Issues with rsyslog configuration - linux

I'm trying to config a RSYSLOG server to receive logs from my other machine, by having my conf file inside /etc/rsyslog.d/my.conf
file: my.conf
source s_net { udp(ip(192.168.0.1) port(514)); };
filter VM01{ host( "192.168.0.2" ); };
destination df_VM01 { file("/var/log/my.log"); };
log { source ( s_net ); filter( VM01 ); destination ( df_VM01 ); };
file:rsyslog.conf:
# rsyslog configuration file
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
#### MODULES ####
# The imjournal module bellow is now used as a message source instead of imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
#$ModLoad imklog # reads kernel messages (the same are read from journald)
#$ModLoad immark # provides --MARK-- message capability
# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514
# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
#### GLOBAL DIRECTIVES ####
# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
# Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
$OmitLocalLogging on
# File to store the position in the journal
$IMJournalStateFile imjournal.state
#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg :omusrmsg:*
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* ##remote-host:514
# ### end of the forwarding rule ###
# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
After I restarted the rsyslog service I started to receive these errors:
CONFIG ERROR: could not interpret master config file '/etc/rsyslog.conf'. [v8.24.0-34.el7_6.3 try http://www.rsyslog.com/e/2207 ]
error during parsing file /etc/rsyslog.d/my.conf, on or before line 1: warnings occured in file '/etc/rsyslog.d/my.conf' around line 1
I searched the error online and it is referring to this message:
"The error most often actually is on the quoted line, or at least very close in front of it"
I don't have quoted lines and my Linux experience is low, that's why I was trying to learn a little bit more, but now I'm stuck with this error.
Any thoughts????

Any thoughts????
Your my.conf file appears to use syslog-ng syntax instead of what rsyslog supports.
It's a bit of a read, but I recommend starting at page 1 and working your way through the manual here: https://www.rsyslog.com/doc/v8-stable/. I did that myself a few years back and learned a lot from doing so.
It's been a while since I read it, but I recall this resource being useful as well:
https://sematext.com/blog/rsyslog-ebook-centralized-logging-with-rsyslog/

Related

ftp transfer fails with "500 Illegal PORT command." [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I am trying to create a script that uploads a .wav file after processing to a linux FTP server (utilizing vsftpd).
The script looks as follows:
#echo off
echo user anonymous> ftpcmd.dat
echo >> ftpcmd.dat
echo put C:\Users\Anwender\Downloads\%1 %1>> ftpcmd.dat
REM echo quit>> ftpcmd.dat
ftp -n -s:ftpcmd.dat 194.26.183.194
del ftpcmd.dat
My vsftpd.conf:
# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
#
# Run standalone? vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=NO
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
listen_ipv6=YES
#
# Allow anonymous FTP? (Disabled by default).
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# If enabled, vsftpd will display directory listings with the time
# in your local time zone. The default is to display GMT. The
# times returned by the MDTM FTP command are also affected by this
# option.
use_localtime=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may restrict local users to their home directories. See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
#chroot_local_user=YES
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
#chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# Customization
#
# Some of vsftpd's settings don't fit the filesystem layout by
# default.
#
# This option should be the name of a directory which is empty. Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd/empty
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=ftp
#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO
pasv_enable=YES
port_enable=YES
#
# Uncomment this to indicate that vsftpd use a utf8 filesystem.
#utf8_filesystem=YES
pasv_enable=YES
port_enable=YES
Have both been tryed with param. "NO" combined and seperated
With this result:
Gewartet wird 0 Sekunden. Weiter mit beliebiger Taste...
Verbindung mit 194.26.183.194 wurde hergestellt.
220 (vsFTPd 3.0.3)
200 Always in UTF8 mode.
ftp> user anonymous
331 Please specify the password.
230 Login successful.
ftp> put C:\Users\Anwender\Downloads\Anwender_DESKTOP-V30SJ8P_2021-09-07-15-07-12.wav Anwender_DESKTOP-V30SJ8P_2021-09-07-15-07-12.wav
500 Illegal PORT command.
425 Use PORT or PASV first.
ftp>
I have a hard time understanding what I am supposed to do and would be very thankful for any hints regarding further steps.
You are probably connecting to a server in a different network (through a firewall or a NAT).
So ftp.exe sends a local network address in the PORT command, which the server cannot connect back to. That's why it reports Illegal PORT command. You can check the address, if you add -d switch to cmd.exe commandline.
If you believe that the server can connect to that local network address, you can set port_promiscuous=YES in vsftpd.conf.
If the server cannot indeed connect to the address, there's not much you can do. With a modern FTP client, the solution would be to use the passive mode. But Windows ftp.exe does not support it. You have to use a 3rd party client. See How to use passive FTP mode in Windows command prompt?

docker journald logging driver cause huge amount of logging also to /var/log/syslog and /var/log/kern.log

