Mailing List Archive: debugging pmciscoios

Hi,

Following advice from this list, I've added the adiscom repository to the
rocky linux, installed rsyslog and rsyslog-pmciscoios and restarted rsyslog
service.

*[root@svpasr1logp01 rsyslog.d]# rpm -qi rsyslogName :
rsyslogVersion : 8.2310.0.masterRelease : 1694045281Architecture:
x86_64Install Date: Thu 07 Sep 2023 12:34:27 PM WESTGroup : System
Environment/DaemonsSize : 2664591License : (GPLv3+ and ASL
2.0)Signature : RSA/SHA256, Thu 07 Sep 2023 01:19:35 AM WEST, Key ID
6b11d5c78f67ef64Source RPM :
rsyslog-8.2310.0.master-1694045281.src.rpmBuild Date : Thu 07 Sep 2023
01:19:32 AM WESTBuild Host : cb116f7368f7Relocations : (not
relocatable)URL : http://www.rsyslog.com/
<http://www.rsyslog.com/>Summary : Enhanced system logging and kernel
message trapping daemonDescription :Rsyslog is an enhanced, multi-threaded
syslog daemon. It supports MySQL,syslog/TCP, RFC 3195, permitted sender
lists, filtering on any message part,and fine grain output format control.
It is compatible with stock sysklogdand can be used as a drop-in
replacement. Rsyslog is simple to set up, withadvanced features suitable
for enterprise-class, encryption-protected syslogrelay
chains.[root@svpasr1logp01 rsyslog.d]# rpm -qi rsyslog-pmciscoiosName
: rsyslog-pmciscoiosVersion : 8.2310.0.masterRelease :
1694045281Architecture: x86_64Install Date: Thu 07 Sep 2023 04:05:39 PM
WESTGroup : System Environment/DaemonsSize : 17000License
: (GPLv3+ and ASL 2.0)Signature : RSA/SHA256, Thu 07 Sep 2023 01:19:36 AM
WEST, Key ID 6b11d5c78f67ef64Source RPM :
rsyslog-8.2310.0.master-1694045281.src.rpmBuild Date : Thu 07 Sep 2023
01:19:32 AM WESTBuild Host : cb116f7368f7Relocations : (not
relocatable)URL : http://www.rsyslog.com/
<http://www.rsyslog.com/>Summary : pmciscoios supportDescription
:Parser module which supports various Cisco IOS formats.*

Then I've populated a file named switches.conf in /etc/rsyslog.d/ with the
following content:

*$template TmplAuth,
"/var/log/remote-syslog/testswitch1.log"#Modulesmodule(load="imtcp")module(load="pmciscoios")#Inputsinput(type="imtcp"
port="20514"
ruleset="rsyslogswitchs")#Parsersparser(name="custom.ciscoios.withOrigin"
type="pmciscoios"
present.origin="on")#Rulesruleset(name="rsyslogswitchs"
parser=["custom.ciscoios.withOrigin", "rsyslog.ciscoios"]){ *.*
action(type="omfile" DynaFile="TmplAuth"*

Unfortunately it's not possible to load this file/input:

*[root@svpasr1logp01 rsyslog.d]# rsyslogd -f /etc/rsyslog.conf -N3rsyslogd:
version 8.2310.0.master, config validation run (level 3), master config
/etc/rsyslog.confrsyslogd: module 'imtcp' already in this config, cannot be
added [v8.2310.0.master try https://www.rsyslog.com/e/2221
<https://www.rsyslog.com/e/2221> ]rsyslogd: error during parsing file
/etc/rsyslog.d/switches.conf, on or before line 19: invalid character '}'
in object definition - is there an invalid escape sequence somewhere?
[v8.2310.0.master try https://www.rsyslog.com/e/2207
<https://www.rsyslog.com/e/2207> ]rsyslogd: error during parsing file
/etc/rsyslog.conf, on or before line 40: invalid character '$' in object
definition - is there an invalid escape sequence somewhere?
[v8.2310.0.master try https://www.rsyslog.com/e/2207
<https://www.rsyslog.com/e/2207> ]rsyslogd: error during parsing file
/etc/rsyslog.conf, on or before line 40: syntax error on token 'on'
[v8.2310.0.master try https://www.rsyslog.com/e/2207
<https://www.rsyslog.com/e/2207> ]rsyslogd: could not interpret master
config file '/etc/rsyslog.conf'. [v8.2310.0.master try
https://www.rsyslog.com/e/2207 <https://www.rsyslog.com/e/2207> ]rsyslogd:
imtcp: ruleset 'rsyslogswitchs' for port 20514 not found - using default
ruleset instead [v8.2310.0.master]*

If the new file is removed, rsyslog is able to start without this warnings,
so I presume the error may lie in the added configuration.

Any help would be appreciated.

Best,
Pedro
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

you can load modules only once. If you need a new input, just use the
"input" object.

I cannot read your config snippet correctly (it's garbled by your mail
client, maybe due to html mail). But it looks like it is invalid.

