Hi, David- I tried that, but I unfortunately received the same error message. Thanks for the suggestion, though! ________________________________
Mat Wilson Software Infrastructure Support Engineer Infrastructure Implementation & QA UC Irvine ________________________________________ From: [email protected] [[email protected]] on behalf of David Lang [[email protected]] Sent: Wednesday, June 12, 2013 4:04 PM To: rsyslog-users Subject: Re: [rsyslog] 6.2.0 Configuration issues On Wed, 12 Jun 2013, Mathew David Wilson wrote: > Hello, all- > > The folks at the IRC channel on freenode referred me here. Can anyone tell > me what is wrong with my config file? Nothing is getting logged, and > rsyslog is throwing an error. Before anyone suggests it, I can't deviate > from the version in the Solaris repositories- otherwise I would do 7.4 . > > The error: > rsyslogd: syntax error in expression [try http://www.rsyslog.com/e/2051 ] > rsyslogd: the last error occured in /etc/rsyslog.conf, line 16:"if > $programname == 'sudo' and $msg contains 'USER=root' and $msg eregex > "COMMAND=/bin/.*sh" then /adm/tmp/mdwilson-workspace/logging/rootshell" > rsyslogd: warning: selector line without actions will be discarded > rsyslogd: CONFIG ERROR: could not interpret master config file > '/etc/rsyslog.conf'. [try http://www.rsyslog.com/e/2124 ] > > The config file: > > ##Global Directives > $MaxMessageSize 8192 > $MainMsgQueueDiscardMark 200 > $MainMsgQueueDequeueBatchSize 0 > > ##Load UDP and Solaris Logging modules > $ModLoad imudp > $ModLoad imsolaris > > ##Start UDP Logging for log4j > $UDPServerAddress 127.0.0.1 > $UDPServerRun 514 > > if $programname == 'sudo' and $msg contains 'USER=root' then /my/ > logdirectory/logging/allroot > > if $programname == 'sudo' and $msg contains 'USER=root' and $msg eregex > "COMMAND=/bin/.*sh" then /my/logdirectory/logging/rootshell > > if $programname == 'httpd' and $syslogfacility-text == 'local7' then /my/ > logdirectory/logging/apache > > local5.* /my/logdirectory/logging/local5 > *.* /my/logdirectory/logging/all > *.* /my/logdirectory/logging/all2 > > > Config paste included for readability. > http://pastebin.com/P9P6BMSR<https://exchange.uci.edu/owa/redir.aspx?C=Opx44D53dEqKFRMsokWjFiCVUbYfO9AILXmCYI00fK7-gXOu1Tnmedzl6wFy4W8Dqji2Hi0Gbe4.&URL=http%3a%2f%2fpastebin.com%2fP9P6BMSR> > > Thanks! That version is picky about ' vs " try changing the " in that line to ' and see if you keep getting the error. David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
