rsyslog:操作已暂停,下次重试是

tag-icon tag-icon networking logging rsyslog systemctl centralized-logging
rsyslog:操作已暂停,下次重试是

我正在尝试配置rsyslog以接收端口 3100 上从其他设备发送的日志(我的经理选择了该端口,稍后我会让他将其更改为 514),并将这些日志保存(附加)到本地文件中。因此我创建了/etc/rsyslog.d/remote.conf以下内容:

$umask 0000
template(name="DynFile" type="string" string="/var/log/remote/%$YEAR%-%$MONTH%-%$DAY%/%HOSTNAME%")
ruleset(name="RemoteMachine"){ action(type="omfile" dynaFile="DynFile" dirCreateMode="0755") }

# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="3100")

# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="3100")

#Enable sending system logs over UDP to rsyslog server
*.* @rsyslog-ip-address:3100

#Enable sending system logs over TCP to rsyslog server
*.* @@rsyslog-ip-address:3100

#Set disk queue when rsyslog server will be down:
$ActionQueueFileName queue
$ActionQueueMaxDiskSpace 1g
$ActionQueueSaveOnShutdown on
$ActionQueueType LinkedList
$ActionResumeRetryCount -1

systemd单元添加了调试功能:

ExecStart=/usr/sbin/rsyslogd -n -d

然后重新启动rsyslog

systemctl daemon-reload
systemctl restart rsyslog

然后检查端口绑定:

# ss -tulpn|grep 3100
udp    UNCONN     0      0         *:3100                  *:*                   users:(("rsyslogd",pid=11899,fd=5))
udp    UNCONN     0      0        :::3100                 :::*                   users:(("rsyslogd",pid=11899,fd=6))
tcp    LISTEN     0      25        *:3100                  *:*                   users:(("rsyslogd",pid=11899,fd=7))
tcp    LISTEN     0      25       :::3100                 :::*                   users:(("rsyslogd",pid=11899,fd=8))

因此看起来好像rsyslog是按照配置文件进行监听;但是,最后几行是journalctl -e -u rsyslog

Sep 05 16:10:22 office-zabbix-proxy systemd[1]: Starting System Logging Service...
Sep 05 16:10:22 office-zabbix-proxy liblogging-stdlog[11899]:  [origin software="rsyslogd" swVersion="8.24.0" x-pid="11899" x-info="http://www.rsyslog.com"] start
Sep 05 16:10:22 office-zabbix-proxy systemd[1]: Started System Logging Service.
Sep 05 16:10:22 office-zabbix-proxy liblogging-stdlog[11899]: action 'action 1' suspended, next retry is Mon Sep  5 16:10:52 2022 [v8.24.0 try http://www.rsyslog.com/e/2007 ]
Sep 05 16:10:22 office-zabbix-proxy liblogging-stdlog[11899]: action 'action 2' suspended, next retry is Mon Sep  5 16:10:52 2022 [v8.24.0 try http://www.rsyslog.com/e/2007 ]

我推测这些“操作”对应于配置文件中的两个模块/输入声明,但我不知道为什么它们被“暂停”,这是否重要,以及我应该怎么做。

但是,下面没有文件/var/log/remote/(存在,具有 0777 权限),所以我推测有什么东西阻止了配置执行我想要的操作。操作系统是 Debian 11,未处于 SELinux 模式。请帮忙?

相关内容