsyslog.com/e/2077> ]*Sep 15 10:15:36 HOSTNAME systemd[1]:
Started System Logging Service.
Although imptcp module is not activated, I see them in netstat:
[root@HOSTNAME rsyslog.d]# netstat -plan | grep -i rsyslog
tcp 0 0 0.0.0.0:8515 0.0.0.0:* LISTEN
23903/rsyslogd
tcp 0 0 0.0.0.0:8517 0.0.0.0:* LISTEN
23903/rsyslogd
tcp 0 0 0.0.0.0:8518 0.0.0.0:* LISTEN
23903/rsyslogd
tcp 0 0 0.0.0.0:8519 0.0.0.0:* LISTEN
23903/rsyslogd
tcp 0 0 0.0.0.0:8521 0.0.0.0:* LISTEN
23903/rsyslogd
tcp 0 0 0.0.0.0:8522 0.0.0.0:* LISTEN
23903/rsyslogd
tcp 0 0 0.0.0.0:9514 0.0.0.0:* LISTEN
23903/rsyslogd
tcp 0 0 0.0.0.0:9515 0.0.0.0:* LISTEN
23903/rsyslogd
udp 0 0 0.0.0.0:514 0.0.0.0:*
24237/rsyslogd
udp 0 0 0.0.0.0:514 0.0.0.0:*
23903/rsyslogd
unix 2 [ ] DGRAM 1003094 23903/rsyslogd
unix 2 [ ] DGRAM 1026522 24237/rsyslogd
[root@HOSTNAME rsyslog.d]#
Version is:
[root@HOSTNAME rsyslog.d]# rpm -qa | grep -i rsyslog
rsyslog-8.24.0-52.el7_8.2.x86_64
rsyslog-gnutls-8.24.0-52.el7_8.2.x86_64
[root@HOSTNAME rsyslog.d]#
Any help about why I am receiving the error about the imptcp module? What
is odd that exact same config in another server is working fine.
Thanks,
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
I am getting an error saying 'activation of module imptcp failed'. So far I
have not been able to pinpoint the problem. Here are the details:
[root@HOSTNAME rsyslog.d]# cat ../rsyslog.conf
# rsyslog configuration file
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see
http://www.rsyslog.com/doc/troubleshoot.html
#### MODULES ####
# The imjournal module bellow is now used as a message source instead of
imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via
logger command)
$ModLoad imjournal # provides access to the systemd journal
#$ModLoad imklog # reads kernel messages (the same are read from journald)
#$ModLoad immark # provides --MARK-- message capability
module(load="imptcp")
# Provides UDP syslog reception
$ModLoad imudp
#$UDPServerRun 514
# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
#### GLOBAL DIRECTIVES ####
# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# File syncing capability is disabled by default. This feature is usually
not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
# Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
$OmitLocalLogging on
# File to store the position in the journal
$IMJournalStateFile imjournal.state
#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg :omusrmsg:*
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###
This is a sample file in /etc/rsyslog.d directory:
[root@HOSTNAME rsyslog.d]# cat veeam.conf
input(type="imptcp" port="8518" ruleset="veeam")
ruleset(name="veeam"
queue.type="fixedArray"
queue.size="250000"
queue.dequeueBatchSize="4096"
queue.workerThreads="4"
queue.workerThreadMinimumMessages="60000"
) {
$FileOwner splunk
$FileGroup splunk
$DirOwner splunk
$DirGroup splunk
$DirCreateMode 0755
$FileCreateMode 0640
$Template
veeam-logs,"/opt/data/syslog/veeam/%HOSTNAME%/veeam_%$YEAR%-%$MONTH%-%$DAY%-%$HOUR%.log"
*.*-?veeam-logs
}
This is the error:
[root@HOSTNAME rsyslog.d]# systemctl status -l --no-pager rsyslog
? rsyslog.service - System Logging Service
Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor
preset: enabled)
Active: active (running) since Tue 2020-09-15 10:15:36 EDT; 1min 43s ago
Docs: man:rsyslogd(8)
http://www.rsyslog.com/doc/
Main PID: 24237 (rsyslogd)
CGroup: /system.slice/rsyslog.service
+-24237 /usr/sbin/rsyslogd -n
Sep 15 10:15:36 HOSTNAME systemd[1]: Starting System Logging Service...
Sep 15 10:15:36 HOSTNAME rsyslogd[24237]: [origin software="rsyslogd"
swVersion="8.24.0-52.el7_8.2" x-pid="24237" x-info="http://www.rsyslog.com"]
start
*Sep 15 10:15:36 HOSTNAME rsyslogd[24237]: activation of module imptcp
failed [v8.24.0-52.el7_8.2 try http://www.rsyslog.com/e/2077
<http://www.rsyslog.com/e/2077> ]*Sep 15 10:15:36 HOSTNAME systemd[1]:
Started System Logging Service.
Although imptcp module is not activated, I see them in netstat:
[root@HOSTNAME rsyslog.d]# netstat -plan | grep -i rsyslog
tcp 0 0 0.0.0.0:8515 0.0.0.0:* LISTEN
23903/rsyslogd
tcp 0 0 0.0.0.0:8517 0.0.0.0:* LISTEN
23903/rsyslogd
tcp 0 0 0.0.0.0:8518 0.0.0.0:* LISTEN
23903/rsyslogd
tcp 0 0 0.0.0.0:8519 0.0.0.0:* LISTEN
23903/rsyslogd
tcp 0 0 0.0.0.0:8521 0.0.0.0:* LISTEN
23903/rsyslogd
tcp 0 0 0.0.0.0:8522 0.0.0.0:* LISTEN
23903/rsyslogd
tcp 0 0 0.0.0.0:9514 0.0.0.0:* LISTEN
23903/rsyslogd
tcp 0 0 0.0.0.0:9515 0.0.0.0:* LISTEN
23903/rsyslogd
udp 0 0 0.0.0.0:514 0.0.0.0:*
24237/rsyslogd
udp 0 0 0.0.0.0:514 0.0.0.0:*
23903/rsyslogd
unix 2 [ ] DGRAM 1003094 23903/rsyslogd
unix 2 [ ] DGRAM 1026522 24237/rsyslogd
[root@HOSTNAME rsyslog.d]#
Version is:
[root@HOSTNAME rsyslog.d]# rpm -qa | grep -i rsyslog
rsyslog-8.24.0-52.el7_8.2.x86_64
rsyslog-gnutls-8.24.0-52.el7_8.2.x86_64
[root@HOSTNAME rsyslog.d]#
Any help about why I am receiving the error about the imptcp module? What
is odd that exact same config in another server is working fine.
Thanks,
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.