MonitorWare Knowledge Base

I turned on the mysql general query log and am not seeing any queries coming from rsyslog, so I then started logging rsyslog, and I see the following in my debug: Invalid option 'sql *.* > 127.0.0.1'. I don't see why it is invalid and have tried various things but can't get it to insert data. Can anyone tell me what is wrong? I tried searching but came up with nothing. Thanks.

This is rsyslog.conf config:

Code: Select all

$ModLoad MySQL

$AllowedSender UDP, 127.0.0.1, 192.168.1.0/24
$AllowedSender TCP, 127.0.0.1, 192.168.1.0/24


# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

$template sysMysql,"INSERT INTO logs (host,facility, priority,level,tag,datetime,program,msg) VALUES ('%HOSTNAME%','%syslogfacility%','%syslogpriority%','%syslogseverity%','%syslogtag%', '%timereported:::date-mysql%','%programname%', '%msg%')", SQL *.* > 127.0.0.1,syslog,syslogwriter,topsecret;sysMysql


There are no errors when I start the service.

And this is the full debug. Bolded text shows a problem:

Code: Select all

Starting.
-1008428368: rsyslog 2.0.6.
-1008428368: Called init.
-1008428368: Unloading non-static modules.
-1008428368: Clearing templates.
-1008428368: cfline: '$ModLoad MySQL'
-1008428368: Requested to load module 'MySQL'
-1008428368: cfline: '$AllowedSender UDP, 127.0.0.1, 192.168.1.0/24'
-1008428368: cfline: '$AllowedSender TCP, 127.0.0.1, 192.168.1.0/24'
-1008428368: cfline: '*.info;mail.none;authpriv.none;cron.none                /var/log/messages'
-1008428368:  - traditional PRI filter
-1008428368: symbolic name: info ==> 6
-1008428368: symbolic name: none ==> 16
-1008428368: symbolic name: mail ==> 16
-1008428368: symbolic name: none ==> 16
-1008428368: symbolic name: authpriv ==> 80
-1008428368: symbolic name: none ==> 16
-1008428368: symbolic name: cron ==> 72
-1008428368: tried selector action for builtin-file: 0
-1008428368: Module builtin-file processed this config line.
-1008428368: template: ' TradFmt' assigned

...bunch of stuff left out for readability... This is the problem area

-1008428368: template: ' TradFmt' assigned
-1008428368: cfline: '$template sysMysql,"INSERT INTO logs (host,facility, priority,level,tag,datetime,program,msg) VALUES ('%HOSTNAME%','%syslogfacility%','%syslogpriority%','%syslogseverity%','%syslogtag%', '%timereported:::date-mysql%','%programname%', '%msg%')", SQL *.* > 127.0.0.1,syslog,syslogwriter,topsecret;sysMysql'
-1008428368: Invalid option 'sql *.* > 127.0.0.1' ignored.
-1008428368: Invalid option 'syslog' ignored.
-1008428368: Invalid option 'syslogwriter' ignored.
-1008428368: Invalid option 'topsecret;sysmysql' ignored.
-1008428368: selector line successfully processed
-1008428368: Opened UNIX socket `/dev/log' (fd 3).
-1008428368: Opened 2 syslog UDP port(s).
-1008428368: Allocating buffer for 200 TCP sessions.
-1008428368: Opened 2 syslog TCP port(s).
-1008428368: Worker thread started with state 0.


Active selectors:
Selector 1:
7F 7F  X 7F 7F 7F 7F 7F 7F  X  X 7F 7F 7F 7F 7F 7F 7F 7F 7F 7F 7F 7F 7F 7F
Actions:
builtin-file: /var/log/messages
   Instance data: 0x1334b510
   RepeatedMsgReduction: 1
   Resume Interval: 30
   Suspended: 0
   Disabled: 0
   Exec only when previous is suspended: 0

