IDPA:忽略配置行中的错误额外字符:在 ACM 上配置远程日志记录(系统日志转发)时
Summary: 错误“config line 中的额外字符被忽略:'*' [v8.2106.0]“,而在 ACM 上配置远程日志记录(系统日志转发)时。此问题与 ACM 上的远程日志记录(系统日志转发)配置有关。An error message 'extra characters in the configuration line ignored:尝试重新启动 rsyslog 服务时遇到“*”[v8.2106.0]“,这会阻止日志转发到远程服务器。 ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
尝试使用以下命令重新启动 rsyslog 服务时,操作失败。
使用以下命令检查 rsyslog 的状态时,将显示一条错误消息:
此错误会阻止将日志转发到远程服务器。此问题可追溯到 /etc/rsyslog.conf 文件中无关的“*”,必须将其删除。
systemctl restart
使用以下命令检查 rsyslog 的状态时,将显示一条错误消息:
systemctl status rsyslog
error: extra characters in config line ignored: ‘’ [v8.2106.0]"
此错误会阻止将日志转发到远程服务器。此问题可追溯到 /etc/rsyslog.conf 文件中无关的“*”,必须将其删除。
# systemctl status rsyslog ● rsyslog.service - System Logging Service Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2024-04-02 14:32:04 UTC; 6s ago Docs: man:rsyslogd(8) http://www.rsyslog.com/doc/ Process: 27195 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS) Process: 40849 ExecStartPre=/usr/sbin/rsyslog-service-prepare (code=exited, status=0/SUCCESS) Main PID: 40853 (rsyslogd) Tasks: 10 (limit: 512) CGroup: /system.slice/rsyslog.service └─40853 /usr/sbin/rsyslogd -n -iNONE Apr 02 14:32:04 acm-8300-crk systemd[1]: Starting System Logging Service... Apr 02 14:32:04 acm-8300-crk systemd[1]: Started System Logging Service. Apr 02 14:32:04 acm-8300-crk rsyslogd[40853]: error: extra characters in config line ignored: '*' [v8.2106.0] Apr 02 14:32:04 acm-8300-crk rsyslogd[40853]: warning: ~ action is deprecated, consider using the 'stop' statement instead [v8.2106.0 try https://www.rsyslog.com/e/2307 ] Apr 02 14:32:04 acm-8300-crk rsyslogd[40853]: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd. [v8.2106.0] Apr 02 14:32:04 acm-8300-crk rsyslogd[40853]: origin software="rsyslogd" swVersion="8.2106.0" x-pid="40853" x-info="[https://www.rsyslog.com start
Cause
该错误是由 /etc/rsyslog.conf 文件中存在的额外星号 ('*') 引起的。为了正确配置和系统日志转发,应删除此项。
Resolution
1. 验证 rsyslog 软件包已安装:
acm:~ # rpm -qa |grep rsyslog rsyslog-8.24.0-3.39.1.x86_64
2. 验证 rsyslog 服务是否已启用:
acm:~ # systemctl is-enabled rsyslog enabled
3. 在文本编辑器中打开 /etc/rsyslog.conf。
从以下行中删除“*”,并添加系统日志条目。
从以下行中删除“*”,并添加系统日志条目。
$template RemoteLogs,"/data01/logs/ESX/%HOSTNAME%/%PROGRAMNAME%.log"* =>Extra
$template RemoteLogs,"/data01/logs/ESX/%HOSTNAME%/%PROGRAMNAME%.log"
*.* ?RemoteLogs
&~
更改后
$template RemoteLogs,"/data01/logs/ESX/%HOSTNAME%/%PROGRAMNAME%.log" $template RemoteLogs,"/data01/logs/ESX/%HOSTNAME%/%PROGRAMNAME%.log" *.* @xxx.xxx.xxx.xxx:514 &~其中 xxx.xxx.xxx.xxx 是远程日志记录主机的 IP 地址。
4.保存并关闭文件。
:wq!5.通过键入以下命令重新启动 rsyslog 进程:
# systemctl restart rsyslog
Affected Products
Integrated Data Protection Appliance FamilyProducts
Integrated Data Protection Appliance SoftwareArticle Properties
Article Number: 000225742
Article Type: Solution
Last Modified: 20 June 2024
Version: 1
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.