1

I want to send logs from 2 client servers to a single remote server. The client config :

  ...
  module(load="imfile" PollingInterval="10")    # Polling every 10 secondes
  ...
  if $syslogtag == 'apache' then {
    action(type="omfwd" Target="192.168.0.10" Port="514" Protocol="udp" )
    & stop
  }
  ...
  input(type="imfile"
      File="/var/log/httpd/my_apache_log"
      Tag="apache"
      Severity="info"
      Facility="local7")
   ...

The server config :

  ...
  # Provides UDP syslog reception
  $ModLoad imudp
  $UDPServerRun 514
  ...
  if $syslogtag == 'apache' and $syslogseverity-text == 'info' then {
    /my_path/my_apache_log
    & stop
  }
  ...

These configs work like a charm.

Now, I want to use template format to customize the logs. So, in the client config, I change the config like this :

  ...
  module(load="imfile" PollingInterval="10")    # Polling every 10 secondes
  ...
  template (name="MyTemplate" type="list") {
        property(name="hostname")
        constant(value="', ")
        property(name="msg")
        constant(value="\n")
  }
  ...
  if $syslogtag == 'apache' then {
    action(type="omfwd" Target="192.168.0.10" Port="514" Protocol="udp" template="MyTemplate")
    & stop
  }
  ...
  input(type="imfile"
      File="/var/log/httpd/my_apache_log"
      Tag="apache"
      Severity="info"
      Facility="local7")
   ...

If I run the following command rsyslogd -N1, I don't get any errors, but I don't have any more logs on the remote server.

Why ?

αғsнιη
  • 40,939
  • 15
  • 71
  • 114
gduh
  • 111
  • 2
  • would you try `template (name="MyTemplate" type="list") { property(name="hostname") constant(value=",'") property(name="msg") constant(value="'\n") }`? – αғsнιη Sep 20 '22 at 14:48
  • ... and also try `rsyslogd -N2` if can see more verbose output if any. – αғsнιη Sep 20 '22 at 14:54
  • @αғsнιη I tried your template with no more success. `rsyslogd -N2` does not show more information. Instead of `type="list"`, I also tried `type="string"`, but it didn't change anything. – gduh Sep 21 '22 at 07:30
  • Did you specify the template when receiving the logs? And did you check, that the properties you're checking for are still in the message? Otherwise you may be receiving the logs but they're just not being logged because of the conditional. – eDonkey Oct 19 '22 at 13:54
  • @eDonkey, well, instead of setting the template on the sender, I set it on the receiver. And it works like that. But I didn't understand why it's not ok when I define it on the sender. – gduh Oct 21 '22 at 07:42
  • Rsyslog expects the logs to be in a specific format, if it isn't in that format, the message is dropped. Therefore you have to specify the format (template) in which you expect the received messages to be in. – eDonkey Oct 21 '22 at 08:02
  • To help other users coming across the same problem, you may want to create an answer and mark your question solved. – eDonkey Nov 10 '22 at 08:08

0 Answers0