Issues with inotify mode

Problems configuring syslog in your device or application? Turn to this group for peer discussions.

Moderator: alorbach

Google Ads


Issues with inotify mode

Postby shivkumar » Wed Feb 07, 2018 10:45 am

I am trying to push my nginx logs to my tcp endpoint.

Following is my configuration

Code: Select all
global(workDirectory="/var/lib/rsyslog")
module(load="imfile") #needs to be done just once

#RsyslogGnuTLS
$DefaultNetstreamDriverCAFile /etc/rsyslog.d/keys/ca.d/my.cert
$ActionSendStreamDriver gtls
$ActionSendStreamDriverMode 1
$ActionSendStreamDriverAuthMode x509/name
$ActionSendStreamDriverPermittedPeer my.domain.com

# File 1
input(type="imfile"
  file="/var/log/nginx/*access.log"
  Tag="nginx-access"
  Severity="info"
  PersistStateInterval="20000"
)

# File 2
input(type="imfile"
  file="/var/log/nginx/*error.log"
  Tag="nginx-error"
  Severity="info"
  PersistStateInterval="20000"
)

$PrivDropToGroup root

#Add a tag for NGINX Access events
$template NginxAccess,"%msg%\n"

#Add a tag for NGINX Error events
$template NginxError,"%msg%\n"

if $programname == 'nginx-access' then @@my.domain.com:9000;NginxAccess
if $programname == 'nginx-access' then stop

if $programname == 'nginx-error' then @@my.domain.com:9000;NginxError
if $programname == 'nginx-error' then stop



Issues :

    rsyslog is only sending logs for access log ie : it is not monitoring the second input module ( error logs )
    After sending some lines ( batch of lines ) it stops sending log events to my endpoint

What is the issue ?
What I am doing wrong here ?

Thanks
shivkumar
Avarage
 
Posts: 11
Joined: Wed Dec 20, 2017 12:18 pm

Google Ads


Return to Configuring Syslog

Who is online

Users browsing this forum: No registered users and 0 guests

cron