Tiny Core Base > TCB Q&A Forum
Rsyslog not working
Stefann:
Hi,
I have an application for which I want to create logging.
I basically have 2 types of logging:
- fast debug-alike logging, multiple lines per second, intended to scheck last few minutes only
- slow monitor alike logging, few lines per hour, intended to check last few days
I now monitor with syslog but than I need to chose: either have the fats logging enabled OR the monitor logging because the TCV uses the BusyBox syslogd that does not support syslog.conf
To overcome, I have installed Rsyslog app (tc 32bit version).
However... it does not work.
After few hours trying to figure out whether I did something wrong with conf file I finally did run with -d option. see logging below.
It seems that the version is incomplete. needs a dependancy...
Any tips?
1/
Is this something "I can fix", or will it be beyond my capabilities.
(of course you cannot know my capabilities, but I have some basic linux knowledge, I'm not a guru)
2/
alternatively: any idea how I can split the syslog into a "slow log" and a "fast log"?
--- Code: ---tc@huis:~$ sudo rsyslogd -d > /home/tc/debug.txt
tc@huis:~$ cat debug.txt
9225.179870386:main thread : rsyslogd.c: rsyslogd 8.2312.0 startup, module path '', cwd:/home/tc
9225.186794561:main thread : glbl.c: rsyslog/glbl: using '127.0.0.1' as localhost IP
9225.187338019:main thread : obj.c: caller requested object 'net', not found (iRet -3003)
9225.187481235:main thread : modules.c: Requested to load module 'lmnet'
9225.187558653:main thread : modules.c: loading module '/usr/local/lib/rsyslog/lmnet.so'
9225.189158546:main thread : modules.c: module lmnet of type 2 being loaded (keepType=0).
9225.189217636:main thread : net.c: entry point 'isCompatibleWithFeature' not present in module
9225.189240599:main thread : net.c: entry point 'setModCnf' not present in module
9225.189263699:main thread : net.c: entry point 'getModCnfName' not present in module
9225.189285884:main thread : net.c: entry point 'beginCnfLoad' not present in module
9225.189327025:main thread : modules.c: source file conf.c requested reference for module 'lmnet', reference count now 1
9225.189424527:main thread : rsyslog.c: rsyslog runtime initialized, version 8.2312.0, current users 1
9225.189986766:main thread : modules.c: source file rsyslogd.c requested reference for module 'lmnet', reference count now 2
9225.190238654:main thread : omfile.c: omfile: using transactional output interface.
9225.195431926:main thread : modules.c: module builtin:omfile of type 1 being loaded (keepType=0).
9225.196819703:main thread : modules.c: module config name is 'omfile'
9225.196845110:main thread : modules.c: module builtin:omfile supports rsyslog v6 config interface
9225.196877530:main thread : omfile.c: entry point 'activateCnfPrePrivDrop' not present in module
9225.196915551:main thread : omfile.c: entry point 'doHUPWrkr' not present in module
9225.196938767:main thread : omfile.c: entry point 'SetShutdownImmdtPtr' not present in module
9225.196962957:main thread : omfile.c: entry point 'doAction' not present in module
9225.196988082:main thread : omfile.c: entry point 'endTransaction' not present in module
9225.197033087:main thread : modules.c: module builtin:ompipe of type 1 being loaded (keepType=0).
9225.197703119:main thread : modules.c: module config name is 'ompipe'
9225.197739951:main thread : modules.c: module builtin:ompipe supports rsyslog v6 config interface
9225.197771994:main thread : ompipe.c: entry point 'activateCnfPrePrivDrop' not present in module
9225.197809132:main thread : ompipe.c: entry point 'doHUPWrkr' not present in module
9225.197832453:main thread : ompipe.c: entry point 'SetShutdownImmdtPtr' not present in module
9225.197856110:main thread : ompipe.c: entry point 'beginTransaction' not present in module
9225.197883440:main thread : ompipe.c: entry point 'commitTransaction' not present in module
9225.197907310:main thread : ompipe.c: entry point 'endTransaction' not present in module
9225.197945590:main thread : modules.c: module builtin-shell of type 1 being loaded (keepType=0).
