Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. RSyslog>
  3. users
Help with Ommail Configuration
Kevin.Goutos at budget
Jul 24, 2008, 12:50 PM
Post #1 of 4 (1340 views)
Permalink
Hello all,

First off, I am not very Linux savvy. I don't have a lot of experience
other then a basic course. This is probably way past my knowledge, but I
really need to get it done. Appreciate any help you guys have to offer.

I am working on a Red Hat Enterprise 4 box and I am running the latest
edition of rsyslog. I currently have rsyslog configured to receive
messages remotely via UDP. I am trying to set it up so that it will send
out E-mail messages to the system Admin's based on the severity level of
the log files I am receiving. I would like it so that any device that
sends a log with a critical, alert, or emergency level facility will
send out an e-mail to a specific address.

Here is my rsyslog.conf file. I used the sample code from Rainer
Gerhards configuration page. I tried sending a test syslog with 'hard
disk fatal failure' in it, but it is not sending out mail. Also tried
without the templates below thinking it would just send me an email for
every syslog that I received, but it doesn't appear to be sending mail.
Any thoughts on what I am doing wrong. I'm sure there is a lot I need to
do, so please let me know. Thanks!

$template mailSubject,"disk problem on %hostname%"
$template mailBody,"RSYSLOG Alert\r\nmsg='%msg%'"'

I edited out the 3 lines below in the code for security reasons..
$ActionMailSMTPServer <ip of smtp server>
$ActionMailFrom <from address>
$ActionMailTo <my email>



Here is my code from rsyslog.conf below.



# if you experience problems, check
# http://www.rsyslog.com/troubleshoot for assistance

# rsyslog v3: load input modules
# If you do not load inputs, nothing happens!
# You may need to set the module load path if modules are not found.

$ModLoad immark.so # provides --MARK-- message capability
$ModLoad imuxsock.so # provides support for local system logging (e.g.
via logger command)
$ModLoad imklog.so # kernel logging (formerly provided by rklogd)
$ModLoad ommail

$template TraditionalFormatWithPRI,"%PRI-text%: %timegenerated%
%HOSTNAME% %syslogtag%%msg:::drop-last-lf%\n"

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none
-/var/log/messages

# The authpriv file has restricted access.
authpriv.* /var/log/secure

# Log all the mail messages in one place.
mail.*
-/var/log/maillog

# Log cron stuff
cron.* -/var/log/cron

# Everybody gets emergency messages
*.emerg *

# Save news errors of level crit and higher in a special file.
uucp,news.crit
-/var/log/spooler

# Save boot messages also to boot.log
local7.*
/var/log/boot.log

#Catch all incoming syslog messages
*.*
/var/log/catchall;TraditionalFormatWithPRI

# Remote Logging (we use TCP for reliable delivery)
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
$WorkDirectory /rsyslog/spool # where to place spool files
$ActionQueueFileName uniqName # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as
possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList # run asynchronously
$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
*.* @10.57.106.140:514

$ModLoad ommail
$ActionMailSMTPServer <ip of smtp server>
$ActionMailFrom <from address>
$ActionMailTo <my email>
$template mailSubject,"disk problem on %hostname%"
$template mailBody,"RSYSLOG Alert\r\nmsg='%msg%'"
$ActionMailSubject mailSubject
# make sure we receive a mail only once in six
# hours (21,600 seconds ;))
$ActionExecOnlyOnceEveryInterval 21600
# the if ... then ... mailBody mus be on one line!
if $msg contains 'hard disk fatal failure' then :ommail:;mailBody


# ######### Receiving Messages from Remote Hosts ##########
# TCP Syslog Server:
# provides TCP syslog reception and GSS-API (if compiled to support it)
$ModLoad imtcp.so # load module
$InputTCPServerRun 514 # start up TCP listener at port 514

# UDP Syslog Server:
$ModLoad imudp.so # provides UDP syslog reception
$UDPServerRun 514 # start a UDP syslog server at standard port
--------------------------------------------------------
This e-mail, including any attachments, may be confidential, privileged or otherwise legally protected. If you have received this e-mail in error, or from someone who was not authorized to send it to you, do not disseminate, copy or otherwise use this e-mail or its attachments. Please notify the sender immediately if you have received this e-mail by mistake, and delete it from your system.
Help with Ommail Configuration [ In reply to ]
hks.private at gmail
Jul 24, 2008, 2:01 PM
Post #2 of 4 (1315 views)
Permalink
A few things to try:

- You load ommail.so twice, once at the top and once right above your
$ActionMail... lines. I don't think this will break it, but it's
unnecessary - delete the second one.