-1008428368: Template: Name='sysMysql'
-1008428368:    Entry(1334c8f0): type 1, (CONSTANT), value: 'INSERT INTO logs (host,facility, priority,level,tag,datetime,program,msg) VALUES (''
-1008428368:    Entry(1334c9d0): type 2, (FIELD), value: 'HOSTNAME'
-1008428368:    Entry(1334c830): type 1, (CONSTANT), value: '',''
-1008428368:    Entry(1334ca50): type 2, (FIELD), value: 'syslogfacility'
-1008428368:    Entry(1334cad0): type 1, (CONSTANT), value: '',''
-1008428368:    Entry(1334cb50): type 2, (FIELD), value: 'syslogpriority'
-1008428368:    Entry(1334cbd0): type 1, (CONSTANT), value: '',''
-1008428368:    Entry(1334cca0): type 2, (FIELD), value: 'syslogseverity'
-1008428368:    Entry(1334cd20): type 1, (CONSTANT), value: '',''
-1008428368:    Entry(1334cdf0): type 2, (FIELD), value: 'syslogtag'
-1008428368:    Entry(1334ce70): type 1, (CONSTANT), value: '', ''
-1008428368:    Entry(1334cf40): type 2, (FIELD), value: 'timereported' [Format as MySQL-Date]
-1008428368:    Entry(1334cfc0): type 1, (CONSTANT), value: '',''
-1008428368:    Entry(1334d090): type 2, (FIELD), value: 'programname'
-1008428368:    Entry(1334d110): type 1, (CONSTANT), value: '', ''
-1008428368:    Entry(1334d1e0): type 2, (FIELD), value: 'msg'
-1008428368:    Entry(1334d260): type 1, (CONSTANT), value: '')'
-1008428368: Loaded Module: Name='builtin-file', IFVersion=1, type=output module.
-1008428368: Entry points:
-1008428368:    queryEtryPt:        0x415b40
-1008428368:    doAction:           0x416760
-1008428368:    parseSelectorAct:   0x4160b0
-1008428368:    dbgPrintInstInfo:   0x415dd0
-1008428368:    freeInstance:       0x415d50
-1008428368:
-1008428368: Loaded Module: Name='builtin-fwd', IFVersion=1, type=output module.
-1008428368: Entry points:
-1008428368:    queryEtryPt:        0x413c30
-1008428368:    doAction:           0x414140
-1008428368:    parseSelectorAct:   0x414470
-1008428368:    dbgPrintInstInfo:   0x414120
-1008428368:    freeInstance:       0x4140b0
-1008428368:
-1008428368: Loaded Module: Name='builtin-shell', IFVersion=1, type=output module.
-1008428368: Entry points:
-1008428368:    queryEtryPt:        0x413010
-1008428368:    doAction:           0x413310
-1008428368:    parseSelectorAct:   0x4131e0
-1008428368:    dbgPrintInstInfo:   0x4131c0
-1008428368:    freeInstance:       0x4131a0
-1008428368:
-1008428368: Loaded Module: Name='builtin-discard', IFVersion=1, type=output module.
-1008428368: Entry points:
-1008428368:    queryEtryPt:        0x416d30
-1008428368:    doAction:           0x416c90
-1008428368:    parseSelectorAct:   0x416ee0
-1008428368:    dbgPrintInstInfo:   0x416c60
-1008428368:    freeInstance:       0x416ec0
-1008428368:
-1008428368: Loaded Module: Name='builtin-usrmsg', IFVersion=1, type=output module.
-1008428368: Entry points:
-1008428368:    queryEtryPt:        0x413420
-1008428368:    doAction:           0x413b30
-1008428368:    parseSelectorAct:   0x413620
-1008428368:    dbgPrintInstInfo:   0x4135d0
-1008428368:    freeInstance:       0x4135b0
-1008428368:
-1008428368: Loaded Module: Name='ommysql.so', IFVersion=1, type=output module.
-1008428368: Entry points:
-1008428368:    queryEtryPt:        0x2ad7c4056c30
-1008428368:    doAction:           0x2ad7c40572b0
-1008428368:    parseSelectorAct:   0x2ad7c4057000
-1008428368:    dbgPrintInstInfo:   0x2ad7c4056ba0
-1008428368:    freeInstance:       0x2ad7c4056fe0
-1008428368:

Sytem Line Configuration Commands:
   Command 'dynafilecachesize':
      type : 6
      pData: 0x0
      Hdlr : 0x415e90
      Owner: 0x415960

   Command 'dirowner':
      type : 2
      pData: 0x622d94
      Hdlr : 0x0
      Owner: 0x415960

   Command 'dirgroup':
      type : 3
      pData: 0x622d98
      Hdlr : 0x0
      Owner: 0x415960

   Command 'fileowner':
      type : 2
      pData: 0x622d8c
      Hdlr : 0x0
      Owner: 0x415960

   Command 'filegroup':
      type : 3
      pData: 0x622d90
      Hdlr : 0x0
      Owner: 0x415960

   Command 'dircreatemode':
      type : 5
      pData: 0x622a7c
      Hdlr : 0x0
      Owner: 0x415960

   Command 'filecreatemode':
      type : 5
      pData: 0x622a80
      Hdlr : 0x0
      Owner: 0x415960

   Command 'createdirs':
      type : 4
      pData: 0x622d9c
      Hdlr : 0x0
      Owner: 0x415960

