Thursday, June 08, 2017

rsyslogd for Mageia6

I've been having trouble with occasional segfaults with my desktop workstation. It would be nice to look at the logs to see where the problem might be, but the logs show nothing.

It might be easier, I thought, if I enabled remote logging. That way I would have a copy of the desktops' logs on a working computer, a Shuttle X35 I use as a http server running lighttpd, serving static pages for several hobby-related websites.

Installing rsyslog was easy using urpmi. It was the configuration that was tricky. The configuration file for Mageia is kept in /etc/rsyslog.d and consists of a single file, 00_common.conf. The modules that can be called by rsyslog can be found in /usr/lib64/rsyslog.

The man page states:

The main configuration file /etc/rsyslog.conf or an alternative file,given with the -f option, is read at startup. Any  lines  that  begin with the hash mark (``#'') and empty lines are ignored. If an error occurs during parsing the error element is ignored. It  is  tried  to parse the rest of the line.
That seems easy enough. The receiving host is configured to receive and the sending host is configured to send, both using the same file. Using advice from TheGeekStuff, you can cobble together a file that might work. Note that that sites HOWTO page is dated 2012. The homepage for rsyslog also has rather extensive documents that tend to overwhelm.

One thing not found in the default 00_common.conf is the  "template" description that either generates the log file on the receiver, or configures rsyslog to send log info to the receiver.

RECEIVER

# This one is the template to generate the log filename #dynamically, depending on the client's IP address.
$template FILENAME,"/var/log/%fromhost-ip%/syslog.log"

SENDER

NOTE: 192.168.1.1 is used only as an example of the receiver's IP address.

# Provides UDP forwarding. The IP is the server's IP address
*.* @192.168.1.1:514 

# Provides TCP forwarding. But the current server runs on UDP
# *.* @@192.168.1.1:514

And, since I use sshutout and it needs to read /var/log/messages, the following needs to be added to the configuration file:

# Log info messages to messages file
#
*.=info;\
mail,news.none /var/log/messages

A FIX

If rsyslog will not start because of a missing dependency, it's because systemd is not configured correctly for rsyslog. This can be fixed with:

#systemctl enable rsyslog

Which creates the needed symlink.

ADDENDA

As of this writing, I have not gotten rsyslog to actually log anything remotely. I have configured the firewalls on each computer to allow the logging info to pass on port 514. Once I accomplish that, I will likely submit this information to the Mageia Wiki.

UPDATE - Oddly enough, the logs for my sender workstation are now included in my receiver workstation's /var/log/syslog. Weird.

RESOURCES









No comments: