Mailing List Archive

typically when this sort of thing happens, it's because of an error earlier in
the ruleset, mismatched quotes or braces, run rsyslogd -N1 and look at the
location of the first error and the lines just before that.

rulesets are supported, rsyslog is VERY careful to maintain backwards
compatibility, and the few times when we've broken it, it's only been after a
long discussion of how we can't fix the security bug any other way. There are
other things that have been filed as bugs that the reaction boils down to "you
are right, that would be a better way, but we can't change now without breaking
compatibility, so it needs to stay the way it is"

David Lang

On Sat, 27 Aug 2022, Ben Hart via rsyslog wrote:

> Date: Sat, 27 Aug 2022 21:25:49 +0000
> From: Ben Hart via rsyslog <rsyslog@lists.adiscon.com>
> To: "rsyslog@lists.adiscon.com" <rsyslog@lists.adiscon.com>
> Cc: Ben Hart <ben.hart@jamf.com>
> Subject: [rsyslog] Rule sets and version 8.2112
>
>
> ? Hello all! So I’m building a syslog server on Ubuntu 22 LTS and the repos contain rsyslog version 8.2112. Ive built some rulesets in a custom rsyslog.d file, except I get errors regarding the input listeners at the bottom. Specifically ‘port’ and ‘rule set’.
> Input module name ‘imudp’ is unknown.
> Parameter ‘ruleset’ is unknown
> Parameter ‘Port’ is unknown
>
> The conf is here:
>
> https://paste.ubuntu.com/p/cHYZzhh8Gy/plain/
>
> But when I look at the docs for this version, it says rulesets are supported and all examples look like what I have used.
> If I need to upgrade to the latest I can but I’d really like to know what the correct syntax is for this version.
>
> Thanks!
>
> Sent from my iPhone
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

Thanks David, I was unaware of the -N1 switch.

So that did lead me to find a missing ‘s’ on one of the rulesets for queue.workerThreadMinimumMessages

Along with a couple other, smaller issues. Thanks!

From: David Lang <david@lang.hm>
Date: Saturday, August 27, 2022 at 7:24 PM
To: Ben Hart via rsyslog <rsyslog@lists.adiscon.com>
Cc: Ben Hart <ben.hart@jamf.com>
Subject: Re: [rsyslog] Rule sets and version 8.2112
typically when this sort of thing happens, it's because of an error earlier in
the ruleset, mismatched quotes or braces, run rsyslogd -N1 and look at the
location of the first error and the lines just before that.

rulesets are supported, rsyslog is VERY careful to maintain backwards
compatibility, and the few times when we've broken it, it's only been after a
long discussion of how we can't fix the security bug any other way. There are
other things that have been filed as bugs that the reaction boils down to "you
are right, that would be a better way, but we can't change now without breaking
compatibility, so it needs to stay the way it is"

David Lang

On Sat, 27 Aug 2022, Ben Hart via rsyslog wrote:

> Date: Sat, 27 Aug 2022 21:25:49 +0000
> From: Ben Hart via rsyslog <rsyslog@lists.adiscon.com>
> To: "rsyslog@lists.adiscon.com" <rsyslog@lists.adiscon.com>
> Cc: Ben Hart <ben.hart@jamf.com>
> Subject: [rsyslog] Rule sets and version 8.2112
>
>
> ? Hello all! So I’m building a syslog server on Ubuntu 22 LTS and the repos contain rsyslog version 8.2112. Ive built some rulesets in a custom rsyslog.d file, except I get errors regarding the input listeners at the bottom. Specifically ‘port’ and ‘rule set’.
> Input module name ‘imudp’ is unknown.
> Parameter ‘ruleset’ is unknown
> Parameter ‘Port’ is unknown
>
> The conf is here:
>
> https://paste.ubuntu.com/p/cHYZzhh8Gy/plain/
>
> But when I look at the docs for this version, it says rulesets are supported and all examples look like what I have used.
> If I need to upgrade to the latest I can but I’d really like to know what the correct syntax is for this version.
>
> Thanks!
>
> Sent from my iPhone
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.