我正在尝试让 LogAnalyzer 运行并基于以下设置系统如何在 Ubuntu 16.04 LTS / Ubuntu 18.04 LTS 上使用 rsyslog 设置日志分析器。一直很顺利,直到第一次LogAnalyzer失败,说数据库表没有数据。我看过了,它是正确的,无论出于何种原因,rsyslog 没有写入数据库(MariaDB 15.1),我不明白为什么。这是我的 mysql.conf (密码是我的密码,我之前已经验证过数据库登录数据。):
module (load="ommysql")
*.* action(type="ommysql" server="localhost" db="Syslog" uid="rsyslog" pwd="*pwd*")
我已经在 rsyslog 上运行了调试,以下是一些片段:
4945.357999570:main thread : rainerscript.c: name: 'load', value 'ommysql'
4945.358021444:main thread : rainerscript.c: nvlstGetParam: name 'load', type 13, valnode->bUsed 0
4945.358038361:main thread : modules.c: modulesProcessCnf params:
4945.358053527:main thread : rainerscript.c: load: 'ommysql'
4945.358092317:main thread : modules.c: Requested to load module 'ommysql'
4945.358116817:main thread : modules.c: loading module '/usr/lib/aarch64-linux-gnu/rsyslog/ommysql.so'
4945.376069860:main thread : modules.c: module ommysql of type 1 being loaded (keepType=0).
4945.376135775:main thread : ommysql.c: entry point 'setModCnf' not present in module
4945.376153858:main thread : modules.c: module config name is 'ommysql'
4945.376169608:main thread : ommysql.c: entry point 'beginCnfLoad' not present in module
4945.376237564:main thread : ommysql.c: entry point 'doHUP' not present in module
4945.376253314:main thread : ommysql.c: entry point 'doHUPWrkr' not present in module
4945.376268480:main thread : ommysql.c: entry point 'SetShutdownImmdtPtr' not present in module
4945.376283938:main thread : ommysql.c: entry point 'doAction' not present in module
4945.376299396:main thread : ommysql.c: entry point 'endTransaction' not present in module
4945.380317284:main thread : rainerscript.c: nvlstGetParam: name 'type', type 14, valnode->bUsed 0
4945.380507737:main thread : ../action.c: action param blk after actionNewInst:
4945.380530195:main thread : rainerscript.c: name: (unset)
4945.380567527:main thread : rainerscript.c: type: 'ommysql'
4945.380607484:main thread : rainerscript.c: action.errorfile: (unset)
4945.380644233:main thread : rainerscript.c: action.writeallmarkmessages: (unset)
4945.380679816:main thread : rainerscript.c: action.execonlyeverynthtime: (unset)
4945.380715398:main thread : rainerscript.c: action.execonlyeverynthtimetimeout: (unset)
4945.380751272:main thread : rainerscript.c: action.execonlyonceeveryinterval: (unset)
还有一件事:
4945.396148220:main thread : ../template.c: Template: Name=' StdDBFmt' [SQL-Format (MySQL)]
4945.396203635:main thread : ../template.c: Entry(556f6dec70): type 1, (CONSTANT), value: 'insert into SystemEvents (Message, Facility, FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values (''
4945.396243009:main thread : ../template.c: Entry(556f6ded30): type 2, (FIELD), value: '1'
4945.396280925:main thread : ../template.c: Entry(556f6deea0): type 1, (CONSTANT), value: '', '
4945.396319424:main thread : ../template.c: Entry(556f6def60): type 2, (FIELD), value: '12'
4945.396357048:main thread : ../template.c: Entry(556f6df0d0): type 1, (CONSTANT), value: ', ''
4945.396395255:main thread : ../template.c: Entry(556f6df190): type 2, (FIELD), value: '3'
4945.396434045:main thread : ../template.c: Entry(556f6df300): type 1, (CONSTANT), value: '', '
4945.396472253:main thread : ../template.c: Entry(556f6df3c0): type 2, (FIELD), value: '14'
4945.396511335:main thread : ../template.c: Entry(556f6df530): type 1, (CONSTANT), value: ', ''
4945.396549542:main thread : ../template.c: Entry(556f6df5f0): type 2, (FIELD), value: '2' [Format as MySQL-Date] [COMPLEX]
4945.396610207:main thread : ../template.c: Entry(556f6df760): type 1, (CONSTANT), value: '', ''
4945.396648123:main thread : ../template.c: Entry(556f6df820): type 2, (FIELD), value: '16' [Format as MySQL-Date] [COMPLEX]
4945.396708496:main thread : ../template.c: Entry(556f6df990): type 1, (CONSTANT), value: '', '
4945.396747287:main thread : ../template.c: Entry(556f6dfa50): type 2, (FIELD), value: '11'
4945.396786369:main thread : ../template.c: Entry(556f6dfbc0): type 1, (CONSTANT), value: ', ''
4945.396823701:main thread : ../template.c: Entry(556f6dfc80): type 2, (FIELD), value: '4'
4945.396862784:main thread : ../template.c: Entry(556f6dfdf0): type 1, (CONSTANT), value: '')'
我不确定这是否提供了足够的信息,如果有帮助,我很乐意分享更多信息。我正在努力找出如何解决此问题,并感谢这里专家的任何建议。
答案1
我弄清楚了这一点,并想分享答案,以防有人遇到同样的问题。具体来说,我的配置中有以下行:
&~
无论出于何种原因,这都会导致错误,并且删除该线路可以解决问题。