[rsyslog] Hi - Rsyslog run in debug mode only

Rahul Bhat bhat.rahul at hotmail.com
Thu Jan 24 12:11:26 CET 2013


 Any ideas are welcome :) 
 > From: bhat.rahul at hotmail.com
> To: rsyslog at lists.adiscon.com
> Date: Wed, 23 Jan 2013 15:36:26 +0100
> Subject: Re: [rsyslog] Hi - Rsyslog run in debug mode only
> 
> 
> 
>  > Rainer :
> > Actually, I am a bit puzzled. Can you try running an strace of an instance in non-debug mode? Maybe this provides some insight...
> Comment -  Hi , I was able to run the strace and here is the output from the same . I believe rsyslogd is missing or not able to find some libraries.  
> 
> more service.txt.29923 |grep
> "(No"
> 
> access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
> 
> open("/usr/lib64/tls/x86_64/libz.so.1",
> O_RDONLY) = -1 ENOENT (No such file or directory)
> stat("/usr/lib64/tls/x86_64", 0x7fff79ac2440) = -1 ENOENT (No such
> file or directory) open("/usr/lib64/tls/libz.so.1", O_RDONLY) = -1
> ENOENT (No such file or directory)
> open("/usr/lib64/x86_64/libz.so.1", O_RDONLY) = -1 ENOENT (No such
> file or directory) stat("/usr/lib64/x86_64", 0x7fff79ac2440) = -1
> ENOENT (No such file or directory) open("/usr/lib64/tls/libpthread.so.0",
> O_RDONLY) = -1 ENOENT (No such file or directory)
> open("/usr/lib64/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such
> file or directory) open("/usr/lib64/tls/libdl.so.2", O_RDONLY) = -1
> ENOENT (No such file or directory) open("/usr/lib64/libdl.so.2",
> O_RDONLY) = -1 ENOENT (No such file or directory)
> open("/usr/lib64/tls/librt.so.1", O_RDONLY) = -1 ENOENT (No such file
> or directory) open("/usr/lib64/librt.so.1", O_RDONLY) = -1 ENOENT (No
> such file or directory) open("/usr/lib64/tls/libestr.so.0", O_RDONLY)
> = -1 ENOENT (No such file or directory)
> open("/usr/lib64/tls/libjson.so.0", O_RDONLY) = -1 ENOENT (No such
> file or directory) open("/usr/lib64/tls/libee.so.0", O_RDONLY) = -1
> ENOENT (No such file or directory) open("/usr/lib64/tls/libm.so.6",
> O_RDONLY) = -1 ENOENT (No such file or directory)
> open("/usr/lib64/libm.so.6", O_RDONLY)  = -1 ENOENT (No such file or directory)
> open("/usr/lib64/tls/libgcc_s.so.1", O_RDONLY) = -1 ENOENT (No such
> file or directory) open("/usr/lib64/libgcc_s.so.1", O_RDONLY) = -1
> ENOENT (No such file or directory) open("/usr/lib64/tls/libc.so.6",
> O_RDONLY) = -1 ENOENT (No such file or directory)
> open("/usr/lib64/libc.so.6", O_RDONLY)  = -1 ENOENT (No such file or directory)
> open("/usr/lib64/tls/libnet.so.1", O_RDONLY) = -1 ENOENT (No such
> file or directory) open("/usr/lib64/libnet.so.1", O_RDONLY) = -1
> ENOENT (No such file or directory) open("/var/run/rsyslogd.pid",
> O_RDONLY) = -1 ENOENT (No such file or directory) [root at mob2l720k strace]# gzip
> service.txt.29923 [root at mob2l720k strace]# ls -ltr
> 
> > From: rgerhards at hq.adiscon.com
> > To: rsyslog at lists.adiscon.com
> > Date: Wed, 23 Jan 2013 07:44:52 +0000
> > Subject: Re: [rsyslog] Hi - Rsyslog run in debug mode only
> > 
> > 
> > 
> > > -----Original Message-----
> > > From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog-
> > > bounces at lists.adiscon.com] On Behalf Of Rahul Bhat
> > > Sent: Wednesday, January 23, 2013 12:41 AM
> > > To: rsyslog at lists.adiscon.com
> > > Subject: Re: [rsyslog] Hi - Rsyslog run in debug mode only
> > > 
> > > 
> > > 
> > > Hi Rado/Rainer,I tried running the rsyslog -n but nothing happened , I didn't
> > > have any output . So we have the same issue , spoofing and forwarding runs
> > > only with debug mode -dn and rest nothing works.Any ideas are welcome
> > 
> > Actually, I am a bit puzzled. Can you try running an strace of an instance in non-debug mode? Maybe this provides some insight...
> > 
> > Rainer
> > > 
> > > > Date: Tue, 15 Jan 2013 13:55:27 +0200
> > > > From: radu0gheorghe at gmail.com
> > > > To: rsyslog at lists.adiscon.com
> > > > Subject: Re: [rsyslog] Hi - Rsyslog run in debug mode only
> > > >
> > > > Hi Rahul,
> > > >
> > > >
> > > > 2013/1/15 Rahul Bhat <bhat.rahul at hotmail.com>
> > > >
> > > > >
> > > > >
> > > > >  hi radu, thanks for checking !! I am using -dn option for debug
> > > > > mode. I didn't  use -n only mode, I can try. But how can I check the
> > > > > difference b/w the two modes ( treat me new to rsyslog )
> > > >
> > > >
> > > > I wasn't thinking about anything fancy, just that if you start it with
> > > > -dn, it's not only debug mode, it's also foreground. So to narrow
> > > > things down, you can try just with -n and see what happens.
> > > >
> > > >
> > > > >  I modified rulesets/modules/tempates and nothing happens :(   > Date:
> > > > > Tue, 15 Jan 2013 13:09:10 +0200
> > > > > > From: radu0gheorghe at gmail.com