- $ActionExecOnlyOnceEveryInterval 21600 means that it's only going
to attempt sending a message once every 6 hours. For testing purposes,
this will be obnoxious. Until you're ready for production, change it
to:
$ActionExecOnlyOnceEveryInterval 30

- Send everything to make sure you're not missing it based on
something in the property-replacer/templates/whatever. Replace "if
$msg contains 'hard disk fatal failure' then :ommail:;mailBody" with:
*.* :ommail:;mailBody

Try again. Try logging a few messages from the localhost first (with
RHEL you can just run "logger test" to log a user.notice message with
content "test") and see if you get them.

If you don't, check the mail logs on your mail server to see if it
ever received the message. If not, it's time to break out tcpdump and
see if the packets are ever being generated.

Hope that helps.

-HKS



On Thu, Jul 24, 2008 at 3:50 PM, Goutos, Kevin (DOB)
<Kevin.Goutos at budget.state.ny.us> wrote:
> Hello all,
>
> First off, I am not very Linux savvy. I don't have a lot of experience
> other then a basic course. This is probably way past my knowledge, but I
> really need to get it done. Appreciate any help you guys have to offer.
>
> I am working on a Red Hat Enterprise 4 box and I am running the latest
> edition of rsyslog. I currently have rsyslog configured to receive
> messages remotely via UDP. I am trying to set it up so that it will send
> out E-mail messages to the system Admin's based on the severity level of
> the log files I am receiving. I would like it so that any device that
> sends a log with a critical, alert, or emergency level facility will
> send out an e-mail to a specific address.
>
> Here is my rsyslog.conf file. I used the sample code from Rainer
> Gerhards configuration page. I tried sending a test syslog with 'hard
> disk fatal failure' in it, but it is not sending out mail. Also tried
> without the templates below thinking it would just send me an email for
> every syslog that I received, but it doesn't appear to be sending mail.
> Any thoughts on what I am doing wrong. I'm sure there is a lot I need to
> do, so please let me know. Thanks!
>
> $template mailSubject,"disk problem on %hostname%"
> $template mailBody,"RSYSLOG Alert\r\nmsg='%msg%'"'
>
> I edited out the 3 lines below in the code for security reasons..
> $ActionMailSMTPServer <ip of smtp server>
> $ActionMailFrom <from address>
> $ActionMailTo <my email>
>
>
>
> Here is my code from rsyslog.conf below.
>
>
>
> # if you experience problems, check
> # http://www.rsyslog.com/troubleshoot for assistance
>
> # rsyslog v3: load input modules
> # If you do not load inputs, nothing happens!
> # You may need to set the module load path if modules are not found.
>
> $ModLoad immark.so # provides --MARK-- message capability
> $ModLoad imuxsock.so # provides support for local system logging (e.g.
> via logger command)
> $ModLoad imklog.so # kernel logging (formerly provided by rklogd)
> $ModLoad ommail
>
> $template TraditionalFormatWithPRI,"%PRI-text%: %timegenerated%
> %HOSTNAME% %syslogtag%%msg:::drop-last-lf%\n"
>
> # Log all kernel messages to the console.
> # Logging much else clutters up the screen.
> #kern.* /dev/console
>
> # Log anything (except mail) of level info or higher.
> # Don't log private authentication messages!
> *.info;mail.none;authpriv.none;cron.none
> -/var/log/messages
>
> # The authpriv file has restricted access.
> authpriv.* /var/log/secure
>
> # Log all the mail messages in one place.
> mail.*
> -/var/log/maillog
>
> # Log cron stuff
> cron.* -/var/log/cron
>
> # Everybody gets emergency messages
> *.emerg *
>
> # Save news errors of level crit and higher in a special file.
> uucp,news.crit
> -/var/log/spooler
>
> # Save boot messages also to boot.log
> local7.*
> /var/log/boot.log
>
> #Catch all incoming syslog messages
> *.*
> /var/log/catchall;TraditionalFormatWithPRI
>
> # Remote Logging (we use TCP for reliable delivery)
> # An on-disk queue is created for this action. If the remote host is
> # down, messages are spooled to disk and sent when it is up again.
> $WorkDirectory /rsyslog/spool # where to place spool files
> $ActionQueueFileName uniqName # unique name prefix for spool files
> $ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as
> possible)
> $ActionQueueSaveOnShutdown on # save messages to disk on shutdown
> $ActionQueueType LinkedList # run asynchronously
> $ActionResumeRetryCount -1 # infinite retries if host is down
> # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
> *.* @10.57.106.140:514
>
> $ModLoad ommail
> $ActionMailSMTPServer <ip of smtp server>
> $ActionMailFrom <from address>
> $ActionMailTo <my email>
> $template mailSubject,"disk problem on %hostname%"
> $template mailBody,"RSYSLOG Alert\r\nmsg='%msg%'"
> $ActionMailSubject mailSubject
> # make sure we receive a mail only once in six
> # hours (21,600 seconds ;))
> $ActionExecOnlyOnceEveryInterval 21600
> # the if ... then ... mailBody mus be on one line!
> if $msg contains 'hard disk fatal failure' then :ommail:;mailBody
>
>
> # ######### Receiving Messages from Remote Hosts ##########
> # TCP Syslog Server:
> # provides TCP syslog reception and GSS-API (if compiled to support it)
> $ModLoad imtcp.so # load module
> $InputTCPServerRun 514 # start up TCP listener at port 514
>
> # UDP Syslog Server:
> $ModLoad imudp.so # provides UDP syslog reception
> $UDPServerRun 514 # start a UDP syslog server at standard port
> --------------------------------------------------------
> This e-mail, including any attachments, may be confidential, privileged or otherwise legally protected. If you have received this e-mail in error, or from someone who was not authorized to send it to you, do not disseminate, copy or otherwise use this e-mail or its attachments. Please notify the sender immediately if you have received this e-mail by mistake, and delete it from your system.
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
>
Help with Ommail Configuration [ In reply to ]
hks.private at gmail
Jul 24, 2008, 2:35 PM
Post #3 of 4 (1320 views)
Permalink
Oh - one other possibility. rsyslogd has to have mail enabled at
compile time to work with it at runtime. check your catchall logfile -
if it has messages like this, you didn't compile it in:

