Username/Email:  Password: 
TwitterFacebookFlickrRSS
Home

Gene Liverman

Gene Liverman's picture

Profile

Gene Liverman

Occupation: 
Systems Administrator of *nix and VMware at a university.
Open Source project(s) I'm involved with or passionate about: 
Untangle, Drupal, Moodle, iTALC, LTSP, Ubuntu

I am interested in most things that relate to the desktop and server though I am particularly fond of virtualization. I love to find ways for Linux to work in educational environments (K-12 and higher ed) both on the front end and the back end. Most everywhere I have worked has used Windows as their desktop OS so a lot of my tinkering has revolved around making Linux play nice with Windows and Active Directory. I also have a fair amount of experience with Mac's. I cut my teeth on Gentoo Linux back in 2004 and used it almost exclusively until 2007 when I discovered Ubuntu. Though Gentoo is great for some things I fell in love with not having to compile everything and the great Debian package management system. The open source project I am the most passionate about is Untangle. Their platform is one of the very best ways I have found to prove Linux as a valuable resource to people. It is a shining example of what can be done when you combine the efforts of our wonderful community.


Guestbook

» You must be logged in to post a comment.

m_ab_malik
m_ab_malik's picture
Mon, 05/30/2011 - 12:25

I have configured Rsyslog with RELP and Log analyzer, now facing problem in eventlog feild veiw there are some fields are missing like eventlog type, event user, source event and event Id, can anyone help in this regards, here is my rsyslog.conf file,

# /etc/rsyslog.conf Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
# Default logging rules can be found in /etc/rsyslog.d/50-default.conf

#################
#### MODULES ####
#################

$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
#$ModLoad immark # provides --MARK-- message capability

$KLogPath /proc/kmsg

# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Filter duplicated messages
$RepeatedMsgReduction on

#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf

# Buffering stuff:
$WorkDirectory /var/rsyslog/work # default location for work (spool) files
$ActionQueueType LinkedList # use asynchronous processing
$ActionQueueFileName dbq # set file name, also enables disk mode
$ActionResumeRetryCount -1 # infinite retries on insert failure

lease note i am not using event reporter

Comment by Gene Liverman
Have you looked at the logs on your source machine to ensure those values are in the logs there?
m_ab_malik
m_ab_malik's picture
Sat, 05/28/2011 - 21:58

When I select veiw "eventlog feild" follwoing fields in loganalyzer are empty,
Event Type, Event Source, Event ID and Event User. Please guide me, how resolve this problem

m_ab_malik
m_ab_malik's picture
Sat, 05/28/2011 - 12:12

I have configured rsyslog server and snare agent for windows system but following fields are missing in log analyzer
Event Type, Event Source, Event ID and Event User. Please guide me, how resolve this problem