Home / server / Questions / 486602
Accepted
HVNSweeting
Asked: 2013-03-12 02:56:22 +0800 CST

rsyslog Text File Input Module error

  • 772

I'm using:

root@u1210: /etc () # lsb_release -d
Description:    Ubuntu 12.10
root@u1210: /etc () # dpkg -l | grep rsyslog
ii  rsyslog                                   5.8.6-1ubuntu9                                    amd64        reliable system and kernel logging daemon

Today, I tried to read log from nginx log file but got this error:

Mar 11 17:34:18 u1210 kernel: imklog 5.8.6, log source = /proc/kmsg started.
Mar 11 17:34:18 u1210 rsyslogd: [origin software="rsyslogd" swVersion="5.8.6" x-pid="9742" x-info="http://www.rsyslog.com"] start
Mar 11 17:34:18 u1210 rsyslogd: rsyslogd's groupid changed to 103
Mar 11 17:34:18 u1210 rsyslogd: rsyslogd's userid changed to 101
Mar 11 17:34:18 u1210 rsyslogd-3003: invalid or yet-unknown config file command - have you forgotten to load a module? [try http://www.rsyslog.com/e/3003 ]
Mar 11 17:34:18 u1210 rsyslogd: the last error occured in /etc/rsyslog.conf, line 68:"$InputFilePollingInterval 10"
Mar 11 17:34:18 u1210 rsyslogd-2124: CONFIG ERROR: could not interpret master config file '/etc/rsyslog.conf'. [try http://www.rsyslog.com/e/2124 ]

check config version that rsyslog using:

root@u1210: /etc () # ps -ef | grep rsyslog
syslog   18934     1  0 17:42 ?        00:00:00 rsyslogd -c5

I 've just used default config, addition below lines:

$ModLoad imfile

$InputFileName /var/log/nginx/access.log
$InputFileTag nginx:
$InputFileStateFile nginxxxx
$InputFileSeverity error
$InputFileFacility local7
$InputRunFileMonitor
$InputFilePollingInterval 10

here is config file: http://pastebin.com/8RnHXaDd

nginx log file is exist:

root@u1210: ~ () # ls -l /var/log/nginx/access.log
-rw-r----- 1 www-data adm 730040 Mar 11 17:49 /var/log/nginx/access.log

I see that rsyslog is default on ubuntu, debian, fedora and many other distro. First, I think that this 5.8.6 is too old so it does not provide text file input function, but after google around, same thing can done from 3.X.

What I'm doing wrong here?

addition question: I tried syslog-ng, the config file is very nice, it work nice on this function. But google around, it seem is not used widely as rsyslog. There no good comparison about them (almost are out dated). Which do you suggest, syslog-ng or rsyslog? (I use Ubuntu/Debian)

Thanks!

rsyslog

2 Answers

  1. rsyslogd-3003: invalid or yet-unknown config file command - have you forgotten to load a module? [try http://www.rsyslog.com/e/3003 ]

    rsyslogd: the last error occured in /etc/rsyslog.conf, line 68:"$InputFilePollingInterval 10"

    According to this document, it should be

    $InputFilePollInterval 10

    instead of:

    $InputFilePollingInterval 10
    • 3
  2. Best Answer

    solved problem.

    It is about permission. /etc/rsyslog.conf has these lines:

    $PrivDropToUser syslog
$PrivDropToGroup syslog

    it drops privileges to syslog user and group after initialization.

    /var/log/nginx/access.log only can be accessed by www-data and users in adm group.

    Change $PrivDropToGroup syslog to $PrivDropToGroup adm make it works.

    thanks @quanta for pointing out the error in $InputFilePollInterval directive.

    • 2