John Hupp
2012-12-03 22:54:45 UTC
While trying to troubleshoot the problem in which many or most clients
stall during boot at a blank, black screen (which I'm still
troubleshooting), I thought it would be useful to see the syslog
messages from the client. But I was having trouble finding
documentation of how to do that with rsyslog(only syslog-ng). I imagine
that variouspeople here could whip up this configuration in about a
minute (I see now that I failed to ask here), but I had to dig and study
it off-and-on for a couple days.
Here is a working recipe:
To accomplish forwarding of syslog messages by TCP (rather than by UDP
or RELP):
In /etc/rsyslog.conf for the client machine add this to the end of the file:
*.* @@<server's IP address>:10514
For an LTSP network, if it is a standard LTSP 5 setup with a chroot
environment, then just edit the file as above and update the image.
For an LTSP network with an LTSP-PNP setup it is trickier. For
temporary troubleshooting you can just modify /etc/rsyslog.conf, update
the client NBD image, then edit /etc/rsyslog.conf again with the
settings required for the server. If you want a permanent forwarding
setup that will not be overwritten by image updates, then you would
probably write a script in /usr/share/ltsp/init-ltsp.d that modifies
/etc/rsyslog.conf in place on-the-fly during bootup (using the stream
editor command "sed"). But I have not had a successful experience with
that yet, so I merely toss that out as a lead.
-------------------
In /etc/rsyslog.conf for the server where you want the messages
forwarded, un-comment these two lines in rsyslog.conf:
$ModLoad imtcp
$InputTCPServerRun 10514
This much alone on the server will cause forwarded messages to be
received on the server and incorporated in the standard log file at
/var/log/syslog. But they will be added to the messages that are logged
for the server itself. That may do for your purposes since all messages
are tagged with the host name, but you can also have the messages
written to another file by adding these lines to rsyslog.conf:
if $fromhost-ip startswith '192.168.1.' then /var/log/ltspclientlog
& ~
Substitute whatever client IP address applies in your situation. The
above command will separately log received messages from any client with
IP 192.168.1.xxx. Also substitute whatever log name you would like for
my choice of "ltspclientlog."
The configuration above will cause the client syslog messages to be
logged in both /var/log/ltspclientlog and /var/log/syslog. I don't know
why. The "& ~" command is supposed to stop further processing of the
message after it is written to ltspclientlog. Perhaps I misunderstood
the documentation and forwarded messages are *always* written to syslog,
and then perhaps other files as well. Or perhaps LTSP has some
functionality in it that causes forwarded messages to be written to syslog.
stall during boot at a blank, black screen (which I'm still
troubleshooting), I thought it would be useful to see the syslog
messages from the client. But I was having trouble finding
documentation of how to do that with rsyslog(only syslog-ng). I imagine
that variouspeople here could whip up this configuration in about a
minute (I see now that I failed to ask here), but I had to dig and study
it off-and-on for a couple days.
Here is a working recipe:
To accomplish forwarding of syslog messages by TCP (rather than by UDP
or RELP):
In /etc/rsyslog.conf for the client machine add this to the end of the file:
*.* @@<server's IP address>:10514
For an LTSP network, if it is a standard LTSP 5 setup with a chroot
environment, then just edit the file as above and update the image.
For an LTSP network with an LTSP-PNP setup it is trickier. For
temporary troubleshooting you can just modify /etc/rsyslog.conf, update
the client NBD image, then edit /etc/rsyslog.conf again with the
settings required for the server. If you want a permanent forwarding
setup that will not be overwritten by image updates, then you would
probably write a script in /usr/share/ltsp/init-ltsp.d that modifies
/etc/rsyslog.conf in place on-the-fly during bootup (using the stream
editor command "sed"). But I have not had a successful experience with
that yet, so I merely toss that out as a lead.
-------------------
In /etc/rsyslog.conf for the server where you want the messages
forwarded, un-comment these two lines in rsyslog.conf:
$ModLoad imtcp
$InputTCPServerRun 10514
This much alone on the server will cause forwarded messages to be
received on the server and incorporated in the standard log file at
/var/log/syslog. But they will be added to the messages that are logged
for the server itself. That may do for your purposes since all messages
are tagged with the host name, but you can also have the messages
written to another file by adding these lines to rsyslog.conf:
if $fromhost-ip startswith '192.168.1.' then /var/log/ltspclientlog
& ~
Substitute whatever client IP address applies in your situation. The
above command will separately log received messages from any client with
IP 192.168.1.xxx. Also substitute whatever log name you would like for
my choice of "ltspclientlog."
The configuration above will cause the client syslog messages to be
logged in both /var/log/ltspclientlog and /var/log/syslog. I don't know
why. The "& ~" command is supposed to stop further processing of the
message after it is written to ltspclientlog. Perhaps I misunderstood
the documentation and forwarded messages are *always* written to syslog,
and then perhaps other files as well. Or perhaps LTSP has some
functionality in it that causes forwarded messages to be written to syslog.