rsyslogd: could not load module '/usr/local/lib/rsyslog/ommail.so',
dlopen: /usr/local/lib/rsyslog/ommail.so: cannot open shared object
file: No such file or directory

To fix this, you'll need to reinstall. This time, when you run
./configure be sure to include --enable-mail. make install clean and
you should be good to go...

-HKS

On Thu, Jul 24, 2008 at 5:01 PM, (private) HKS <hks.private at gmail.com> wrote:
> A few things to try:
>
> - You load ommail.so twice, once at the top and once right above your
> $ActionMail... lines. I don't think this will break it, but it's
> unnecessary - delete the second one.
>
> - $ActionExecOnlyOnceEveryInterval 21600 means that it's only going
> to attempt sending a message once every 6 hours. For testing purposes,
> this will be obnoxious. Until you're ready for production, change it
> to:
> $ActionExecOnlyOnceEveryInterval 30
>
> - Send everything to make sure you're not missing it based on
> something in the property-replacer/templates/whatever. Replace "if
> $msg contains 'hard disk fatal failure' then :ommail:;mailBody" with:
> *.* :ommail:;mailBody
>
> Try again. Try logging a few messages from the localhost first (with
> RHEL you can just run "logger test" to log a user.notice message with
> content "test") and see if you get them.
>
> If you don't, check the mail logs on your mail server to see if it
> ever received the message. If not, it's time to break out tcpdump and
> see if the packets are ever being generated.
>
> Hope that helps.
>
> -HKS
>
>
>
> On Thu, Jul 24, 2008 at 3:50 PM, Goutos, Kevin (DOB)
> <Kevin.Goutos at budget.state.ny.us> wrote:
>> Hello all,
>>
>> First off, I am not very Linux savvy. I don't have a lot of experience
>> other then a basic course. This is probably way past my knowledge, but I
>> really need to get it done. Appreciate any help you guys have to offer.
>>
>> I am working on a Red Hat Enterprise 4 box and I am running the latest
>> edition of rsyslog. I currently have rsyslog configured to receive
>> messages remotely via UDP. I am trying to set it up so that it will send
>> out E-mail messages to the system Admin's based on the severity level of
>> the log files I am receiving. I would like it so that any device that
>> sends a log with a critical, alert, or emergency level facility will
>> send out an e-mail to a specific address.
>>
>> Here is my rsyslog.conf file. I used the sample code from Rainer
>> Gerhards configuration page. I tried sending a test syslog with 'hard
>> disk fatal failure' in it, but it is not sending out mail. Also tried
>> without the templates below thinking it would just send me an email for
>> every syslog that I received, but it doesn't appear to be sending mail.
>> Any thoughts on what I am doing wrong. I'm sure there is a lot I need to
>> do, so please let me know. Thanks!
>>
>> $template mailSubject,"disk problem on %hostname%"
>> $template mailBody,"RSYSLOG Alert\r\nmsg='%msg%'"'
>>
>> I edited out the 3 lines below in the code for security reasons..
>> $ActionMailSMTPServer <ip of smtp server>
>> $ActionMailFrom <from address>
>> $ActionMailTo <my email>
>>
>>
>>
>> Here is my code from rsyslog.conf below.
>>
>>
>>
>> # if you experience problems, check
>> # http://www.rsyslog.com/troubleshoot for assistance
>>
>> # rsyslog v3: load input modules
>> # If you do not load inputs, nothing happens!
>> # You may need to set the module load path if modules are not found.
>>
>> $ModLoad immark.so # provides --MARK-- message capability
>> $ModLoad imuxsock.so # provides support for local system logging (e.g.
>> via logger command)
