jrs
23rd June 2009, 22:06
I generated the test logs and I have everything working as far as Centreon and the syslog module are concerned. I can see all the logs from the centreon interface correctly.
However, none of my real logs are appearing. I've determined that rsyslog is even attempting to insert them into the mysql database (i turned on the mysql general query log to verify this). I subsequently turned on debugging for rsyslog, and I see an error: Invalid option 'sql *.* > 127.0.0.1' . I've cross posted this because I need to figure it out quickly, but i'd appreciate if anyone could tell me what is wrong. Thanks in advance.
Here is my rsyslog.conf:
$ModLoad MySQL
$AllowedSender UDP, 127.0.0.1, 192.168.1.0/24
$AllowedSender TCP, 127.0.0.1, 192.168.1.0/24
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
$template sysMysql,"INSERT INTO logs (host,facility, priority,level,tag,datetime,program,msg) VALUES ('%HOSTNAME%','%syslogfacility%','%syslogpriority% ','%syslogseverity%','%syslogtag%', '%timereported:::date-mysql%','%programname%', '%msg%')", SQL *.* > 127.0.0.1,syslog,syslogwriter,topsecret;sysMysql
And here is part of the debug from rsyslog.conf:
-1008428368: cfline: '$template sysMysql,"INSERT INTO logs (host,facility, priority,level,tag,datetime,program,msg) VALUES ('%HOSTNAME%','%syslogfacility%','%syslogpriority% ','%syslogseverity%','%syslogtag%', '%timereported:::date-mysql%','%programname%', '%msg%')", SQL *.* > 127.0.0.1,syslog,syslogwriter,topsecret;sysMysql'
-1008428368: Invalid option 'sql *.* > 127.0.0.1' ignored.
-1008428368: Invalid option 'syslog' ignored.
-1008428368: Invalid option 'syslogwriter' ignored.
-1008428368: Invalid option 'topsecret;sysmysql' ignored.
-1008428368: selector line successfully processed
-1008428368: Opened UNIX socket `/dev/log' (fd 3).
-1008428368: Opened 2 syslog UDP port(s).
-1008428368: Allocating buffer for 200 TCP sessions.
-1008428368: Opened 2 syslog TCP port(s).
-1008428368: Worker thread started with state 0.
However, none of my real logs are appearing. I've determined that rsyslog is even attempting to insert them into the mysql database (i turned on the mysql general query log to verify this). I subsequently turned on debugging for rsyslog, and I see an error: Invalid option 'sql *.* > 127.0.0.1' . I've cross posted this because I need to figure it out quickly, but i'd appreciate if anyone could tell me what is wrong. Thanks in advance.
Here is my rsyslog.conf:
$ModLoad MySQL
$AllowedSender UDP, 127.0.0.1, 192.168.1.0/24
$AllowedSender TCP, 127.0.0.1, 192.168.1.0/24
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
$template sysMysql,"INSERT INTO logs (host,facility, priority,level,tag,datetime,program,msg) VALUES ('%HOSTNAME%','%syslogfacility%','%syslogpriority% ','%syslogseverity%','%syslogtag%', '%timereported:::date-mysql%','%programname%', '%msg%')", SQL *.* > 127.0.0.1,syslog,syslogwriter,topsecret;sysMysql
And here is part of the debug from rsyslog.conf:
-1008428368: cfline: '$template sysMysql,"INSERT INTO logs (host,facility, priority,level,tag,datetime,program,msg) VALUES ('%HOSTNAME%','%syslogfacility%','%syslogpriority% ','%syslogseverity%','%syslogtag%', '%timereported:::date-mysql%','%programname%', '%msg%')", SQL *.* > 127.0.0.1,syslog,syslogwriter,topsecret;sysMysql'
-1008428368: Invalid option 'sql *.* > 127.0.0.1' ignored.
-1008428368: Invalid option 'syslog' ignored.
-1008428368: Invalid option 'syslogwriter' ignored.
-1008428368: Invalid option 'topsecret;sysmysql' ignored.
-1008428368: selector line successfully processed
-1008428368: Opened UNIX socket `/dev/log' (fd 3).
-1008428368: Opened 2 syslog UDP port(s).
-1008428368: Allocating buffer for 200 TCP sessions.
-1008428368: Opened 2 syslog TCP port(s).
-1008428368: Worker thread started with state 0.