I currently configured the logging_driver of deamon docker to write to journald, in order to parse them with fluentd from a kubernetes pod. On the node side, i have a rsyslog running with the following default configuration:
# Default rules for rsyslog.
#
# For more information see rsyslog.conf(5) and /etc/rsyslog.conf
#
# First some standard log files. Log by facility.
#
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
#cron.* /var/log/cron.log
#daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
#lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
#user.* -/var/log/user.log
#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
#
#mail.info -/var/log/mail.info
#mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err
#
# Logging for INN news system.
#
news.crit /var/log/news/news.crit
news.err /var/log/news/news.err
news.notice -/var/log/news/news.notice
#
# Some "catch-all" log files.
#
#*.=debug;\
# auth,authpriv.none;\
# news.none;mail.none -/var/log/debug
#*.=info;*.=notice;*.=warn;\
# auth,authpriv.none;\
# cron,daemon.none;\
# mail,news.none -/var/log/messages
#
# Emergencies are sent to everybody logged in.
#
*.emerg :omusrmsg:*
#
# I like to have messages displayed on the console, but only on a virtual
# console I usually leave idle.
#
#daemon,mail.*;\
# news.=crit;news.=err;news.=notice;\
# *.=debug;*.=info;\
# *.=notice;*.=warn /dev/tty8
# The named pipe /dev/xconsole is for the `xconsole' utility. To use it,
# you must invoke `xconsole' with the `-file' option:
#
# $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
# busy site..
#
daemon.*;mail.*;\
news.err;\
*.=debug;*.=info;\
*.=notice;*.=warn |/dev/xconsole
What is happening is that all the logging that goes to journal is also put in the syslog and kern.log as well.
Due to a great amount of container running inside kubernetes nodes and control plane, i would like to minimize the exponential logging in several locations, on top of the fact that putting them to journal, are already saved into EFK logging system.
Does anyone is experiencing the same problem?, how i can avoid this?
By default, journald forwards logs to syslog.
You can turn it off by editing /etc/systemd/journald.conf and setting:
ForwardToSyslog=no
Then restart the service:
systemctl restart systemd-journald

rsyslog.conf file stopped receiving logs

I am working on a school project to get logs from a printer sent to splunk. This is a project done by a few batches of students. I initially used the original copy of the rsyslog.conf file done by the previous batch student but was unable to retrieve data in Splunk. I had already set the printer to send logs to the IP address and port of the linux server I am using. Configuration in Splunk has also been made to listen to port 2048. I was told by my supervisor that the copy done by the previous student should work.
Original Copy:
# rsyslog configuration file
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see
http://www.rsyslog.com/doc/troubleshoot.html
#### MODULES ####
# The imjournal module bellow is now used as a message source instead of
imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via
logger command)
$ModLoad imjournal # provides access to the systemd journal
#$ModLoad imklog # reads kernel messages (the same are read from journald)
#$ModLoad immark # provides --MARK-- message capability
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 2048
# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
$template RemoteLogs,"/var/log/syslog/%HOSTNAME%/%FROMHOST-IP%.log"
*.* ?RemoteLogs
#### GLOBAL DIRECTIVES ####
# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# File syncing capability is disabled by default. This feature is usually
not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
# Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
$OmitLocalLogging on
# File to store the position in the journal
$IMJournalStateFile imjournal.state
#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg :omusrmsg:*
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* ##remote-host:514
# ### end of the forwarding rule ###
As I was unable to get the printer to send logs to Splunk with the above configuration, I went to research online and made a few modifications which I managed to get the printer to send logs to Splunk.
Modified Copy:
# rsyslog configuration file
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see
http://www.rsyslog.com/doc/troubleshoot.html
#### MODULES ####
# The imjournal module bellow is now used as a message source instead of
imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via
logger command)
$ModLoad imjournal # provides access to the systemd journal
#$ModLoad imklog # reads kernel messages (the same are read from journald)
#$ModLoad immark # provides --MARK-- message capability
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 2048
*$InputUDPServer BindRuleset remote
$UDPServerRun 2048*
# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
$template RemoteLogs,"/var/log/syslog/%HOSTNAME%/%FROMHOST-IP%.log"
*.* ?RemoteLogs
#### GLOBAL DIRECTIVES ####
# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# File syncing capability is disabled by default. This feature is usually
not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
# Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
$OmitLocalLogging on
# File to store the position in the journal
$IMJournalStateFile imjournal.state
**.* action(type="omfwd" target="172.**.***.156" port="2048" protocol="udp"
action.resumeRetryCount="100"
queue.type="linkedList" queue.size="10000")*
#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg :omusrmsg:*
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
*remote host is: 172.**.***.43:2048
*.* ##remote-host:514*
# ### end of the forwarding rule ###
I was able to receive logs from the printer to Splunk after I had made the above modifications. However, after a few days when I tried to generate logs from the printer I no longer receive new logs in Splunk. I did not make any changes to the modified copy of the rsyslog.conf file that I have been using. Hence I don't get why Splunk no longer receives logs from the printer.
I changed the configuration to another port number but still did not receive new logs from the printer, so I changed back to port 2048. I also double checked that I had made the corresponding changes in the printer's EWS and Splunk correctly. I have been researching on this and double checking for the whole day but to no avail.
Note:
-2048 is the port used to retrieve logs from the printer
-172.** . ***.43 is the IP address of the printer (it represents the actual IP address, was told by another user to censor it, i did not put astrids as part of my IP address in the real config file)
-172.** . ***.156 is the IP address of the Linux server I am using (it represents the actual IP address, was told by another user to censor it, i did not put astrids as part of my IP address in the real config file)
-I am using the Linux server as my main workpoint, in the modified copy I added a paragraph with the destination stating my current IP address (linux server), is it the cause why the printer stopped sending logs to my server since I have been directing the logs to "myself"-config done using the same Linux server as destination host-also Linux server)
-The text with astrids are the ones I added to the original copy
-EWS stands for embedded web service, basically a web portal of the printer.
-How I trigger logs from printer: logging in to the EWS/making failed logins. Details of logins will be sent to Splunk
You need to decouple rsyslog and splunk and focus on one at a time.
Assuming:
Printer is 172.x.x.43 and configured to send syslog over udp 2048 to 172.x.x.156.
Rsyslog is running on 172.x.x.156 an listening on udp 2048.
Verify you are able to generate the syslog messages from the printer correctly.
(from 172.x.x.156 command line)
tcpdump -nn | grep 2048
You should at least see the traffic coming into the system.
I would modify the rsyslog.conf to only log the printer information to a file and then throw it away. You are currently putting everything into a file and forwarding everything to yourself but on a port you aren't listening too...
something like:
if ($fromhost-ip == '172.x.x.43') then {
action(type="omfile" file="/var/log/remotehosts/printers/%fromhost-ip%.log")
stop
}
test rsyslog config for errors:
rsyslogd -N1
If good restart rsyslogd.
Then you should configure splunk forwarder to consume the file.
inputs.conf
[monitor:///var/log/remotehosts/printers/*.log]
sourcetype = printer # or whatever

