Hi,
Following advice from this list, I've added the adiscom repository to the
rocky linux, installed rsyslog and rsyslog-pmciscoios and restarted rsyslog
service.
*[root@svpasr1logp01 rsyslog.d]# rpm -qi rsyslogName :
rsyslogVersion : 8.2310.0.masterRelease : 1694045281Architecture:
x86_64Install Date: Thu 07 Sep 2023 12:34:27 PM WESTGroup : System
Environment/DaemonsSize : 2664591License : (GPLv3+ and ASL
2.0)Signature : RSA/SHA256, Thu 07 Sep 2023 01:19:35 AM WEST, Key ID
6b11d5c78f67ef64Source RPM :
rsyslog-8.2310.0.master-1694045281.src.rpmBuild Date : Thu 07 Sep 2023
01:19:32 AM WESTBuild Host : cb116f7368f7Relocations : (not
relocatable)URL : http://www.rsyslog.com/
<http://www.rsyslog.com/>Summary : Enhanced system logging and kernel
message trapping daemonDescription :Rsyslog is an enhanced, multi-threaded
syslog daemon. It supports MySQL,syslog/TCP, RFC 3195, permitted sender
lists, filtering on any message part,and fine grain output format control.
It is compatible with stock sysklogdand can be used as a drop-in
replacement. Rsyslog is simple to set up, withadvanced features suitable
for enterprise-class, encryption-protected syslogrelay
chains.[root@svpasr1logp01 rsyslog.d]# rpm -qi rsyslog-pmciscoiosName
: rsyslog-pmciscoiosVersion : 8.2310.0.masterRelease :
1694045281Architecture: x86_64Install Date: Thu 07 Sep 2023 04:05:39 PM
WESTGroup : System Environment/DaemonsSize : 17000License
: (GPLv3+ and ASL 2.0)Signature : RSA/SHA256, Thu 07 Sep 2023 01:19:36 AM
WEST, Key ID 6b11d5c78f67ef64Source RPM :
rsyslog-8.2310.0.master-1694045281.src.rpmBuild Date : Thu 07 Sep 2023
01:19:32 AM WESTBuild Host : cb116f7368f7Relocations : (not
relocatable)URL : http://www.rsyslog.com/
<http://www.rsyslog.com/>Summary : pmciscoios supportDescription
:Parser module which supports various Cisco IOS formats.*
Then I've populated a file named switches.conf in /etc/rsyslog.d/ with the
following content:
*$template TmplAuth,
"/var/log/remote-syslog/testswitch1.log"#Modulesmodule(load="imtcp")module(load="pmciscoios")#Inputsinput(type="imtcp"
port="20514"
ruleset="rsyslogswitchs")#Parsersparser(name="custom.ciscoios.withOrigin"
type="pmciscoios"
present.origin="on")#Rulesruleset(name="rsyslogswitchs"
parser=["custom.ciscoios.withOrigin", "rsyslog.ciscoios"]){ *.*
action(type="omfile" DynaFile="TmplAuth"*
Unfortunately it's not possible to load this file/input:
*[root@svpasr1logp01 rsyslog.d]# rsyslogd -f /etc/rsyslog.conf -N3rsyslogd:
version 8.2310.0.master, config validation run (level 3), master config
/etc/rsyslog.confrsyslogd: module 'imtcp' already in this config, cannot be
added [v8.2310.0.master try https://www.rsyslog.com/e/2221
<https://www.rsyslog.com/e/2221> ]rsyslogd: error during parsing file
/etc/rsyslog.d/switches.conf, on or before line 19: invalid character '}'
in object definition - is there an invalid escape sequence somewhere?
[v8.2310.0.master try https://www.rsyslog.com/e/2207
<https://www.rsyslog.com/e/2207> ]rsyslogd: error during parsing file
/etc/rsyslog.conf, on or before line 40: invalid character '$' in object
definition - is there an invalid escape sequence somewhere?
[v8.2310.0.master try https://www.rsyslog.com/e/2207
<https://www.rsyslog.com/e/2207> ]rsyslogd: error during parsing file
/etc/rsyslog.conf, on or before line 40: syntax error on token 'on'
[v8.2310.0.master try https://www.rsyslog.com/e/2207
<https://www.rsyslog.com/e/2207> ]rsyslogd: could not interpret master
config file '/etc/rsyslog.conf'. [v8.2310.0.master try
https://www.rsyslog.com/e/2207 <https://www.rsyslog.com/e/2207> ]rsyslogd:
imtcp: ruleset 'rsyslogswitchs' for port 20514 not found - using default
ruleset instead [v8.2310.0.master]*
If the new file is removed, rsyslog is able to start without this warnings,
so I presume the error may lie in the added configuration.
Any help would be appreciated.
