Hi,
My rsyslog is not working as expected.
I have some thing in rsyslog.d that do well, like this:
# Log all iptables stuff separately
:msg, contains, "iptables: " {
action(type="omfile" file="/var/log/iptraf/info")
}
No problems with that.
Bu what's in /etc/rsyslog.conf like:
mail.* /var/log/mail/info
don't do anything at all.
Rsyslogd -N1 is OK, rsyslogd -D -N1 looks good too as does
rsyslogd -d -N1.
Here is my rsyslog.conf.
What am I doing wrong?
# rsyslog configuration file
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
#### MODULES ####
$ModLoad imuxsock # provides support for local system logging (e.g. via logger
command)
$OmitLocalLogging off
$ModLoad imjournal # provides access to the systemd journal
$ModLoad imklog # reads kernel messages (the same are read from journald)
# Provides RELP syslog reception
$ModLoad imrelp
$InputRELPServerRun 2514
#### GLOBAL DIRECTIVES ####
# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog
# Use default timestamp format
#$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# File syncing capability is disabled by default. This feature is usually not
required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
# File to store the position in the journal
$IMJournalStateFile imjournal.state
# Set the default permissions for all log files.
$FileOwner root
$FileGroup root
$FileCreateMode 0644
$DirCreateMode 0755
$Umask 0022
#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
kern.crit :omusrmsg:*
# Everybody gets emergency messages
*.emerg :omusrmsg:*
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
kern.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/auth/info
auth.* /var/log/auth/info
# Log all the mail messages in one place.
mail.* /var/log/mail/info
# Log daemon stuff
daemon.* /var/log/daemon/info
# Log cron stuff
cron.* /var/log/cron
# Save virus scan messages
local0.* /var/log/local0/info
# Save boot messages also to boot.log
local7.* /var/log/boot.log
--
Adri P. van Bloois
Antonlaan 104 email: adrian at pa0rda.nl
3701 VG Zeist voice: +31-(0)-30-6912741
The Netherlands fax: NONE
52 05'15.77"N 5 4'44.56"E
QTH-locater JO 22 OC
"Elegance is not a dispensable luxury but a factor that decides between
success and failure."
Edsger W. Dijkstra
On Sun, 17 Apr 2016 20:51, Adrian P. van Bloois <adrian at ...> wrote:> Hi, > My rsyslog is not working as expected. > I have some thing in rsyslog.d that do well, like this: > # Log all iptables stuff separately > :msg, contains, "iptables: " { > action(type="omfile" file="/var/log/iptraf/info") > } > > > No problems with that. > Bu what's in /etc/rsyslog.conf like: > mail.* /var/log/mail/info > > don't do anything at all. > Rsyslogd -N1 is OK, rsyslogd -D -N1 looks good too as does > rsyslogd -d -N1. > Here is my rsyslog.conf. > What am I doing wrong?Nothing I can see as "wrong". In full "Rainerscript" the mail part would be written as (copy from my config, please adapt the file="" part as you like): [code] if ($syslogfacility-text == 'mail') then { action(type="omfile" file="/var/log/mail/all") stop } [/code] Try and check, if this works, well OK, if not, ask again. Ah, and please check if there is a SELinux problem with the logfile, it could be a permission problem. - Yamaban