Rainer

El jue, 7 sept 2023 a las 17:44, Pedro Caetano via rsyslog
(<rsyslog@lists.adiscon.com>) escribió:
>
> Hi,
>
> Following advice from this list, I've added the adiscom repository to the
> rocky linux, installed rsyslog and rsyslog-pmciscoios and restarted rsyslog
> service.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *[root@svpasr1logp01 rsyslog.d]# rpm -qi rsyslogName :
> rsyslogVersion : 8.2310.0.masterRelease : 1694045281Architecture:
> x86_64Install Date: Thu 07 Sep 2023 12:34:27 PM WESTGroup : System
> Environment/DaemonsSize : 2664591License : (GPLv3+ and ASL
> 2.0)Signature : RSA/SHA256, Thu 07 Sep 2023 01:19:35 AM WEST, Key ID
> 6b11d5c78f67ef64Source RPM :
> rsyslog-8.2310.0.master-1694045281.src.rpmBuild Date : Thu 07 Sep 2023
> 01:19:32 AM WESTBuild Host : cb116f7368f7Relocations : (not
> relocatable)URL : http://www.rsyslog.com/
> <http://www.rsyslog.com/>Summary : Enhanced system logging and kernel
> message trapping daemonDescription :Rsyslog is an enhanced, multi-threaded
> syslog daemon. It supports MySQL,syslog/TCP, RFC 3195, permitted sender
> lists, filtering on any message part,and fine grain output format control.
> It is compatible with stock sysklogdand can be used as a drop-in
> replacement. Rsyslog is simple to set up, withadvanced features suitable
> for enterprise-class, encryption-protected syslogrelay
> chains.[root@svpasr1logp01 rsyslog.d]# rpm -qi rsyslog-pmciscoiosName
> : rsyslog-pmciscoiosVersion : 8.2310.0.masterRelease :
> 1694045281Architecture: x86_64Install Date: Thu 07 Sep 2023 04:05:39 PM
> WESTGroup : System Environment/DaemonsSize : 17000License
> : (GPLv3+ and ASL 2.0)Signature : RSA/SHA256, Thu 07 Sep 2023 01:19:36 AM
> WEST, Key ID 6b11d5c78f67ef64Source RPM :
> rsyslog-8.2310.0.master-1694045281.src.rpmBuild Date : Thu 07 Sep 2023
> 01:19:32 AM WESTBuild Host : cb116f7368f7Relocations : (not
> relocatable)URL : http://www.rsyslog.com/
> <http://www.rsyslog.com/>Summary : pmciscoios supportDescription
> :Parser module which supports various Cisco IOS formats.*
>
>
> Then I've populated a file named switches.conf in /etc/rsyslog.d/ with the
> following content:
>
>
>
>
>
>
>
>
>
>
>
>
>
> *$template TmplAuth,
> "/var/log/remote-syslog/testswitch1.log"#Modulesmodule(load="imtcp")module(load="pmciscoios")#Inputsinput(type="imtcp"
> port="20514"
> ruleset="rsyslogswitchs")#Parsersparser(name="custom.ciscoios.withOrigin"
> type="pmciscoios"
> present.origin="on")#Rulesruleset(name="rsyslogswitchs"
> parser=["custom.ciscoios.withOrigin", "rsyslog.ciscoios"]){ *.*
> action(type="omfile" DynaFile="TmplAuth"*
>
> Unfortunately it's not possible to load this file/input:
>
>
>
>
>
>
>
> *[root@svpasr1logp01 rsyslog.d]# rsyslogd -f /etc/rsyslog.conf -N3rsyslogd:
> version 8.2310.0.master, config validation run (level 3), master config
> /etc/rsyslog.confrsyslogd: module 'imtcp' already in this config, cannot be
> added [v8.2310.0.master try https://www.rsyslog.com/e/2221
> <https://www.rsyslog.com/e/2221> ]rsyslogd: error during parsing file
> /etc/rsyslog.d/switches.conf, on or before line 19: invalid character '}'
> in object definition - is there an invalid escape sequence somewhere?
> [v8.2310.0.master try https://www.rsyslog.com/e/2207
> <https://www.rsyslog.com/e/2207> ]rsyslogd: error during parsing file
> /etc/rsyslog.conf, on or before line 40: invalid character '$' in object
> definition - is there an invalid escape sequence somewhere?
> [v8.2310.0.master try https://www.rsyslog.com/e/2207
> <https://www.rsyslog.com/e/2207> ]rsyslogd: error during parsing file
> /etc/rsyslog.conf, on or before line 40: syntax error on token 'on'
> [v8.2310.0.master try https://www.rsyslog.com/e/2207
> <https://www.rsyslog.com/e/2207> ]rsyslogd: could not interpret master
> config file '/etc/rsyslog.conf'. [v8.2310.0.master try
> https://www.rsyslog.com/e/2207 <https://www.rsyslog.com/e/2207> ]rsyslogd:
> imtcp: ruleset 'rsyslogswitchs' for port 20514 not found - using default
> ruleset instead [v8.2310.0.master]*
>
> If the new file is removed, rsyslog is able to start without this warnings,
> so I presume the error may lie in the added configuration.
>
> Any help would be appreciated.
>
> Best,
> Pedro
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.