MonitorWare Knowledge Base

I am presently test rsyslog and MySQL on a single machine. In the production setup I will have a separate machine for the database and rsyslog. I am using the default rsyslog.conf for this found on the site. When I shut down the MySQL process I am not getting any files being created from the disk assist.

# Load Modules --------------------------------------------------------

# Inputs -----------------------------

$ModLoad immark.so # Add Mark Messages
$ModLoad imuxsock.so # Unix Sockets
$ModLoad imklog # Kernel Logger
$ModLoad imudp.so # UDP Input

# Outputs -----------------------------

$ModLoad ommysql.so # Log to MySQL
$ModLoad ommail.so # Send Mail

$WorkDirectory /syslog/rsyslog # default location for work (spool) files

# Listeners -----------------------------------------------------------

$UDPServerRun 514 #UDP receiver

# Actions -------------------------------------------------------------

$ActionQueueType LinkedList # use asynchronous processing
$ActionQueueFileName dbq # set file name, also enable disk mode
$ActionResumeRetryCount -1 # infinite retries on insert failure
$ActionQueueMaxDiskSpace 10g # 10gb space limit (use as much as possiable)

:fromhost, isequal, "brdlx35" :ommysql:localhost,brdlx35,root,
:fromhost-ip, isequal, "172.25.1.3" :ommysql:localhost,ACE_ADMIN,root,
:fromhost-ip, isequal, "172.25.1.4" :ommysql:localhost,ACE_ADMIN,root,
:fromhost-ip, isequal, "172.25.1.5" :ommysql:localhost,ACE_ADMIN,root,
:fromhost-ip, isequal, "172.25.1.6" :ommysql:localhost,ACE_EXT_PROD,root,
:fromhost-ip, isequal, "172.25.1.7" :ommysql:localhost,ACE_EXT_PROD,root,
:fromhost-ip, isequal, "172.25.1.8" :ommysql:localhost,ACE_EXT_PROD,root,

:fromhost-ip, contains, "10.32" :ommysql:localhost,Stores,root,
:fromhost-ip, contains, "10.33" :ommysql:localhost,Stores,root,
:fromhost-ip, contains, "10.34" :ommysql:localhost,Stores,root,
:fromhost-ip, contains, "10.35" :ommysql:localhost,Stores,root,
:fromhost-ip, contains, "10.36" :ommysql:localhost,Stores,root,
:fromhost-ip, contains, "10.37" :ommysql:localhost,Stores,root,
:fromhost-ip, contains, "10.38" :ommysql:localhost,Stores,root,
:fromhost-ip, contains, "10.39" :ommysql:localhost,Stores,root,
:fromhost-ip, contains, "10.40" :ommysql:localhost,Stores,root,
:fromhost-ip, contains, "10.41" :ommysql:localhost,Stores,root,
:fromhost-ip, contains, "10.42" :ommysql:localhost,Stores,root,
:fromhost-ip, contains, "10.43" :ommysql:localhost,Stores,root,
:fromhost-ip, contains, "10.44" :ommysql:localhost,Stores,root,
:fromhost-ip, contains, "10.45" :ommysql:localhost,Stores,root,
:fromhost-ip, contains, "10.46" :ommysql:localhost,Stores,root,
:fromhost-ip, contains, "10.47" :ommysql:localhost,Stores,root,
:fromhost-ip, contains, "10.48" :ommysql:localhost,Stores,root,
:fromhost-ip, contains, "10.49" :ommysql:localhost,Stores,root,
:fromhost-ip, contains, "10.50" :ommysql:localhost,Stores,root,
:fromhost-ip, contains, "10.51" :ommysql:localhost,Stores,root,
:fromhost-ip, contains, "10.52" :ommysql:localhost,Stores,root,
:fromhost-ip, contains, "10.53" :ommysql:localhost,Stores,root,
:fromhost-ip, contains, "10.54" :ommysql:localhost,Stores,root,
:fromhost-ip, contains, "10.55" :ommysql:localhost,Stores,root,
:fromhost-ip, contains, "10.56" :ommysql:localhost,Stores,root,
:fromhost-ip, contains, "10.57" :ommysql:localhost,Stores,root,
:fromhost-ip, contains, "10.58" :ommysql:localhost,Stores,root,
:fromhost-ip, contains, "10.59" :ommysql:localhost,Stores,root,
:fromhost-ip, contains, "10.60" :ommysql:localhost,Stores,root,
:fromhost-ip, contains, "10.61" :ommysql:localhost,Stores,root,
:fromhost-ip, contains, "10.62" :ommysql:localhost,Stores,root,
:fromhost-ip, contains, "10.63" :ommysql:localhost,Stores,root,

When I change the rsyslog.conf and remove all the :fromhost-ip and just put

*.* :ommysql:localhost,Stores,root,

and shut down MySQL it creates the files. Is there another way to filter traffic and insert into MySQL. Also is there a way to put a network of address in the rsyslog.conf for a filter. The 10.32 - 10.63 is a 10.32.0.0/11 network. I would rather not haft to break it out if possible.

• Custom written rsyslog.conf?
• Maintenance Contract?
• Installation support?