Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: RSyslog: users

Re: Error message with no error ??Or I'm misinterpretingit?

 

 

RSyslog users RSS feed   Index | Next | Previous | View Threaded


jasonm at kelman

Jun 6, 2012, 10:04 AM

Post #1 of 2 (159 views)
Permalink
Re: Error message with no error ??Or I'm misinterpretingit?

Well, you guessed right, I think! The strange error message is no longer
there, and the expression does seem to be logging things into the
database as expected. I'll put my logic back in place and see if I get
the desired results (with single quotes only!).

Thanks, and have a great holiday!!

> That was a wrong tip. Not sure, however, if I manage to load your conf this evening. Note that tomorrow is a holiday over here (yay, once again ;)) and I will probably not be at my machine.
>
> Rainer
>
>> -----Original Message-----
>> From: rsyslog-bounces [at] lists [mailto:rsyslog-
>> bounces [at] lists] On Behalf Of Rainer Gerhards
>> Sent: Wednesday, June 06, 2012 4:02 PM
>> To: rsyslog-users
>> Subject: Re: [rsyslog] Error message with no error ?? Or I'm misinterpretingit?
>>
>> Just quickly, should have noticed earlier: are you sure double quotes (") are OK? I
>> am not sure I already support them. If in question, use single quotes ('). Will
>> elaborate later.
>>
>> Rainer
>>
>>> -----Original Message-----
>>> From: rsyslog-bounces [at] lists [mailto:rsyslog-
>>> bounces [at] lists] On Behalf Of Jason Marshall
>>> Sent: Wednesday, June 06, 2012 4:00 PM
>>> To: rsyslog-users
>>> Subject: Re: [rsyslog] Error message with no error ?? Or I'm
>>> misinterpretingit?
>>>
>>> Thanks Rainer! Here is my config -- it's pretty hacked up right now,
>>> but
>>> I have most of the good bits commented out trying to isolate the
>>> problem:
>>>
>>> # Use traditional timestamp format
>>> $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
>>>
>>> $ModLoad immark # provides --MARK-- message capability
>>> $ModLoad imudp # provides UDP syslog reception
>>> $UDPServerAddress 172.23.62.1 # this MUST be before the $UDPServerRun
>>> directive!
>>> $UDPServerRun 514
>>> $ModLoad imtcp # provides TCP syslog reception and GSS-API (if compiled
>>> to support it)
>>> # Provides kernel logging support (previously done by rklogd)
>>> $ModLoad imklog
>>> # Provides support for local system logging (e.g. via logger command)
>>> $ModLoad imuxsock
>>> $ModLoad ommysql
>>>
>>> $WorkDirectory /nospace/rsyslog-queue
>>> $ActionQueueType LinkedList # async processing
>>> $ActionQueueFileName rsyslog-buffer # or whatever
>>> $ActionResumeRetryCount -1 # infinite retries
>>> $ActionQueueSaveOnShutdown on # save in-memory data on shutdown.
>>>
>>> if $hostname == "172.23.48.14" then
>>> :ommysql:localhost,Syslog,syslog,xxxxxxxx
>>>
>>> #if ($hostname != "172.23.48.13" and $hostname != "172.23.48.14") and
>>> $syslogfacility-text == "authpriv" then /var/log/secure
>>> #if ($hostname != "172.23.48.13" and $hostname != "172.23.48.14") and
>>> $syslogfacility-text == "authpriv" then ~
>>>
>>> #if ($hostname != "172.23.48.13" and $hostname != "172.23.48.14") and
>>> $syslogfacility-text == "mail" then -/var/log/maillog
>>> #if ($hostname != "172.23.48.13" and $hostname != "172.23.48.14") and
