Trying to troubleshooting ESXi and vCenter logging to RHEL rsyslog server
Trying to send logs from our production ESXi and VMWare vCenter to a RHEL6 x86_64 VM. I currently use this RHEL VM for all of my RHEL VMs to forward their logs to it via TCP and also have Logwatch running on it.
I found this example online, however its for RHEL7. I wouldn't think it would matter at this point:
https://thevirtualist.org/centralized-syslog-server-vsphere-environment-centos7-rsyslog/
I made the following entries to /etc/rsyslog.conf
$RuleSet local
DefaultRuleset local
Restarted rsyslog daemon and got some errors and rsyslog stopped.
[root@host etc]# service rsyslog restart
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
[root@host etc]# tail -f /var/log/messages
Feb 26 12:26:09 host rsyslogd-3003: Could not find template 'TIMESTAMP' - action disabled
[try http://www.rsyslog.com/e/3003 ]
[root@host etc]# tail -f /var/log/messages
Feb 26 12:26:09 host rsyslogd-3003: Could not find template 'TIMESTAMP' - action disabled
[try http://www.rsyslog.com/e/3003 ]
Feb 26 12:26:09 host rsyslogd: the last error occured in /etc/rsyslog.d/vsphere.conf, line 19:"*.* ?REMOTEESX;TIMESTAMP"
Feb 26 12:26:09 rsyslogd: warning: selector line without actions will be discarded
Feb 26 12:26:09 rsyslogd-3000: unknown priority name "" [try http://www.rsyslog.com/e/3000 ]
Feb 26 12:26:09 rsyslogd: the last error occured in /etc/rsyslog.d/vsphere.conf, line 20:"}"
Feb 26 12:26:09 rsyslogd: warning: selector line without actions will be discarded
Feb 26 12:26:09 rsyslogd: the last error occured in /etc/rsyslog.conf, line 34:"$IncludeConfig /etc/rsyslog.d/*.conf"
Feb 26 12:26:09 rsyslogd-2124: CONFIG ERROR: could not interpret master config file '/etc/rsyslog.conf'. [try http://www.rsyslog.com/e/2124 ]
Feb 26 12:26:09 rsyslogd-2077: Could not create tcp listener, ignoring port 514. [try http://www.rsyslog.com/e/2077 ]
Doing some troubleshooting, looks like rsyslog needs to be upgraded to a newer version?
http://osengineer.blogspot.com/2014/01/install-rsyslog7-to-centos6.html
If that is the case, just back up important files, remove old rsyslog and then install the newer version, correct?
thanks