   Command 'failonchownfailure':
      type : 4
      pData: 0x622d88
      Hdlr : 0x0
      Owner: 0x415960

   Command 'resetconfigvariables':
      type : 1
      pData: 0x0
      Hdlr : 0x415900
      Owner: 0x415960

      type : 1
      pData: 0x0
      Hdlr : 0x406030
      Owner: 0x0

   Command 'mainmsgqueuesize':
      type : 6
      pData: 0x622e04
      Hdlr : 0x0
      Owner: 0x0

   Command 'repeatedmsgreduction':
      type : 4
      pData: 0x622c34
      Hdlr : 0x0
      Owner: 0x0

   Command 'actionexeconlywhenpreviousissuspended':
      type : 4
      pData: 0x622c38
      Hdlr : 0x0
      Owner: 0x0

   Command 'actionresumeinterval':
      type : 6
      pData: 0x0
      Hdlr : 0x4064c0
      Owner: 0x0

   Command 'controlcharacterescapeprefix':
      type : 7
      pData: 0x622339
      Hdlr : 0x0
      Owner: 0x0

   Command 'escapecontrolcharactersonreceive':
      type : 4
      pData: 0x62233c
      Hdlr : 0x0
      Owner: 0x0

   Command 'dropmsgswithmaliciousdnsptrrecords':
      type : 4
      pData: 0x622b68
      Hdlr : 0x0
      Owner: 0x0

   Command 'droptrailinglfonreception':
      type : 4
      pData: 0x622340
      Hdlr : 0x0
      Owner: 0x0

   Command 'template':
      type : 1
      pData: 0x0
      Hdlr : 0x40ae10
      Owner: 0x0

   Command 'outchannel':
      type : 1
      pData: 0x1
      Hdlr : 0x40ae10
      Owner: 0x0

   Command 'allowedsender':
      type : 1
      pData: 0x2
      Hdlr : 0x40ae10
      Owner: 0x0

   Command 'modload':
      type : 1
      pData: 0x0
      Hdlr : 0x408f00
      Owner: 0x0

   Command 'includeconfig':
      type : 1
      pData: 0x0
      Hdlr : 0x409ed0
      Owner: 0x0

   Command 'umask':
      type : 5
      pData: 0x0
      Hdlr : 0x406b30
      Owner: 0x0

   Command 'debugprinttemplatelist':
      type : 4
      pData: 0x622344
      Hdlr : 0x0
      Owner: 0x0

   Command 'debugprintmodulelist':
      type : 4
      pData: 0x622348
      Hdlr : 0x0
      Owner: 0x0

   Command 'debugprintcfsyslinehandlerlist':
      type : 4
      pData: 0x62234c
      Hdlr : 0x0
      Owner: 0x0

   Command 'moddir':
      type : 8
      pData: 0x622bc0
      Hdlr : 0x0
      Owner: 0x0



Allowed UDP Senders:
   127.0.0.1/32
   192.168.1.0/24

Allowed TCP Senders:
   127.0.0.1/32
   192.168.1.0/24

Messages with malicious PTR DNS Records are not dropped.
Control characters are replaced upon reception.
Control character escape sequence prefix is '#'.
Main queue size 10000 messages.
-1008428368: logmsg: syslog.info<46>, flags 5, from 'svr-nagios', msg  [origin software="rsyslogd" swVersion="2.0.6" x-pid="28567" x-info="http://www.rsyslog.com"][x-configInfo udpReception="Yes" udpPort="514" tcpReception="Yes" tcpPort="514"] restart
-1008428368: Message has legacy syslog format.
-1008428368: EnqueueMsg signaled condition (0)
-1008428368:  restarted.
-1008428368: Debugging enabled, SIGUSR1 to turn off debugging.
-1008428368: Listening on UDP syslogd socket 10 (IPv6/port 514).
-1008428368: Listening on UDP syslogd socket 11 (IPv4/port 514).
-1008428368: Listening on TCP syslogd socket 12 (IPv6/port 514).
-1008428368: Listening on TCP syslogd socket 13 (IPv4/port 514).
-1008428368: ----------------------------------------
-1008428368: Calling select, active file descriptors (max 13): 3 10 11 12 13
1114741056: Lone worker is running...
1114741056: Called fprintlog, logging to builtin-file (/var/log/messages)
1114741056: singleWorker: queue EMPTY, waiting for next message.
-1008428368:


• Custom written rsyslog.conf?
• Maintenance Contract?
• Installation support?

the config is invalid. Please see sample guides, e.g. this here:

http://www.rsyslog.com/module-Static_Do ... html.phtml

Rainer