Answer the question
In order to leave comments, you need to log in
M
M
mixlink2015-03-12 18:49:51
mixlink, 2015-03-12 18:49:51
What might cause two Rsyslog modules not to work at the same time?
Essence of the question: I set up a centralized collection of logs using Rsyslog. Build Server: Ubuntu.
The logs come to the server, then they are written to the database using the ommysql plugin and analyzed by LogAnalyzer from there.
I ran into a problem: I wanted to make an email notification when I logged into the servers as root, but for some reason one of the functions does not work.
If the config for sending mail is "sucked" first in /etc/rsyslog.d/, the logs are not written to the database.
If the config for writing to the database is "sucked up" first, then, accordingly, mail is not sent.
I tried to write everything to the common config (/etc/rsyslog.conf), but the same result: The block that turned out to be the first works.
Has anyone encountered this problem? What could be causing this?
1 answer(s)
@mixlink
M
mixlink, 2015-03-12 @mixlink
Log examples:
At the end of rsyslog.conf there is an include for configs in the /etc/rsyslog.d/ folder
There are two configs:
1.conf:
### Configuration file for rsyslog-mysql
### Changes are preserved
$ModLoad ommysql
:fromhost- ip, isequal, "127.0.0.1" :ommysql:localhost,1_syslog,login,pass
and six more such lines, the difference is only in ip and the database where to write.
2.conf:
$ModLoad ommail
$ActionMailSMTPServer 127.0.0.1
$ActionMailFrom [email protected]
$ActionMailTo [email protected]
$template mailSubject,"root auth on %hostname%"
$template mailBody,"RSYSLOG Alert\r\nmsg= '%msg%'"
$ActionMailSubject mailSubject
$ActionExecOnlyOnceEveryInterval 21600
then :ommail:;mailBody
Similar questions
G
L
S
D
O
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question