[英]How to debug rsyslog on centos7
I have a forward mechanism of rsyslogs to an external service.我有一个将 rsyslogs 转发到外部服务的机制。
Under /etc/rsyslog.d
I have created a.conf file.在
/etc/rsyslog.d
下,我创建了一个 .conf 文件。
This is the file:这是文件:
$ModLoad imfile
$InputFilePollInterval 1
$InputFileName /var/log/secure
$InputFileTag securelogs:
$InputFileStateFile securelogs
$InputFileFacility local0
$InputRunFileMonitor
:syslogtag, isequal, "securelogs:" {
:msg, contains, "sshd" {
local0.* /var/log/forward_securelogs_audit.log
local0.* @@<server-ip>:514
}
stop
}
I have the same configurations on multiple servers, but for 2 of them, it is not working.我在多台服务器上具有相同的配置,但其中 2 台无法正常工作。
How can I debug?我该如何调试?
I tried following the instructions here - https://www.rsyslog.com/how-to-use-debug-on-demand/我尝试按照此处的说明进行操作 - https://www.rsyslog.com/how-to-use-debug-on-demand/
But there is no file - /etc/rc.d/init.d/rsyslog
但是没有文件 -
/etc/rc.d/init.d/rsyslog
Also there is no file - /var/run/rsyslogd.pid
也没有文件 -
/var/run/rsyslogd.pid
When fetching the version rsyslogd -v
I get the following获取版本
rsyslogd -v
时,我得到以下信息
0726.220297821:7f4d57c22780: Note: debug on demand turned on via configuraton file, use USR1 signal to activate.
rsyslogd 8.24.0-57.el7_9, compiled with:
PLATFORM: x86_64-redhat-linux-gnu
PLATFORM (lsb_release -d):
FEATURE_REGEXP: Yes
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
memory allocator: system default
Runtime Instrumentation (slow code): No
uuid support: Yes
Number of Bits in RainerScript integers: 64
But again, I cannot see anything in the debug file, nor on the terminal.但同样,我在调试文件中看不到任何东西,在终端上也看不到。
Any help will be much appreciated.任何帮助都感激不尽。
The document you link to is very old, and RedHat and CentOS now use systemd to start the daemon so those files no longer exist.您链接到的文档非常旧,RedHat 和 CentOS 现在使用 systemd 启动守护程序,因此这些文件不再存在。 If you do
如果你这样做
systemctl status rsyslog
you should see lines including something like你应该看到包括类似
Active: active (running) since ...
Main PID: 738 (rsyslogd)
You can send the USR1 signal to this numbered process to toggle debug.您可以将 USR1 信号发送到此编号的进程以切换调试。 In this case it would be:
在这种情况下,它将是:
sudo kill -USR1 738
By default, I think the debug output should be on stdout, which on my Fedora systemd is directed to /dev/null
for rsyslogd, so this may not help.默认情况下,我认为调试 output 应该在 stdout 上,在我的 Fedora systemd 上,它针对 rsyslogd 被定向到
/dev/null
,所以这可能无济于事。 I don't have CentOS but it may be similar.我没有 CentOS 但可能类似。 You can look at the systemd unit with:
您可以使用以下命令查看 systemd 单元:
systemctl cat rsyslog
In my case this includes the lines:就我而言,这包括以下几行:
EnvironmentFile=-/etc/sysconfig/rsyslog
StandardOutput=null
If this is your case, you can add options to file /etc/sysconfig/rsyslog
such as:如果是这种情况,您可以向文件
/etc/sysconfig/rsyslog
添加选项,例如:
RSYSLOG_DEBUGLOG=/tmp/rsyslogdebug
and then restart rsyslogd and try to signal it again to toggle debug.然后重新启动 rsyslogd 并尝试再次发出信号以切换调试。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.