>> $ModLoad imklog.so # kernel logging (formerly provided by rklogd)
>> $ModLoad ommail
>>
>> $template TraditionalFormatWithPRI,"%PRI-text%: %timegenerated%
>> %HOSTNAME% %syslogtag%%msg:::drop-last-lf%\n"
>>
>> # Log all kernel messages to the console.
>> # Logging much else clutters up the screen.
>> #kern.* /dev/console
>>
>> # Log anything (except mail) of level info or higher.
>> # Don't log private authentication messages!
>> *.info;mail.none;authpriv.none;cron.none
>> -/var/log/messages
>>
>> # The authpriv file has restricted access.
>> authpriv.* /var/log/secure
>>
>> # Log all the mail messages in one place.
>> mail.*
>> -/var/log/maillog
>>
>> # Log cron stuff
>> cron.* -/var/log/cron
>>
>> # Everybody gets emergency messages
>> *.emerg *
>>
>> # Save news errors of level crit and higher in a special file.
>> uucp,news.crit
>> -/var/log/spooler
>>
>> # Save boot messages also to boot.log
>> local7.*
>> /var/log/boot.log
>>
>> #Catch all incoming syslog messages
>> *.*
>> /var/log/catchall;TraditionalFormatWithPRI
>>
>> # Remote Logging (we use TCP for reliable delivery)
>> # An on-disk queue is created for this action. If the remote host is
>> # down, messages are spooled to disk and sent when it is up again.
>> $WorkDirectory /rsyslog/spool # where to place spool files
>> $ActionQueueFileName uniqName # unique name prefix for spool files
>> $ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as
>> possible)
>> $ActionQueueSaveOnShutdown on # save messages to disk on shutdown
>> $ActionQueueType LinkedList # run asynchronously
>> $ActionResumeRetryCount -1 # infinite retries if host is down
>> # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
>> *.* @10.57.106.140:514
>>
>> $ModLoad ommail
>> $ActionMailSMTPServer <ip of smtp server>
>> $ActionMailFrom <from address>
>> $ActionMailTo <my email>
>> $template mailSubject,"disk problem on %hostname%"
>> $template mailBody,"RSYSLOG Alert\r\nmsg='%msg%'"
>> $ActionMailSubject mailSubject
>> # make sure we receive a mail only once in six
>> # hours (21,600 seconds ;))
>> $ActionExecOnlyOnceEveryInterval 21600
>> # the if ... then ... mailBody mus be on one line!
>> if $msg contains 'hard disk fatal failure' then :ommail:;mailBody
>>
>>
>> # ######### Receiving Messages from Remote Hosts ##########
>> # TCP Syslog Server:
>> # provides TCP syslog reception and GSS-API (if compiled to support it)
>> $ModLoad imtcp.so # load module
>> $InputTCPServerRun 514 # start up TCP listener at port 514
>>
>> # UDP Syslog Server:
>> $ModLoad imudp.so # provides UDP syslog reception
>> $UDPServerRun 514 # start a UDP syslog server at standard port
>> --------------------------------------------------------
>> This e-mail, including any attachments, may be confidential, privileged or otherwise legally protected. If you have received this e-mail in error, or from someone who was not authorized to send it to you, do not disseminate, copy or otherwise use this e-mail or its attachments. Please notify the sender immediately if you have received this e-mail by mistake, and delete it from your system.
>> _______________________________________________
>> rsyslog mailing list
>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>>
>
Help with Ommail Configuration [ In reply to ]
rgerhards at hq
Jul 25, 2008, 3:31 AM
Post #4 of 4 (1320 views)
Permalink
Thanks, HKS, for the good answers. There is one thing I would like to
bring to your attention: I often see that people do not check for
rsyslog error messages themselves. That complicates setup. I do not
blame anyone, but would like to make you aware of the problem.