>>> $syslogfacility-text == "mail" then ~
>>>
>>> #if ($hostname != "172.23.48.13" and $hostname != "172.23.48.14") and
>>> $syslogfacility-text == "cron" then /var/log/cron
>>> #if ($hostname != "172.23.48.13" and $hostname != "172.23.48.14") and
>>> $syslogfacility-text == "cron" then ~
>>>
>>> #if ($hostname != "172.23.48.13" and $hostname != "172.23.48.14") then
>>> /var/log/messages
>>> #if ($hostname != "172.23.48.13" and $hostname != "172.23.48.14") then
>>> ~
>>>
>>> #if ($hostname == "172.23.48.13" or $hostname == "172.23.48.14") then
>>> @209.136.154.71
>>> #if ($hostname == "172.23.48.13" or $hostname == "172.23.48.14") and
>>> not ($msg contains "RT_FLOW_SESSION_") then @209.136.154.71
>>>
>>> *.emerg *
>>>
>>>
>>>
>>>> Looks like in some remote spot the actual message is not emitted.
>>> Please post your complete config file, so that I can run it and see the
>>> same problem.
>>>>
>>>> Thanks,
>>>> Rainer
>>>>
>>>>> -----Original Message-----
>>>>> From: rsyslog-bounces [at] lists [mailto:rsyslog-
>>>>> bounces [at] lists] On Behalf Of Jason Marshall
>>>>> Sent: Wednesday, June 06, 2012 5:36 AM
>>>>> To: rsyslog [at] lists
>>>>> Subject: [rsyslog] Error message with no error ?? Or I'm
>>> misinterpreting it?
>>>>>
>>>>> I tried looking through the archives, but didn't find what I was
>>> looking
>>>>> for. I'm having issues with my rsyslog.conf file, and when I run
>>> rsyslogd
>>>>> -N 1 (or any other number) I get the nebulous message "rsyslogd: the
>>> last
>>>>> error occured in /etc/rsyslog.conf, line 29:...............". BUT,
>>> there
>>>>> is no "last message":
>>>>>
>>>>> -bash-3.2# rsyslogd -f /etc/rsyslog.conf -N 9 -c5
>>>>> rsyslogd: version 6.2.1, config validation run (level 9), master
>>> config
>>>>> /etc/rsyslog.conf
>>>>> rsyslogd: the last error occured in /etc/rsyslog.conf, line 29:"if
>>> $hostname ==
>>>>> "172.23.48.14" then
>>>>> :ommysql:localhost,Syslog,syslog,xxxxxxxx"
>>>>> rsyslogd: warning: selector line without actions will be discarded
>>>>>
>>>>> I compiled rsyslogd-6.2.1 from source, and don't believe I got any
>>>>> warnings during the process... Kind of scratching my head here
>>> because my
>>>>> syntax appears to match that of the examples I've found online...
>>> Any
>>>>> ideas? Thanks in advance!!
>>>>>
>>>>> ---
>>>>> Jason Marshall
>>>>> _______________________________________________
>>>>> rsyslog mailing list
>>>>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>>>>> http://www.rsyslog.com/professional-services/
>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>>> _______________________________________________
>>>> rsyslog mailing list
>>>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>>>> http://www.rsyslog.com/professional-services/
>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>>>
>>>>
>>>
>>> ---
>>> Jason Marshall
>>> IT Manager
>>> Kelman Data Management
>>> 403.294.7557
>>> _______________________________________________
>>> rsyslog mailing list
>>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>>> http://www.rsyslog.com/professional-services/
>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> _______________________________________________
>> rsyslog mailing list
>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
>
>