9225.197971733:main thread : omshell.c: entry point 'setModCnf' not present in module
9225.197994769:main thread : omshell.c: entry point 'getModCnfName' not present in module
9225.198017143:main thread : omshell.c: entry point 'beginCnfLoad' not present in module
9225.198049612:main thread : omshell.c: entry point 'doHUP' not present in module
9225.198072225:main thread : omshell.c: entry point 'doHUPWrkr' not present in module
9225.198094543:main thread : omshell.c: entry point 'SetShutdownImmdtPtr' not present in module
9225.198116899:main thread : omshell.c: entry point 'beginTransaction' not present in module
9225.198141937:main thread : omshell.c: entry point 'commitTransaction' not present in module
9225.198164303:main thread : omshell.c: entry point 'endTransaction' not present in module
9225.198186631:main thread : omshell.c: entry point 'newActInst' not present in module
9225.198218783:main thread : modules.c: module builtin:omdiscard of type 1 being loaded (keepType=0).
9225.198244660:main thread : omdiscard.c: entry point 'setModCnf' not present in module
9225.198328544:main thread : omdiscard.c: entry point 'getModCnfName' not present in module
9225.198352235:main thread : omdiscard.c: entry point 'beginCnfLoad' not present in module
9225.198385052:main thread : omdiscard.c: entry point 'doHUP' not present in module
9225.198407957:main thread : omdiscard.c: entry point 'doHUPWrkr' not present in module
9225.198430634:main thread : omdiscard.c: entry point 'SetShutdownImmdtPtr' not present in module
9225.200622714:main thread : omdiscard.c: entry point 'beginTransaction' not present in module
9225.200649658:main thread : omdiscard.c: entry point 'commitTransaction' not present in module
9225.200672806:main thread : omdiscard.c: entry point 'endTransaction' not present in module
9225.200695408:main thread : omdiscard.c: entry point 'newActInst' not present in module
9225.200756042:main thread : modules.c: source file omfwd.c requested reference for module 'lmnet', reference count now 3
9225.201217513:main thread : modules.c: module builtin:omfwd of type 1 being loaded (keepType=0).
9225.201253206:main thread : modules.c: module config name is 'omfwd'
9225.201276973:main thread : modules.c: module builtin:omfwd supports rsyslog v6 config interface
9225.201309098:main thread : omfwd.c: entry point 'activateCnfPrePrivDrop' not present in module
9225.201344190:main thread : omfwd.c: entry point 'doHUP' not present in module
9225.201367704:main thread : omfwd.c: entry point 'doHUPWrkr' not present in module
9225.201390967:main thread : omfwd.c: entry point 'SetShutdownImmdtPtr' not present in module
9225.201414842:main thread : omfwd.c: entry point 'doAction' not present in module
9225.201458658:main thread : omfwd.c: entry point 'endTransaction' not present in module
9225.201494596:main thread : modules.c: module builtin:omusrmsg of type 1 being loaded (keepType=0).
9225.201520783:main thread : omusrmsg.c: entry point 'setModCnf' not present in module
9225.201545565:main thread : modules.c: module config name is 'omusrmsg'
9225.201568310:main thread : omusrmsg.c: entry point 'beginCnfLoad' not present in module
9225.201601580:main thread : omusrmsg.c: entry point 'doHUP' not present in module
9225.201624689:main thread : omusrmsg.c: entry point 'doHUPWrkr' not present in module
9225.201647476:main thread : omusrmsg.c: entry point 'SetShutdownImmdtPtr' not present in module
9225.201670288:main thread : omusrmsg.c: entry point 'beginTransaction' not present in module
9225.201696230:main thread : omusrmsg.c: entry point 'commitTransaction' not present in module
9225.201719206:main thread : omusrmsg.c: entry point 'endTransaction' not present in module
9225.201756190:main thread : pmrfc5424.c: rfc5424 parser init called
9225.201779409:main thread : pmrfc5424.c: GetParserName addr 0x4f9176
9225.201805662:main thread : modules.c: module builtin:pmrfc5424 of type 3 being loaded (keepType=0).
9225.201830851:main thread : pmrfc5424.c: entry point 'setModCnf' not present in module
9225.201853947:main thread : pmrfc5424.c: entry point 'getModCnfName' not present in module
9225.201876197:main thread : pmrfc5424.c: entry point 'beginCnfLoad' not present in module
9225.201899172:main thread : pmrfc5424.c: entry point 'parse2' not present in module
9225.201929402:main thread : parser.c: DDDDD: added parser 'rsyslog.rfc5424' to list 0xb782b1a0
9225.201952000:main thread : parser.c: Parser 'rsyslog.rfc5424' added to list of available parsers.
