Syslog configuration - APIC

conf-t · ‎03-27-2024

Hi,

I'm trying to configure syslog in APIC.. I did the basic config (dest group and source) but when I want to verify via cli with the command "ps -A | grep rsyslog", nothing appeared !! test works with logit command and I can see logs in /var/log/external/messages.

Also, #rsyslogd -version: command not found !!

Any idea please?

AshSe · ‎11-29-2024

Hello @conf-t I checked and below is the output of the same commands:

APIC-1# ps -A | grep rsyslog
3762 ? 01:00:46 rsyslogd

APIC-

1# rsyslogd -version:
rsyslogd 8.24.0-57.el7_9.0atomix1, compiled with:
PLATFORM: x86_64-redhat-linux-gnu
PLATFORM (lsb_release -d):
FEATURE_REGEXP: Yes
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
memory allocator: system default
Runtime Instrumentation (slow code): No
uuid support: Yes
Number of Bits in RainerScript integers: 64

See http://www.rsyslog.com for more information.

It sounds like you've done the basic configuration for syslog on your APIC (Application Policy Infrastructure Controller), but you're encountering issues verifying the rsyslog process and checking its version. Here are a few steps and considerations to help you troubleshoot:

Verify rsyslog Process:
1. The command ps -A | grep rsyslog should show the rsyslog process if it is running. If it doesn't, it might mean that rsyslog is not running or is named differently.
2. Try using ps aux | grep rsyslog instead, which might give you more detailed output.
Check if rsyslog is Installed:
1. The error rsyslogd -version: command not found suggests that the rsyslog package might not be installed or the binary is not in the system's PATH.
2. Check if rsyslog is installed by running which rsyslogd or whereis rsyslogd.
Start/Restart rsyslog Service:
1. If rsyslog is not running, you might need to start or restart the service. Use the following commands depending on your system's init system:
  1. For systemd: sudo systemctl start rsyslog or sudo systemctl restart rsyslog
  2. For SysVinit: sudo service rsyslog start or sudo service rsyslog restart
Check rsyslog Configuration:
1. Ensure that the rsyslog configuration files are correctly set up. The main configuration file is usually located at /etc/rsyslog.conf or in the /etc/rsyslog.d/directory.
2. Look for any syntax errors or misconfigurations that might prevent rsyslog from starting.
Check Logs for Errors:
1. Check the system logs for any errors related to rsyslog. You can use journalctl -xe(for systemd) or check /var/log/syslog or /var/log/messages for any relevant error messages.
Verify Log Output:
1. Since you mentioned that the test works with the logit command and you can see logs in /var/log/external/messages, it indicates that rsyslog is functioning to some extent. Ensure that the destination group and source configurations are correctly set up to forward logs to the desired location.
Check rsyslog Version:
1. If you need to check the rsyslog version and the rsyslogd -version command is not found, you can try:
  1. rsyslogd -v or rsyslogd --version
  2. If these commands are not available, you might need to install rsyslog or check the package manager for the installed version. For example, on a Debian-based system, you can use dpkg -l | grep rsyslog.

If you continue to face issues, please provide more details about your environment (e.g., the operating system and version) and any specific error messages you encounter. This will help in providing more targeted assistance.

HTH

Ashse