решено: rsyslog: Could not find template 'LogForm' - action disabled (ошибка)

[McSim]

Приветствую, камрады.
В общем, я в ступоре...
Задача: модифицировать сообщения, согласно template
Исходные данные:
задал $template для сетевого обрудования (man)

Код: Выделить всё

SRV-SEC-MON-1-TEST ~ # grep -A1 -B1 templ /etc/rsyslog.conf
#$template       cisco2,"testmess"
$template       cisco, "/var/log/cisco/hosts/%hostname%.log"
$template       LogForm, "123 %msg%"

Создаю правила (man)

Код: Выделить всё

SRV-SEC-MON-1-TEST ~ # grep -A1 -B2  local1 /etc/rsyslog.conf
#*.*    /var/log/cisco/all123.log
local1.*        ?cisco;LogForm
&       /var/log/cisco/all.log
&~

проверяю конфиг - ошибка:

Код: Выделить всё

SRV-SEC-MON-1-TEST ~ # rsyslogd -f /etc/rsyslog.conf -N9 -c4
rsyslogd: version 4.6.4, config validation run (level 9), master config /etc/rsyslog.conf
rsyslogd:  Could not find template 'LogForm' - action disabled
 [try http://www.rsyslog.com/e/3003 ]
rsyslogd: the last error occured in /etc/rsyslog.conf, line 62:"local1.*        ?cisco;LogForm"
rsyslogd: CONFIG ERROR: could not interpret master config file '/etc/rsyslog.conf'. [try http://www.rsyslog.com/e/2124 ]

удаляю local1.* ?cisco;LogForm, при этом,

Код: Выделить всё

 $template       cisco, "/var/log/cisco/hosts/%hostname%.log"

отрабатывает отлично.

вообще ничего не пойму.

Если задаю вот так, то тоже все корректно отрабатывает:

Код: Выделить всё

SRV-SEC-MON-1-TEST ~ # grep -A1 -B2  local1 /etc/rsyslog.conf
#*.*    /var/log/cisco/all123.log
local1.*        ?cisco;RSYSLOG_FileFormat
&       /var/log/cisco/all.log
&~
SRV-SEC-MON-1-TEST ~ # rsyslogd -f /etc/rsyslog.conf -N9 -c4
rsyslogd: version 4.6.4, config validation run (level 9), master config /etc/rsyslog.conf
rsyslogd: End of config validation run. Bye.

[McSim]

Найден многолетний баг )
rsyslog не понимает более 1 пробела/табуляции между $template и LogForm, "123 %msg%":

Код: Выделить всё

SRV-SEC-MON-1-TEST mc-sim # # 1 Tab
SRV-SEC-MON-1-TEST mc-sim # grep verbos /etc/rsyslog.conf
$template       verbose,"%timegenerated% %syslogfacility% %syslogseverity% %HOSTNAME% %syslogtag%: %msg%\n"
&       /var/log/cisco/all_verbose.log;verbose
SRV-SEC-MON-1-TEST mc-sim # rsyslogd -f /etc/rsyslog.conf -N9 -c4
rsyslogd: version 5.8.11, config validation run (level 9), master config /etc/rsyslog.conf
rsyslogd: End of config validation run. Bye.
SRV-SEC-MON-1-TEST mc-sim # # 1 spase
SRV-SEC-MON-1-TEST mc-sim # vim /etc/rsyslog.conf
SRV-SEC-MON-1-TEST mc-sim # grep verbos /etc/rsyslog.conf
$template verbose,"%timegenerated% %syslogfacility% %syslogseverity% %HOSTNAME% %syslogtag%: %msg%\n"
&       /var/log/cisco/all_verbose.log;verbose
SRV-SEC-MON-1-TEST mc-sim # rsyslogd -f /etc/rsyslog.conf -N9 -c4
rsyslogd: version 5.8.11, config validation run (level 9), master config /etc/rsyslog.conf
rsyslogd: End of config validation run. Bye.
SRV-SEC-MON-1-TEST mc-sim # # 2 spases
SRV-SEC-MON-1-TEST mc-sim # vim /etc/rsyslog.conf
SRV-SEC-MON-1-TEST mc-sim # grep verbos /etc/rsyslog.conf
$template  verbose,"%timegenerated% %syslogfacility% %syslogseverity% %HOSTNAME% %syslogtag%: %msg%\n"
&       /var/log/cisco/all_verbose.log;verbose
SRV-SEC-MON-1-TEST mc-sim # rsyslogd -f /etc/rsyslog.conf -N9 -c4
rsyslogd: version 5.8.11, config validation run (level 9), master config /etc/rsyslog.conf
rsyslogd:  Could not find template 'verbose' - action disabled
 [try http://www.rsyslog.com/e/3003 ]
rsyslogd: the last error occured in /etc/rsyslog.conf, line 61:"&       /var/log/cisco/all_verbose.log;verbose"
rsyslogd: CONFIG ERROR: could not interpret master config file '/etc/rsyslog.conf'. [try http://www.rsyslog.com/e/2124 ]
SRV-SEC-MON-1-TEST mc-sim # # 2 Tab
SRV-SEC-MON-1-TEST mc-sim # vim /etc/rsyslog.conf
SRV-SEC-MON-1-TEST mc-sim # grep verbos /etc/rsyslog.conf
$template              verbose,"%timegenerated% %syslogfacility% %syslogseverity% %HOSTNAME% %syslogtag%: %msg%\n"
&       /var/log/cisco/all_verbose.log;verbose
SRV-SEC-MON-1-TEST mc-sim # rsyslogd -f /etc/rsyslog.conf -N9 -c4
rsyslogd: version 5.8.11, config validation run (level 9), master config /etc/rsyslog.conf
rsyslogd:  Could not find template 'verbose' - action disabled
 [try http://www.rsyslog.com/e/3003 ]
rsyslogd: the last error occured in /etc/rsyslog.conf, line 61:"&       /var/log/cisco/all_verbose.log;verbose"
rsyslogd: CONFIG ERROR: could not interpret master config file '/etc/rsyslog.conf'. [try http://www.rsyslog.com/e/2124 ]