9225.201984750:main thread : pmrfc3164.c: rfc3164 parser init called
9225.202012736:main thread : modules.c: module builtin:pmrfc3164 of type 3 being loaded (keepType=0).
9225.202038304:main thread : pmrfc3164.c: entry point 'setModCnf' not present in module
9225.202062409:main thread : modules.c: module config name is 'pmrfc3164'
9225.202084658:main thread : pmrfc3164.c: entry point 'beginCnfLoad' not present in module
9225.202110814:main thread : pmrfc3164.c: newParserInst (pmrfc3164)
9225.202187369:main thread : parser.c: DDDDD: added parser 'rsyslog.rfc3164' to list 0xb782b1a0
9225.202209667:main thread : parser.c: Parser 'rsyslog.rfc3164' added to list of available parsers.
9225.202236941:main thread : parser.c: DDDDD: added parser 'rsyslog.rfc5424' to list 0xb782b1a4
9225.202259133:main thread : parser.c: Parser 'rsyslog.rfc5424' added to default parser set.
9225.202283710:main thread : parser.c: DDDDD: added parser 'rsyslog.rfc3164' to list 0xb782b1a4
9225.202305314:main thread : parser.c: Parser 'rsyslog.rfc3164' added to default parser set.
9225.202331578:main thread : smfile.c: rsyslog standard file format strgen init called, compiled with version 8.2312.0
9225.202359514:main thread : modules.c: module builtin:smfile of type 4 being loaded (keepType=0).
9225.202383161:main thread : smfile.c: entry point 'isCompatibleWithFeature' not present in module
9225.202405441:main thread : smfile.c: entry point 'setModCnf' not present in module
9225.202427997:main thread : smfile.c: entry point 'getModCnfName' not present in module
9225.202450034:main thread : smfile.c: entry point 'beginCnfLoad' not present in module
9225.202482051:main thread : strgen.c: Strgen 'RSYSLOG_FileFormat' added to list of available strgens.
9225.202508443:main thread : smtradfile.c: traditional file format strgen init called, compiled with version 8.2312.0
9225.202535153:main thread : modules.c: module builtin:smtradfile of type 4 being loaded (keepType=0).
9225.202558927:main thread : smtradfile.c: entry point 'isCompatibleWithFeature' not present in module
9225.202581257:main thread : smtradfile.c: entry point 'setModCnf' not present in module
9225.202604112:main thread : smtradfile.c: entry point 'getModCnfName' not present in module
9225.202626306:main thread : smtradfile.c: entry point 'beginCnfLoad' not present in module
9225.202653050:main thread : strgen.c: Strgen 'RSYSLOG_TraditionalFileFormat' added to list of available strgens.
9225.202679858:main thread : smfwd.c: rsyslog standard (network) forward format strgen init called, compiled with version 8.2312.0
9225.202706143:main thread : modules.c: module builtin:smfwd of type 4 being loaded (keepType=0).
9225.202729706:main thread : smfwd.c: entry point 'isCompatibleWithFeature' not present in module
9225.202751820:main thread : smfwd.c: entry point 'setModCnf' not present in module
9225.202774320:main thread : smfwd.c: entry point 'getModCnfName' not present in module
9225.202796219:main thread : smfwd.c: entry point 'beginCnfLoad' not present in module
9225.202822270:main thread : strgen.c: Strgen 'RSYSLOG_ForwardFormat' added to list of available strgens.
9225.202849105:main thread : smtradfwd.c: rsyslog traditional (network) forward format strgen init called, compiled with version 8.2312.0
9225.202875786:main thread : modules.c: module builtin:smtradfwd of type 4 being loaded (keepType=0).
9225.202899359:main thread : smtradfwd.c: entry point 'isCompatibleWithFeature' not present in module
9225.202921612:main thread : smtradfwd.c: entry point 'setModCnf' not present in module
9225.202944191:main thread : smtradfwd.c: entry point 'getModCnfName' not present in module
9225.202966156:main thread : smtradfwd.c: entry point 'beginCnfLoad' not present in module
9225.202992205:main thread : strgen.c: Strgen 'RSYSLOG_TraditionalForwardFormat' added to list of available strgens.