---
Jason Marshall
IT Manager
Kelman Data Management
403.294.7557
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards


jasonm at kelman

Jun 6, 2012, 10:12 AM

Post #2 of 2 (154 views)
Permalink
Re: Error message with no error ??Or I'm misinterpretingit? [In reply to]

Rainer, I replaced all the double quotes with singles and it's working
great! Thanks again!

> That was a wrong tip. Not sure, however, if I manage to load your conf this evening. Note that tomorrow is a holiday over here (yay, once again ;)) and I will probably not be at my machine.
>
> Rainer
>
>> -----Original Message-----
>> From: rsyslog-bounces [at] lists [mailto:rsyslog-
>> bounces [at] lists] On Behalf Of Rainer Gerhards
>> Sent: Wednesday, June 06, 2012 4:02 PM
>> To: rsyslog-users
>> Subject: Re: [rsyslog] Error message with no error ?? Or I'm misinterpretingit?
>>
>> Just quickly, should have noticed earlier: are you sure double quotes (") are OK? I
>> am not sure I already support them. If in question, use single quotes ('). Will
>> elaborate later.
>>
>> Rainer
>>
>>> -----Original Message-----
>>> From: rsyslog-bounces [at] lists [mailto:rsyslog-
>>> bounces [at] lists] On Behalf Of Jason Marshall
>>> Sent: Wednesday, June 06, 2012 4:00 PM
>>> To: rsyslog-users
>>> Subject: Re: [rsyslog] Error message with no error ?? Or I'm
>>> misinterpretingit?
>>>
>>> Thanks Rainer! Here is my config -- it's pretty hacked up right now,
>>> but
>>> I have most of the good bits commented out trying to isolate the
>>> problem:
>>>
>>> # Use traditional timestamp format
>>> $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
>>>
>>> $ModLoad immark # provides --MARK-- message capability
>>> $ModLoad imudp # provides UDP syslog reception
>>> $UDPServerAddress 172.23.62.1 # this MUST be before the $UDPServerRun
>>> directive!
>>> $UDPServerRun 514
>>> $ModLoad imtcp # provides TCP syslog reception and GSS-API (if compiled
>>> to support it)
>>> # Provides kernel logging support (previously done by rklogd)
>>> $ModLoad imklog
>>> # Provides support for local system logging (e.g. via logger command)
>>> $ModLoad imuxsock
>>> $ModLoad ommysql
>>>
>>> $WorkDirectory /nospace/rsyslog-queue
>>> $ActionQueueType LinkedList # async processing
>>> $ActionQueueFileName rsyslog-buffer # or whatever
>>> $ActionResumeRetryCount -1 # infinite retries
>>> $ActionQueueSaveOnShutdown on # save in-memory data on shutdown.
>>>
>>> if $hostname == "172.23.48.14" then
>>> :ommysql:localhost,Syslog,syslog,xxxxxxxx
>>>
>>> #if ($hostname != "172.23.48.13" and $hostname != "172.23.48.14") and
>>> $syslogfacility-text == "authpriv" then /var/log/secure
>>> #if ($hostname != "172.23.48.13" and $hostname != "172.23.48.14") and
>>> $syslogfacility-text == "authpriv" then ~
>>>
>>> #if ($hostname != "172.23.48.13" and $hostname != "172.23.48.14") and
>>> $syslogfacility-text == "mail" then -/var/log/maillog
>>> #if ($hostname != "172.23.48.13" and $hostname != "172.23.48.14") and
>>> $syslogfacility-text == "mail" then ~
>>>
>>> #if ($hostname != "172.23.48.13" and $hostname != "172.23.48.14") and
>>> $syslogfacility-text == "cron" then /var/log/cron
>>> #if ($hostname != "172.23.48.13" and $hostname != "172.23.48.14") and
>>> $syslogfacility-text == "cron" then ~
>>>
>>> #if ($hostname != "172.23.48.13" and $hostname != "172.23.48.14") then
>>> /var/log/messages
>>> #if ($hostname != "172.23.48.13" and $hostname != "172.23.48.14") then
>>> ~
>>>
>>> #if ($hostname == "172.23.48.13" or $hostname == "172.23.48.14") then
>>> @209.136.154.71
>>> #if ($hostname == "172.23.48.13" or $hostname == "172.23.48.14") and
>>> not ($msg contains "RT_FLOW_SESSION_") then @209.136.154.71
>>>
>>> *.emerg *
>>>
>>>
>>>
>>>> Looks like in some remote spot the actual message is not emitted.
>>> Please post your complete config file, so that I can run it and see the
>>> same problem.
>>>>
>>>> Thanks,
>>>> Rainer
>>>>
>>>>> -----Original Message-----
>>>>> From: rsyslog-bounces [at] lists [mailto:rsyslog-
>>>>> bounces [at] lists] On Behalf Of Jason Marshall
>>>>> Sent: Wednesday, June 06, 2012 5:36 AM
>>>>> To: rsyslog [at] lists
>>>>> Subject: [rsyslog] Error message with no error ?? Or I'm
>>> misinterpreting it?
>>>>>
>>>>> I tried looking through the archives, but didn't find what I was
>>> looking
>>>>> for. I'm having issues with my rsyslog.conf file, and when I run
>>> rsyslogd
>>>>> -N 1 (or any other number) I get the nebulous message "rsyslogd: the
>>> last
>>>>> error occured in /etc/rsyslog.conf, line 29:...............". BUT,
>>> there
>>>>> is no "last message":
>>>>>
>>>>> -bash-3.2# rsyslogd -f /etc/rsyslog.conf -N 9 -c5
>>>>> rsyslogd: version 6.2.1, config validation run (level 9), master
>>> config
>>>>> /etc/rsyslog.conf
>>>>> rsyslogd: the last error occured in /etc/rsyslog.conf, line 29:"if
>>> $hostname ==
>>>>> "172.23.48.14" then
>>>>> :ommysql:localhost,Syslog,syslog,xxxxxxxx"
>>>>> rsyslogd: warning: selector line without actions will be discarded
>>>>>
>>>>> I compiled rsyslogd-6.2.1 from source, and don't believe I got any
>>>>> warnings during the process... Kind of scratching my head here
>>> because my
>>>>> syntax appears to match that of the examples I've found online...
>>> Any
>>>>> ideas? Thanks in advance!!
>>>>>
>>>>> ---
>>>>> Jason Marshall
>>>>> _______________________________________________
>>>>> rsyslog mailing list
>>>>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>>>>> http://www.rsyslog.com/professional-services/
>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>>> _______________________________________________
>>>> rsyslog mailing list
>>>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>>>> http://www.rsyslog.com/professional-services/
>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>>>
>>>>
>>>
>>> ---
>>> Jason Marshall
>>> IT Manager
>>> Kelman Data Management
>>> 403.294.7557
>>> _______________________________________________
>>> rsyslog mailing list
>>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>>> http://www.rsyslog.com/professional-services/
>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> _______________________________________________
>> rsyslog mailing list
>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
>
>

---
Jason Marshall
IT Manager
Kelman Data Management
403.294.7557
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards

RSyslog users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.