Hi, My rsyslog is not working as expected. I have some thing in rsyslog.d that do well, like this: # Log all iptables stuff separately :msg, contains, "iptables: " { action(type="omfile" file="/var/log/iptraf/info") } No problems with that. Bu what's in /etc/rsyslog.conf like: mail.* /var/log/mail/info don't do anything at all. Rsyslogd -N1 is OK, rsyslogd -D -N1 looks good too as does rsyslogd -d -N1. Here is my rsyslog.conf. What am I doing wrong? # rsyslog configuration file # For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html # If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html #### MODULES #### $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $OmitLocalLogging off $ModLoad imjournal # provides access to the systemd journal $ModLoad imklog # reads kernel messages (the same are read from journald) # Provides RELP syslog reception $ModLoad imrelp $InputRELPServerRun 2514 #### GLOBAL DIRECTIVES #### # Where to place auxiliary files $WorkDirectory /var/lib/rsyslog # Use default timestamp format #$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # File syncing capability is disabled by default. This feature is usually not required, # not useful and an extreme performance hit #$ActionFileEnableSync on # Include all config files in /etc/rsyslog.d/ $IncludeConfig /etc/rsyslog.d/*.conf # File to store the position in the journal $IMJournalStateFile imjournal.state # Set the default permissions for all log files. $FileOwner root $FileGroup root $FileCreateMode 0644 $DirCreateMode 0755 $Umask 0022 #### RULES #### # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console kern.crit :omusrmsg:* # Everybody gets emergency messages *.emerg :omusrmsg:* # Log anything (except mail) of level info or higher. # Don't log private authentication messages! kern.info;mail.none;authpriv.none;cron.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/auth/info auth.* /var/log/auth/info # Log all the mail messages in one place. mail.* /var/log/mail/info # Log daemon stuff daemon.* /var/log/daemon/info # Log cron stuff cron.* /var/log/cron # Save virus scan messages local0.* /var/log/local0/info # Save boot messages also to boot.log local7.* /var/log/boot.log -- Adri P. van Bloois Antonlaan 104 email: adrian at pa0rda.nl 3701 VG Zeist voice: +31-(0)-30-6912741 The Netherlands fax: NONE 52 05'15.77"N 5 4'44.56"E QTH-locater JO 22 OC "Elegance is not a dispensable luxury but a factor that decides between success and failure." Edsger W. Dijkstra
On Sun, 17 Apr 2016 20:51, Adrian P. van Bloois <adrian at ...> wrote:> Hi, > My rsyslog is not working as expected. > I have some thing in rsyslog.d that do well, like this: > # Log all iptables stuff separately > :msg, contains, "iptables: " { > action(type="omfile" file="/var/log/iptraf/info") > } > > > No problems with that. > Bu what's in /etc/rsyslog.conf like: > mail.* /var/log/mail/info > > don't do anything at all. > Rsyslogd -N1 is OK, rsyslogd -D -N1 looks good too as does > rsyslogd -d -N1. > Here is my rsyslog.conf. > What am I doing wrong?Nothing I can see as "wrong". In full "Rainerscript" the mail part would be written as (copy from my config, please adapt the file="" part as you like): [code] if ($syslogfacility-text == 'mail') then { action(type="omfile" file="/var/log/mail/all") stop } [/code] Try and check, if this works, well OK, if not, ask again. Ah, and please check if there is a SELinux problem with the logfile, it could be a permission problem. - Yamaban