s_kipjack
asked on
Rsyslog State Files not being created
Hi all,
I recently ran into a problem and was hoping someone could help me figure it out. I am running Ubuntu 10.04 and rsyslog 5.8.1. I setup rsyslog to monitor a few files and send the any changes to those files to Loggly (great service by the way). Well, it all works great, except for the fact that whenever I restart rsyslog it resends everything from those files that it had sent in the past. Now, it is my understanding that rsyslog should use the $WorkDirectory and create what file that you set for $InputFileStateFile to save the state of the monitored file so that it does not send duplicate entries.
Here is an example that I'm working with:
$WorkDirectory /var/log/rsyslog
# Monit log file
$InputFileName /var/log/monit.log
$InputFileTag monit
$InputFileStateFile monit-state
$InputFileSeverity info
$InputRunFileMonitor
So, from my description above, rsyslog should create a "monit-state" file in "/var/log/rsyslog" which would save the state of the /var/log/monit.log" file so no duplicates are sent. Is that correct? If so, this is not happening!
What should the premission of "/var/log/rsyslog" be? Do I have to touch "monit-state" in "/var/log/rsyslog" (I tried that already and nothing happened)?
I've been working on this for a couple days and am at a loss, so any help would be appreciated. Thanks.
I recently ran into a problem and was hoping someone could help me figure it out. I am running Ubuntu 10.04 and rsyslog 5.8.1. I setup rsyslog to monitor a few files and send the any changes to those files to Loggly (great service by the way). Well, it all works great, except for the fact that whenever I restart rsyslog it resends everything from those files that it had sent in the past. Now, it is my understanding that rsyslog should use the $WorkDirectory and create what file that you set for $InputFileStateFile to save the state of the monitored file so that it does not send duplicate entries.
Here is an example that I'm working with:
$WorkDirectory /var/log/rsyslog
# Monit log file
$InputFileName /var/log/monit.log
$InputFileTag monit
$InputFileStateFile monit-state
$InputFileSeverity info
$InputRunFileMonitor
So, from my description above, rsyslog should create a "monit-state" file in "/var/log/rsyslog" which would save the state of the /var/log/monit.log" file so no duplicates are sent. Is that correct? If so, this is not happening!
What should the premission of "/var/log/rsyslog" be? Do I have to touch "monit-state" in "/var/log/rsyslog" (I tried that already and nothing happened)?
I've been working on this for a couple days and am at a loss, so any help would be appreciated. Thanks.
ASKER
This is interesting. When I set the $WorkDirectory permissions to:
drwxrwxrwx 2 syslog syslog 4096 2011-12-28 16:11 rsyslog
Everything works fine. But any other permissions I get a 'permissions denied' error in debug mode. I tried changing user:group and every other type of permission. I can't believe that you have to have the permission set to 777.
Does anyone have the actual permissions that $WorkDirectory should be set so that rsyslog could read and write to the state files?
drwxrwxrwx 2 syslog syslog 4096 2011-12-28 16:11 rsyslog
Everything works fine. But any other permissions I get a 'permissions denied' error in debug mode. I tried changing user:group and every other type of permission. I can't believe that you have to have the permission set to 777.
Does anyone have the actual permissions that $WorkDirectory should be set so that rsyslog could read and write to the state files?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ducan,
Thanks for your response. After playing around I was able to get the permissions down by setting the user to syslog and the group to adm. Thanks for your suggestion as it's a great way to troubleshoot for future problems as well. I really appreciate it.
Thanks for your response. After playing around I was able to get the permissions down by setting the user to syslog and the group to adm. Thanks for your suggestion as it's a great way to troubleshoot for future problems as well. I really appreciate it.
ASKER
Open in new window
I was able to see that it was in fact a permissions problem. I opened up permissions to 777 for my $WorkDirectory, just to test, and rsyslog did create the state files and everything worked as planned. I will continue to play with the permissions so that it's not 777 (obviously), but I wanted to let anyone else that might be having this problem know how I solved it.