I have just blogged about a potential (partial) solution and will try to
implement it:

http://blog.gerhards.net/2008/07/rsyslog-error-reporting-how-to-do-it.ht
ml

Rainer

> -----Original Message-----
> From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog-
> bounces at lists.adiscon.com] On Behalf Of (private) HKS
> Sent: Thursday, July 24, 2008 11:36 PM
> To: rsyslog-users
> Subject: Re: [rsyslog] Help with Ommail Configuration
>
> Oh - one other possibility. rsyslogd has to have mail enabled at
> compile time to work with it at runtime. check your catchall logfile -
> if it has messages like this, you didn't compile it in:
>
> rsyslogd: could not load module '/usr/local/lib/rsyslog/ommail.so',
> dlopen: /usr/local/lib/rsyslog/ommail.so: cannot open shared object
> file: No such file or directory
>
> To fix this, you'll need to reinstall. This time, when you run
> ./configure be sure to include --enable-mail. make install clean and
> you should be good to go...
>
> -HKS
>
> On Thu, Jul 24, 2008 at 5:01 PM, (private) HKS <hks.private at gmail.com>
> wrote:
> > A few things to try:
> >
> > - You load ommail.so twice, once at the top and once right above
> your
> > $ActionMail... lines. I don't think this will break it, but it's
> > unnecessary - delete the second one.
> >
> > - $ActionExecOnlyOnceEveryInterval 21600 means that it's only going
> > to attempt sending a message once every 6 hours. For testing
> purposes,
> > this will be obnoxious. Until you're ready for production, change it
> > to:
> > $ActionExecOnlyOnceEveryInterval 30
> >
> > - Send everything to make sure you're not missing it based on
> > something in the property-replacer/templates/whatever. Replace "if
> > $msg contains 'hard disk fatal failure' then :ommail:;mailBody"
with:
> > *.* :ommail:;mailBody
> >
> > Try again. Try logging a few messages from the localhost first (with
> > RHEL you can just run "logger test" to log a user.notice message
with
> > content "test") and see if you get them.
> >
> > If you don't, check the mail logs on your mail server to see if it
> > ever received the message. If not, it's time to break out tcpdump
and
> > see if the packets are ever being generated.
> >
> > Hope that helps.
> >
> > -HKS
> >
> >
> >
> > On Thu, Jul 24, 2008 at 3:50 PM, Goutos, Kevin (DOB)
> > <Kevin.Goutos at budget.state.ny.us> wrote:
> >> Hello all,
> >>
> >> First off, I am not very Linux savvy. I don't have a lot of
> experience
> >> other then a basic course. This is probably way past my knowledge,
> but I
> >> really need to get it done. Appreciate any help you guys have to
> offer.
> >>
> >> I am working on a Red Hat Enterprise 4 box and I am running the
> latest
> >> edition of rsyslog. I currently have rsyslog configured to receive
> >> messages remotely via UDP. I am trying to set it up so that it will
> send
> >> out E-mail messages to the system Admin's based on the severity
> level of
> >> the log files I am receiving. I would like it so that any device
> that
> >> sends a log with a critical, alert, or emergency level facility
will
> >> send out an e-mail to a specific address.
> >>
> >> Here is my rsyslog.conf file. I used the sample code from Rainer
> >> Gerhards configuration page. I tried sending a test syslog with
> 'hard
> >> disk fatal failure' in it, but it is not sending out mail. Also
> tried
> >> without the templates below thinking it would just send me an email
> for
> >> every syslog that I received, but it doesn't appear to be sending
> mail.
> >> Any thoughts on what I am doing wrong. I'm sure there is a lot I
> need to
> >> do, so please let me know. Thanks!
> >>
> >> $template mailSubject,"disk problem on %hostname%"
> >> $template mailBody,"RSYSLOG Alert\r\nmsg='%msg%'"'
> >>
> >> I edited out the 3 lines below in the code for security reasons..
> >> $ActionMailSMTPServer <ip of smtp server>
> >> $ActionMailFrom <from address>
> >> $ActionMailTo <my email>
> >>
> >>
> >>