> > > > > > To: rsyslog at lists.adiscon.com
> > > > > > Subject: Re: [rsyslog] Hi - Rsyslog run in debug mode only
> > > > > >
> > > > > > Hi Rahul,
> > > > > >
> > > > > > I've never used UDP spoofing, so my best bet is to check out the
> > > > > > differences between debug and non-debug:
> > > > > > - when you start it with debug, do you use -n? If yes, what
> > > > > > happens if
> > > > > you
> > > > > > only do rsyslog -n?
> > > > > > - do you drop privileges in your config?
> > > > > >
> > > > > > Best regards,
> > > > > > Radu
> > > > > >
> > > > > > 2013/1/15 Rahul Bhat <bhat.rahul at hotmail.com>
> > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Dear Friends ,
> > > > > > > Hope you doing great !!I came across this mailing list while
> > > > > > > trying to configure the rsyslog v 7.2.4 with spoofing using -
> > > > > > > http://www.rsyslog.com/doc/omudpspoof.html. Thanks for making
> > > > > > > the information available. Unfortunately, I have a problem with
> > > > > > > the rsyslog config and have been trying to sort it out for
> > > > > > > sometime now. I have
> > > > > Linux
> > > > > > > rsyslog server which needs to send the logs to the central
> > > > > > > syslog
> > > > > server
> > > > > > > keeping the originator Ip unchanged hence I am using spooofing.
> > > > > > > Current conf parameter regarding spoofing: $ModLoad omudpspoof
> > > > > > > $template spoofaddr,"%fromhost-ip%"
> > > > > > > $template spooftemplate,"%rawmsg%"
> > > > > > > $ActionOMUDPSpoofSourceNameTemplate spoofaddr
> > > > > > > $ActionOMUDPSpoofTargetHost 10.xxx.xxx.xx
> > > > > > > $ActionOMUDPSpoofTargetPort 514
> > > $ActionOMUDPSpoofSourcePortStart
> > > > > > > 514 $ActionOMUDPSpoofSourcePortEnd 514
> > > > > > > *.* :omudpspoof:;spooftemplate
> > > > > > >  My rsyslog config works well when i am running the debug mode
> > > > > > > but as
> > > > > soon
> > > > > > > as i go back to non-debug mode, i don't see the logs being
> > > > > > > forwarded
> > > > > to the
> > > > > > > syslog server.All works well in debug but i don't understand how
> > > > > > > and
> > > > > which
> > > > > > > entries should i change for corrective action. If you have some
> > > > > > > time , would appreciate any ideas .
> > > > > > > Thanks Rahul
> > > > > > >
> > > > > > > _______________________________________________
> > > > > > > rsyslog mailing list
> > > > > > > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > > > > > > http://www.rsyslog.com/professional-services/
> > > > > > > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > > > > > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by
> > > > > > > a
> > > > > myriad
> > > > > > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
> > > > > > > if you DON'T LIKE THAT.
> > > > > > >
> > > > > > _______________________________________________
> > > > > > rsyslog mailing list
> > > > > > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > > > > > http://www.rsyslog.com/professional-services/
> > > > > > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE
> > > > > > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> > > > > > myriad
> > > > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
> > > > > you DON'T LIKE THAT.
> > > > >
> > > > > _______________________________________________
> > > > > rsyslog mailing list
> > > > > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > > > > http://www.rsyslog.com/professional-services/
> > > > > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE
> > > > > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> > > > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
> > > > > you DON'T LIKE THAT.
> > > > >
> > > > _______________________________________________
> > > > rsyslog mailing list
> > > > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > > > http://www.rsyslog.com/professional-services/
> > > > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE
> > > > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites
> > > beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
> > > LIKE THAT.
> > > 
> > > _______________________________________________
> > > rsyslog mailing list
> > > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > > http://www.rsyslog.com/professional-services/
> > > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL:
> > > This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond
> > > our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
> > _______________________________________________
> > rsyslog mailing list
> > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
>  		 	   		  
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
 		 	   		  


More information about the rsyslog mailing list