10-15-2019 12:02 PM - edited 10-15-2019 12:18 PM
Hi community,
I installed a fresh ubuntu 16.04.6 and updated the installation to the newest packages. When I create the PAN-OS syslsog receiver as from "stdlib.syslogMiner" prototype, the miner does not receive anything.While doing a tcpdump capture on the inemeld device I can see syslog coming in to the rsyslogd via port 13514. PCAP shows the content I expect to see (syslog messages from PAN-OS). After investigating further I found in the local /var/log/syslog the following messages:
| Oct 15 16:35:17 minemeld rsyslogd: [origin software="rsyslogd" swVersion="8.16.0" x-pid="971" x-info="http://www.rsyslog.com"] exiting on signal 15. Oct 15 16:35:17 minemeld rsyslogd: [origin software="rsyslogd" swVersion="8.16.0" x-pid="1755" x-info="http://www.rsyslog.com"] start Oct 15 16:35:17 minemeld systemd[1]: Stopping System Logging Service... Oct 15 16:35:17 minemeld systemd[1]: Stopped System Logging Service. Oct 15 16:35:17 minemeld rsyslogd-2222: command 'KLogPermitNonKernelFacility' is currently not permitted - did you already set it via a RainerScript command (v6+ config)? [v8.16.0 try http://www.rsyslog.com/e/2222 ] Oct 15 16:35:17 minemeld systemd[1]: Starting System Logging Service... Oct 15 16:35:17 minemeld rsyslogd-2066: could not load module '/usr/lib/rsyslog/pmpanngfw.so', dlopen: /usr/lib/rsyslog/pmpanngfw.so: cannot open shared object file: No such file or directory [v8.16.0 try http://www.rsyslog.com/e/2066 ] Oct 15 16:35:17 minemeld rsyslogd-2066: could not load module '/usr/lib/rsyslog/mmnormalize.so', dlopen: /usr/lib/rsyslog/mmnormalize.so: cannot open shared object file: No such file or directory [v8.16.0 try http://www.rsyslog.com/e/2066 ] Oct 15 16:35:17 minemeld rsyslogd-2066: could not load module '/usr/lib/rsyslog/omrabbitmq.so', dlopen: /usr/lib/rsyslog/omrabbitmq.so: cannot open shared object file: No such file or directory [v8.16.0 try http://www.rsyslog.com/e/2066 ] Oct 15 16:35:17 minemeld rsyslogd-2209: module name 'mmnormalize' is unknown [v8.16.0 try http://www.rsyslog.com/e/2209 ] Oct 15 16:35:17 minemeld rsyslogd-2207: error during parsing file /etc/rsyslog.d/60-syslog-minemeld.conf, on or before line 9: errors occured in file '/etc/rsyslog.d/60-syslog-minemeld.conf' around line 9 [v8.16.0 try http://www.rsyslog.com/e/2207 ] Oct 15 16:35:17 minemeld rsyslogd-2209: module name 'omrabbitmq' is unknown [v8.16.0 try http://www.rsyslog.com/e/2209 ] Oct 15 16:35:17 minemeld rsyslogd-2207: error during parsing file /etc/rsyslog.d/60-syslog-minemeld.conf, on or before line 22: errors occured in file '/etc/rsyslog.d/60-syslog-minemeld.conf' around line 22 [v8.16.0 try http://www.rsyslog.com/e/2207 ] Oct 15 16:35:17 minemeld rsyslogd-2159: error: parser 'rsyslog.panngfw' unknown at this time (maybe defined too late in rsyslog.conf?) [v8.16.0 try http://www.rsyslog.com/e/2159 ] Oct 15 16:35:17 minemeld rsyslogd: rsyslogd's groupid changed to 108 Oct 15 16:35:17 minemeld rsyslogd: rsyslogd's userid changed to 104 Oct 15 16:35:17 minemeld rsyslogd-2039: Could not open output pipe '/dev/xconsole':: No such file or directory [v8.16.0 try http://www.rsyslog.com/e/2039 ] Oct 15 16:35:17 minemeld rsyslogd-2007: action 'action 10' suspended, next retry is Tue Oct 15 16:35:47 2019 [v8.16.0 try http://www.rsyslog.com/e/2007 ] |
When I take a look in directory /usr/lib/rsyslog/ I cannot find the modules that are complained about in syslog:
|
root@minemeld:/var/log# ls -l /usr/lib/rsyslog/ |
So, there must be something wrong with the binary install.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