> >> Here is my code from rsyslog.conf below.
> >>
> >>
> >>
> >> # if you experience problems, check
> >> # http://www.rsyslog.com/troubleshoot for assistance
> >>
> >> # rsyslog v3: load input modules
> >> # If you do not load inputs, nothing happens!
> >> # You may need to set the module load path if modules are not
found.
> >>
> >> $ModLoad immark.so # provides --MARK-- message capability
> >> $ModLoad imuxsock.so # provides support for local system logging
> (e.g.
> >> via logger command)
> >> $ModLoad imklog.so # kernel logging (formerly provided by rklogd)
> >> $ModLoad ommail
> >>
> >> $template TraditionalFormatWithPRI,"%PRI-text%: %timegenerated%
> >> %HOSTNAME% %syslogtag%%msg:::drop-last-lf%\n"
> >>
> >> # Log all kernel messages to the console.
> >> # Logging much else clutters up the screen.
> >> #kern.*
/dev/console
> >>
> >> # Log anything (except mail) of level info or higher.
> >> # Don't log private authentication messages!
> >> *.info;mail.none;authpriv.none;cron.none
> >> -/var/log/messages
> >>
> >> # The authpriv file has restricted access.
> >> authpriv.*
> /var/log/secure
> >>
> >> # Log all the mail messages in one place.
> >> mail.*
> >> -/var/log/maillog
> >>
> >> # Log cron stuff
> >> cron.* -
> /var/log/cron
> >>
> >> # Everybody gets emergency messages
> >> *.emerg *
> >>
> >> # Save news errors of level crit and higher in a special file.
> >> uucp,news.crit
> >> -/var/log/spooler
> >>
> >> # Save boot messages also to boot.log
> >> local7.*
> >> /var/log/boot.log
> >>
> >> #Catch all incoming syslog messages
> >> *.*
> >> /var/log/catchall;TraditionalFormatWithPRI
> >>
> >> # Remote Logging (we use TCP for reliable delivery)
> >> # An on-disk queue is created for this action. If the remote host
is
> >> # down, messages are spooled to disk and sent when it is up again.
> >> $WorkDirectory /rsyslog/spool # where to place spool files
> >> $ActionQueueFileName uniqName # unique name prefix for spool files
> >> $ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as
> >> possible)
> >> $ActionQueueSaveOnShutdown on # save messages to disk on shutdown
> >> $ActionQueueType LinkedList # run asynchronously
> >> $ActionResumeRetryCount -1 # infinite retries if host is down
> >> # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
> >> *.* @10.57.106.140:514
> >>
> >> $ModLoad ommail
> >> $ActionMailSMTPServer <ip of smtp server>
> >> $ActionMailFrom <from address>
> >> $ActionMailTo <my email>
> >> $template mailSubject,"disk problem on %hostname%"
> >> $template mailBody,"RSYSLOG Alert\r\nmsg='%msg%'"
> >> $ActionMailSubject mailSubject
> >> # make sure we receive a mail only once in six
> >> # hours (21,600 seconds ;))
> >> $ActionExecOnlyOnceEveryInterval 21600
> >> # the if ... then ... mailBody mus be on one line!
> >> if $msg contains 'hard disk fatal failure' then :ommail:;mailBody
> >>
> >>
> >> # ######### Receiving Messages from Remote Hosts ##########
> >> # TCP Syslog Server:
> >> # provides TCP syslog reception and GSS-API (if compiled to support
> it)
> >> $ModLoad imtcp.so # load module
> >> $InputTCPServerRun 514 # start up TCP listener at port 514
> >>
> >> # UDP Syslog Server:
> >> $ModLoad imudp.so # provides UDP syslog reception
> >> $UDPServerRun 514 # start a UDP syslog server at standard port
> >> --------------------------------------------------------
> >> This e-mail, including any attachments, may be confidential,
> privileged or otherwise legally protected. If you have received this
e-
> mail in error, or from someone who was not authorized to send it to
> you, do not disseminate, copy or otherwise use this e-mail or its
> attachments. Please notify the sender immediately if you have received
> this e-mail by mistake, and delete it from your system.
> >> _______________________________________________
> >> rsyslog mailing list
> >> http://lists.adiscon.net/mailman/listinfo/rsyslog
> >>
> >
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal