[ale] F10, rsyslog, and incoming remote logs

Jim Kinney jim.kinney at gmail.com
Tue Jul 14 00:04:45 EDT 2009 

John,

I'm pretty sure you don't need to load any modules with insmod to run an
rsyslogd process. You _do_ need upd port 514 open in iptables to receive
anything from other systems since that's the one you turned on. Otherwise
you need to use the tcp connection settings and still open up iptables.

Be sure to go to the bottom of the conf file and set up a rule to forward to
a remote machine.
# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$WorkDirectory /var/spppl/rsyslog # where to place spool files
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList   # run asynchronously
#$ActionResumeRetryCount -1    # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###



On Mon, Jul 13, 2009 at 6:23 PM, Mills John M-NPHW64 <Jmills at motorola.com>wrote:

>  ALErs -
>
> I've wasted quite a bit of bad language trying to set up
> '/etc/rsyslog.conf' to receive log messages from other hosts. Please excuse
> the incoherence here resulting from emotional stress. &8-P)
>
> I uncommented in '/etc/rsyslog.conf' the lines:
>
> # Provides UDP syslog reception
> $ModLoad imudp.so
> $UDPServerRun 514
>
> and restarted the service. No obvious complaints in '/var/log/messages'.
>
> I did find a copy of 'imudp.so' as '/usr/lib/rsyslog/imudp.so' but when I
> try to see if it can be loaded I get:
>
>  insmod: error inserting '/usr/lib/rsyslog/imudp.so': -1 Invalid module
> format
>
> I don't see how to form a rule to send incoming UDP log traffic on port 514
> to anywhere. How can I send such traffic to a single file, say:
> '/var/log/ext_messages.log'? The only examples I find in the docs concern
> outgoing traffic to a specific remote server: the reverse of my problem.
>
> Should I need a rule to see such traffic on '/var/log/messages'? I see no
> traffic at present.
>
> I could try running 'rsyslogd' in "compatibility" mode ('-v2'), but I would
> rather learn how to set up the configuration for the current version.
>
> (BTW, is 'rsyslogd' really an improvement, or is the problem in the
> documentation?)
>
> TIA.
>
>  - Mills
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>
>


-- 
-- 
James P. Kinney III
Actively in pursuit of Life, Liberty and Happiness
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20090714/51239e0d/attachment.html

More information about the Ale mailing list