rsyslog error 3000

One thought on “rsyslog error 3000

  1. I configured rsyslog to send logs to remote ELK server.

    Case 1) When I configure rsyslog like below queue is working

    root@svlircid# cat /etc/rsyslog.d/10-rsyslog-remote.conf
    $WorkDirectory /var/lib/rsyslog # Locatie voor spoolfiles
    $ActionQueueFileName svlircid # prefixnaam voor spoolfiles ( wissen )
    $ActionQueueMaxDiskSpace 1g # max grote spoolfiles
    $ActionQueueSaveOnShutdown on
    $ActionQueueType LinkedList # asynchroon
    $ActionResumeRetryCount -1 # blijven proberen if server down
    $ActionSendStreamDriverAuthMode anon # Geen client-authenticatie

    *.* @@testserver:6528

    Case 2) When I configure like below i don;t see queue created.

    root@svlircib# cat /etc/rsyslog.d/10-rsyslog-remote.conf
    $WorkDirectory /var/lib/rsyslog # Locatie voor spoolfiles
    $ActionQueueFileName svlircib # prefixnaam voor spoolfiles ( wissen )
    $ActionQueueMaxDiskSpace 1g # max grote spoolfiles
    $ActionQueueSaveOnShutdown on
    $ActionQueueType LinkedList # asynchroon
    $ActionResumeRetryCount -1 # blijven proberen if server down
    $ActionSendStreamDriverAuthMode anon # Geen client-authenticatie

    template(name=\”JournalTemplate\” type=\”string\” string=\”%$!all-json%\\n\” ) #template for messages
    action(type=\”omfwd\” protocol=\”tcp\” port=\”6528\” Target=\”testserver\” template=\”JournalTemplate\”)

    Please let us know why in the second case queue is created when remote ELK server not reachable.

    Regards,
    Praveen.

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top