John,<br><br>I'm pretty sure you don't need to load any modules with insmod to run an rsyslogd process. You _do_ need upd port 514 open in iptables to receive anything from other systems since that's the one you turned on. Otherwise you need to use the tcp connection settings and still open up iptables.<br>
<br>Be sure to go to the bottom of the conf file and set up a rule to forward to a remote machine. <br># ### begin forwarding rule ###<br># The statement between the begin ... end define a SINGLE forwarding<br># rule. They belong together, do NOT split them. If you create multiple<br>
# forwarding rules, duplicate the whole block!<br># Remote Logging (we use TCP for reliable delivery)<br>#<br># An on-disk queue is created for this action. If the remote host is<br># down, messages are spooled to disk and sent when it is up again.<br>
#$WorkDirectory /var/spppl/rsyslog # where to place spool files<br>#$ActionQueueFileName fwdRule1 # unique name prefix for spool files<br>#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)<br>#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown<br>
#$ActionQueueType LinkedList # run asynchronously<br>#$ActionResumeRetryCount -1 # infinite retries if host is down<br># remote host is: name/ip:port, e.g. <a href="http://192.168.0.1:514">192.168.0.1:514</a>, port optional<br>
#*.* @@remote-host:514<br># ### end of the forwarding rule ###<br><br><br><br><div class="gmail_quote">On Mon, Jul 13, 2009 at 6:23 PM, Mills John M-NPHW64 <span dir="ltr"><<a href="mailto:Jmills@motorola.com">Jmills@motorola.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>
<p><font size="2">ALErs -<br>
<br>
I've wasted quite a bit of bad language trying to set up '/etc/rsyslog.conf' to receive log messages from other hosts. Please excuse the incoherence here resulting from emotional stress. &8-P)<br>
<br>
I uncommented in '/etc/rsyslog.conf' the lines:<br>
<br>
# Provides UDP syslog reception<br>
$ModLoad imudp.so<br>
$UDPServerRun 514<br>
<br>
and restarted the service. No obvious complaints in '/var/log/messages'.<br>
<br>
I did find a copy of 'imudp.so' as '/usr/lib/rsyslog/imudp.so' but when I try to see if it can be loaded I get:<br>
<br>
insmod: error inserting '/usr/lib/rsyslog/imudp.so': -1 Invalid module format<br>
<br>
I don't see how to form a rule to send incoming UDP log traffic on port 514 to anywhere. How can I send such traffic to a single file, say: '/var/log/ext_messages.log'? The only examples I find in the docs concern outgoing traffic to a specific remote server: the reverse of my problem.<br>
<br>
Should I need a rule to see such traffic on '/var/log/messages'? I see no traffic at present.<br>
<br>
I could try running 'rsyslogd' in "compatibility" mode ('-v2'), but I would rather learn how to set up the configuration for the current version.<br>
<br>
(BTW, is 'rsyslogd' really an improvement, or is the problem in the documentation?)<br>
<br>
TIA.<br>
<br>
- Mills<br>
</font>
</p>
</div>
<br>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>-- <br>James P. Kinney III<br>Actively in pursuit of Life, Liberty and Happiness <br><br>