What does the symbol # mean in Puppet output after applying a catalog

I am applying a catalog in a machine and in the first run it returns the following output (just a part).
I understand that lines that begin with the less symbol were removed and the ones that start with the plus symbol were added, but what does the # mean?
-# /etc/rsyslog.conf Configuration file for rsyslog.
+# /etc/rsyslog.conf Configuration file for rsyslog v3.
#
-# For more information see
+# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
## -9,7 +9,7 ##
#################
$ModLoad imuxsock # provides support for local system logging
-$ModLoad imklog # provides kernel logging support
+$ModLoad imklog # provides kernel logging support (previously done by rklogd)
#$ModLoad immark # provides --MARK-- message capability
# provides UDP syslog reception
## -38,12 +38,6 ##
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
-$Umask 0022
-
-#
-# Where to place spool and state files
-#
-$WorkDirectory /var/spool/rsyslog
#
# Include all config files in /etc/rsyslog.d/
## -58,6 +52,8 ##
Obs: I have etckeeper running in this machine. Is possible that it is related somehow?
Thanks in advance.
The ## .. ## headers are (c)hunk headers and provide range information.
Details here: http://en.wikipedia.org/wiki/Diff#Unified_format
The format is:
## -l,s +l,s ##
l : starting line number
s : number of lines the change applies to
- : original file
+ : modified or new file
This is the same syntax as you see in git diff.

/etc/vsftpd/_vsftpd.conf: binary operator expected on Red Hat

I'm running on Red Hat Enterprise Linux Server release 5.2 (Tikanga). Eerytime I try to start the vsftpd service, I recieved this error
[root#localhost ~]# service vsftpd start
/etc/init.d/vsftpd: line 40: [: /etc/vsftpd/vsftpd.conf: binary operator expected
Starting vsftpd for vsftpd: [FAILED]
Here is my vsftpd.config file
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
#write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_local_user=YES
# users to NOT chroot().
chroot_local_user=YES
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
#listen=YES
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd with two configuration files.
# Make sure, that one of the listen options is commented !!
#listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
convert_charset_enable=1
local_charset=UTF8
remote_charset=WIN1251
double_377=0
#pasv_addr_rules=/etc/vsftpd/vsftpd.pasv_rules
anti_bruteforce=1
anti_bruteforce_banner=Bruteforce detected. Server in safe mode.
http_enable=no
ftp_enable=yes
http_browse=no
http_browse_tpl=/etc/vsftpd/vsftpd-browse.html
http_browse_line_tpl=/etc/vsftpd/vsftpd-browse_line.html
http_error_403_server_tpl=/etc/vsftpd/vsftpd-403-serv.html
http_error_403_tpl=/etc/vsftpd/vsftpd-403.html
http_error_404_tpl=/etc/vsftpd/vsftpd-404.html
one_process_model=yes
Anyone knows whats the problem?
To make it work for me I change line 124 of the .conf-file to
anti_bruteforce_banner="Bruteforce detected. Server in safe mode."
(added the ").

Resources