Hi,
I am new to rsyslogd. Have been reading the documentationand various info on the web to figure out the following and it is not quiteworking, so need your help please.
Switching from the older style busy-box syslogd to rsyslogdfor an Ubuntu 18.04 based container. The first goal is to send the/var/log/syslog (or /var/log/messages) file from the container to a hostserver. This worked with the old busybox syslogd on a very similar product andit is not working with the changes I tried for rsyslogd.
- The older busy-box syslogd used /var/log/messages for local logging, rsyslogd uses /var/log/syslog. How do I switch that back to messages?
- Tried adding an /etc/rsyslogd/remotelog.conf to configure the local logs to be sent to the remote host at 128.0.0.1:6333 (same IP and port as the busybox version on older product). It did not work. Tcpdump on receiving end for port 6333 does not show any packets being received also.
cmx:/etc/rsyslog.d #ls
50-default.conf remotelog.conf
cmx:/etc/rsyslog.d #cat remotelog.conf
# ### begin forwarding rule ###
# The statement between the begin ... end define aSINGLE forwarding
# rule. They belong together, do NOT split them. Ifyou create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If theremote host is
# down, messages are spooled to disk and sent when itis up again.
$WorkDirectory /var/lib/rsyslog # where to placespool files
$ActionQueueFileName fwdRule1 # unique name prefixfor spool files
$ActionQueueMaxDiskSpace 0.1g # 1gb spacelimit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to diskon shutdown
$ActionQueueType LinkedList # runasynchronously
$ActionResumeRetryCount -1 #infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514,port optional
*.* @@128.0.0.1:6333
# ### end of the forwarding rule ###
cmx:/etc/rsyslog.d #
- How to get log rotation setup in the same way as the older busybox syslog for rsyslogd? This was how it was done for busybox syslogs:
# /etc/init.d/syslog[.busybox] to set syslogconfiguration at start time.
DESTINATION="fileremote" # log destinations (bufferfile remote)
LOGFILE=/var/log/messages # where to log (file)
REMOTE=128.0.0.1:6333 # where to log (syslog remote)
REDUCE=no # reduce-size logging
DROPDUPLICATES=no # whether to drop duplicate log entries
ROTATESIZE=1000 # rotate log if grown beyond X [kByte]
ROTATEGENS=10 # keep X generations of rotated logs
BUFFERSIZE=64 # size of circular buffer [kByte]
FOREGROUND=no # run in foreground (don't use!)
#LOGLEVEL=5 # local log level (between 1 and 8)
The version of rsyslogd being used:
cmx:/etc #rsyslogd -v
rsyslogd 8.32.0, compiled with:
PLATFORM: x86_64-pc-linux-gnu
PLATFORM (lsb_release-d):
FEATURE_REGEXP: Yes
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slowcode): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
memory allocator: system default
Runtime Instrumentation (slow code): No
uuidsupport: Yes
systemdsupport: Yes
Number of Bits in RainerScript integers: 64
Regards,
Kaveh
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
I am new to rsyslogd. Have been reading the documentationand various info on the web to figure out the following and it is not quiteworking, so need your help please.
Switching from the older style busy-box syslogd to rsyslogdfor an Ubuntu 18.04 based container. The first goal is to send the/var/log/syslog (or /var/log/messages) file from the container to a hostserver. This worked with the old busybox syslogd on a very similar product andit is not working with the changes I tried for rsyslogd.
- The older busy-box syslogd used /var/log/messages for local logging, rsyslogd uses /var/log/syslog. How do I switch that back to messages?
- Tried adding an /etc/rsyslogd/remotelog.conf to configure the local logs to be sent to the remote host at 128.0.0.1:6333 (same IP and port as the busybox version on older product). It did not work. Tcpdump on receiving end for port 6333 does not show any packets being received also.
cmx:/etc/rsyslog.d #ls
50-default.conf remotelog.conf
cmx:/etc/rsyslog.d #cat remotelog.conf
# ### begin forwarding rule ###
# The statement between the begin ... end define aSINGLE forwarding
# rule. They belong together, do NOT split them. Ifyou create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If theremote host is
# down, messages are spooled to disk and sent when itis up again.
$WorkDirectory /var/lib/rsyslog # where to placespool files
$ActionQueueFileName fwdRule1 # unique name prefixfor spool files
$ActionQueueMaxDiskSpace 0.1g # 1gb spacelimit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to diskon shutdown
$ActionQueueType LinkedList # runasynchronously
$ActionResumeRetryCount -1 #infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514,port optional
*.* @@128.0.0.1:6333
# ### end of the forwarding rule ###
cmx:/etc/rsyslog.d #
- How to get log rotation setup in the same way as the older busybox syslog for rsyslogd? This was how it was done for busybox syslogs:
# /etc/init.d/syslog[.busybox] to set syslogconfiguration at start time.
DESTINATION="fileremote" # log destinations (bufferfile remote)
LOGFILE=/var/log/messages # where to log (file)
REMOTE=128.0.0.1:6333 # where to log (syslog remote)
REDUCE=no # reduce-size logging
DROPDUPLICATES=no # whether to drop duplicate log entries
ROTATESIZE=1000 # rotate log if grown beyond X [kByte]
ROTATEGENS=10 # keep X generations of rotated logs
BUFFERSIZE=64 # size of circular buffer [kByte]
FOREGROUND=no # run in foreground (don't use!)
#LOGLEVEL=5 # local log level (between 1 and 8)
The version of rsyslogd being used:
cmx:/etc #rsyslogd -v
rsyslogd 8.32.0, compiled with:
PLATFORM: x86_64-pc-linux-gnu
PLATFORM (lsb_release-d):
FEATURE_REGEXP: Yes
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slowcode): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
memory allocator: system default
Runtime Instrumentation (slow code): No
uuidsupport: Yes
systemdsupport: Yes
Number of Bits in RainerScript integers: 64
Regards,
Kaveh
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.