Best,
Pedro
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Following advice from this list, I've added the adiscom repository to the
rocky linux, installed rsyslog and rsyslog-pmciscoios and restarted rsyslog
service.
*[root@svpasr1logp01 rsyslog.d]# rpm -qi rsyslogName :
rsyslogVersion : 8.2310.0.masterRelease : 1694045281Architecture:
x86_64Install Date: Thu 07 Sep 2023 12:34:27 PM WESTGroup : System
Environment/DaemonsSize : 2664591License : (GPLv3+ and ASL
2.0)Signature : RSA/SHA256, Thu 07 Sep 2023 01:19:35 AM WEST, Key ID
6b11d5c78f67ef64Source RPM :
rsyslog-8.2310.0.master-1694045281.src.rpmBuild Date : Thu 07 Sep 2023
01:19:32 AM WESTBuild Host : cb116f7368f7Relocations : (not
relocatable)URL : http://www.rsyslog.com/
<http://www.rsyslog.com/>Summary : Enhanced system logging and kernel
message trapping daemonDescription :Rsyslog is an enhanced, multi-threaded
syslog daemon. It supports MySQL,syslog/TCP, RFC 3195, permitted sender
lists, filtering on any message part,and fine grain output format control.
It is compatible with stock sysklogdand can be used as a drop-in
replacement. Rsyslog is simple to set up, withadvanced features suitable
for enterprise-class, encryption-protected syslogrelay
chains.[root@svpasr1logp01 rsyslog.d]# rpm -qi rsyslog-pmciscoiosName
: rsyslog-pmciscoiosVersion : 8.2310.0.masterRelease :
1694045281Architecture: x86_64Install Date: Thu 07 Sep 2023 04:05:39 PM
WESTGroup : System Environment/DaemonsSize : 17000License
: (GPLv3+ and ASL 2.0)Signature : RSA/SHA256, Thu 07 Sep 2023 01:19:36 AM
WEST, Key ID 6b11d5c78f67ef64Source RPM :
rsyslog-8.2310.0.master-1694045281.src.rpmBuild Date : Thu 07 Sep 2023
01:19:32 AM WESTBuild Host : cb116f7368f7Relocations : (not
relocatable)URL : http://www.rsyslog.com/
<http://www.rsyslog.com/>Summary : pmciscoios supportDescription
:Parser module which supports various Cisco IOS formats.*
Then I've populated a file named switches.conf in /etc/rsyslog.d/ with the
following content:
*$template TmplAuth,
"/var/log/remote-syslog/testswitch1.log"#Modulesmodule(load="imtcp")module(load="pmciscoios")#Inputsinput(type="imtcp"
port="20514"
ruleset="rsyslogswitchs")#Parsersparser(name="custom.ciscoios.withOrigin"
type="pmciscoios"
present.origin="on")#Rulesruleset(name="rsyslogswitchs"
parser=["custom.ciscoios.withOrigin", "rsyslog.ciscoios"]){ *.*
action(type="omfile" DynaFile="TmplAuth"*
Unfortunately it's not possible to load this file/input:
*[root@svpasr1logp01 rsyslog.d]# rsyslogd -f /etc/rsyslog.conf -N3rsyslogd:
version 8.2310.0.master, config validation run (level 3), master config
/etc/rsyslog.confrsyslogd: module 'imtcp' already in this config, cannot be
added [v8.2310.0.master try https://www.rsyslog.com/e/2221
<https://www.rsyslog.com/e/2221> ]rsyslogd: error during parsing file
/etc/rsyslog.d/switches.conf, on or before line 19: invalid character '}'
in object definition - is there an invalid escape sequence somewhere?
[v8.2310.0.master try https://www.rsyslog.com/e/2207
<https://www.rsyslog.com/e/2207> ]rsyslogd: error during parsing file
/etc/rsyslog.conf, on or before line 40: invalid character '$' in object
definition - is there an invalid escape sequence somewhere?
[v8.2310.0.master try https://www.rsyslog.com/e/2207
<https://www.rsyslog.com/e/2207> ]rsyslogd: error during parsing file
/etc/rsyslog.conf, on or before line 40: syntax error on token 'on'
[v8.2310.0.master try https://www.rsyslog.com/e/2207
<https://www.rsyslog.com/e/2207> ]rsyslogd: could not interpret master
config file '/etc/rsyslog.conf'. [v8.2310.0.master try
https://www.rsyslog.com/e/2207 <https://www.rsyslog.com/e/2207> ]rsyslogd:
imtcp: ruleset 'rsyslogswitchs' for port 20514 not found - using default
ruleset instead [v8.2310.0.master]*
If the new file is removed, rsyslog is able to start without this warnings,
so I presume the error may lie in the added configuration.
Any help would be appreciated.
Best,
Pedro
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.