9225.203015140:main thread : rsconf.c: doing legacy config system init
9225.209190047:main thread : ../template.c: tplAddLine processing template 'RSYSLOG_DebugFormat'
9225.213981766:main thread : ../template.c: tplAddLine processing template 'RSYSLOG_SyslogProtocol23Format'
9225.214114791:main thread : ../template.c: tplAddLine processing template 'RSYSLOG_SyslogRFC5424Format'
9225.214295670:main thread : ../template.c: tplAddLine processing template 'RSYSLOG_FileFormat'
9225.214331195:main thread : ../template.c: template bound to strgen 'RSYSLOG_FileFormat'
9225.214396301:main thread : ../template.c: tplAddLine processing template 'RSYSLOG_TraditionalFileFormat'
9225.214425116:main thread : ../template.c: template bound to strgen 'RSYSLOG_TraditionalFileFormat'
9225.214472440:main thread : ../template.c: tplAddLine processing template ' WallFmt'
9225.214548562:main thread : ../template.c: tplAddLine processing template 'RSYSLOG_ForwardFormat'
9225.214576887:main thread : ../template.c: template bound to strgen 'RSYSLOG_ForwardFormat'
9225.214600262:main thread : ../template.c: tplAddLine processing template 'RSYSLOG_TraditionalForwardFormat'
9225.214628360:main thread : ../template.c: template bound to strgen 'RSYSLOG_TraditionalForwardFormat'
9225.214651183:main thread : ../template.c: tplAddLine processing template ' StdUsrMsgFmt'
9225.214686620:main thread : ../template.c: tplAddLine processing template ' StdDBFmt'
9225.214888884:main thread : ../template.c: tplAddLine processing template 'RSYSLOG_SysklogdFileFormat'
9225.215006907:main thread : ../template.c: tplAddLine processing template ' StdPgSQLFmt'
9225.215139792:main thread : ../template.c: tplAddLine processing template ' StdJSONFmt'
9225.215329021:main thread : ../template.c: tplAddLine processing template ' FullJSONFmt'
9225.215512709:main thread : ../template.c: tplAddLine processing template ' StdClickHouseFmt'
9225.215605820:main thread : ../template.c: tplAddLine processing template 'RSYSLOG_omudpspoofDfltSourceTpl'
9225.216492428:main thread : lexer.l: config parser: pushed config fragment on top of stack:
>>> snip had to truncate log for reason of max forum message length <<<<
--- End code ---
andyj:
Can you post your rsyslog.conf file?
Stefann:
Here you go,
Note, I never worked with syslog or Rsyslog so I'm "experimenting".
This is the most basic/simple rsyslog.conf that I would at least expect to create a file. No file is created though.
I'm alarmed by the huge amount of "not present in modules" messages in the output of rsyslog -d.
having said that... "it seems to be running". If I try to run it a 2nd time it complaints that its already running.
Note, I forgot to say in 1st post: running "core-15"
--- Code: ---tc@huis:/usr/local/etc$ cat rsyslog.conf
*.* /home/tc/stefan
--- End code ---
Stefann:
small update,
after some riding I updated the conf file like below.
I have no clue what all global directives do but based on what I could understand of the man page at least the "$ModLoad imuxsock" is necessary to make it listen to the syslog system. No success however...
--- Code: ---$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
$ModLoad imklog
$ModLoad imuxsock
*.* /home/tc/stefan
--- End code ---
andyj:
The default location for the rsyslog.conf file is in /usr/local/etc. The command "rsyslogd -N1" will verify the config file. You will probably want to start with something like this and add your own templates and rulesets:
--- Code: ---$WorkDirectory /srv/syslog/log/work
# This would queue _ALL_ rsyslog messages, i.e. slow them down to rate of DB ingest.
# Don't do that...
# $MainMsgQueueFileName mainq # set file name, also enables disk mode
# We only want to queue for database writes.
$ActionQueueType LinkedList # use asynchronous processing
$ActionQueueFileName dbq # set file name, also enables disk mode
$ActionResumeRetryCount -1 # infinite retries on insert failure
# Default Settings
# Load Modules
module(load="imuxsock") # provides support for local system logging (e.g. via logger command)
module(load="imklog") # provides kernel logging support (previously done by rklogd)
module(load="immark") # provides --MARK-- message capability
module(load="impstats")
# Provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")
# Provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="514")
--- End code ---
My setup logs to postgresql. That requires setting up a database, designing a schema, and adding the appropriate templates and rulesets to the rsyslog.conf file. Whether you use a database or log file directories, you will need to manage disk space. It will fill up faster than you would think.
Navigation
[0] Message Index
[#] Next page
Go to full version