Rsyslog running on RHEL unable to forward messages - rsyslogd: action 'action 8' suspended
5,202
Solution 1
Improving on Raj's answer above:
Instead of disabling enforcing mode, you should instead configure SELinux to open the connection between the rsyslog daemon and the port listening for messages.
You can do this with a command like:
sudo semanage port -a -t syslogd_port_t -p tcp <port>
Solution 2
Your rsyslog configuration specifies to log to a file or device that does not exist and cannot be created. Did you make a typo when you edited your configuration?
You can find out which path is being referred to with a command like:
[root@localhost ~]# rsyslogd -dn 2>/dev/null | grep "ACTION 8"
Related videos on Youtube
05 : 53
Simple forwarding with rsyslog (video tutorial)
05 : 47
sending syslog messages with rsyslog
08 : 36
Rsyslog - How to Install and Setup LogAnalyzer with Rsyslog on CentOS 7 / RHEL 7
09 : 35
Rsyslog message flow (video Tutorial)
10 : 19
Linux Basics: Logs || How to configure rsyslog
Comments
-
Raj almost 2 years
I'm trying to configure an rsyslog agent which will forward the log messages to a centralized server. However, I get the following error. The link provided in the error message does not specify the root cause of the error.
rsyslogd: action 'action 8' suspended, next retry is Wed Jan 16 2:52:17 2019 [v8.24.0-34.el7 try http://www.rsyslog.com/e/2007 ]-
Alexander Tolkachev almost 5 yearsWhat version of syslog you have?
-
-
iphone007 over 3 yearsThis worked for me. I didn't even have to reboot the server.
-
Jeter-work over 2 yearsPlease change accepted answer to the one by @LukeB. above. DIsabling selinux or setting it to permissive is a troubleshooting step. It bypasses the root cause and significantly decreases the security of the system. Configuring selinux to allow the connection is an actual solution.
-
Raj over 2 yearsDone. Thanks @Jeter-work
