Hi,
I have problems with rsyslog on C7.
In /etc/rsyslog.d/iptables.conf I have:
# Log all iptables stuff separately
:msg, contains, "iptables: " {
action(type="omfile" file="/var/log/iptraf/info")
stop
}
THis works fine.
In /etc/rsyslog.d/mail.conf I have:
# Log all the mail messages in one place.
if ($syslogfacility-text == 'mail') then {
action(type="omfile" file="/var/log/mail/info")
stop
}
This does not work, neither does a line like:
mail.* /var/log/mail/info
if I put that in /etc/rsyslog.conf.
What am I doing wrong???
Here is my /etc/rsyslog.conf:
# rsyslog configuration file
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
#### MODULES ####
# The imjournal module bellow is now used as a message source instead of
imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via logger
command)
$OmitLocalLogging off
$ModLoad imjournal # provides access to the systemd journal
$ModLoad imklog # reads kernel messages (the same are read from journald)
$ModLoad immark # provides --MARK-- message capability
# Provides RELP syslog reception
$ModLoad imrelp
$InputRELPServerRun 2514
# provides RELP syslog transmission
$ModLoad omrelp
#### GLOBAL DIRECTIVES ####
# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# File syncing capability is disabled by default. This feature is usually not
required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
# File to store the position in the journal
$IMJournalStateFile imjournal.state
# Set the default permissions for all log files.
$FileOwner root
$FileGroup root
$FileCreateMode 0644
$DirCreateMode 0755
$Umask 0022
#
#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
kern.crit :omusrmsg:*
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
kern.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/auth/info
auth.* /var/log/auth/info
# Log daemon stuff
daemon.* /var/log/daemon/info
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
#*.emerg :omusrmsg:*
# Save boot messages also to boot.log
local7.* /var/log/boot.log
--
Adri P. van Bloois
Antonlaan 104 email: adrian at pa0rda.nl
3701 VG Zeist voice: +31-(0)-30-6912741
The Netherlands fax: NONE
52 05'15.77"N 5 4'44.56"E
QTH-locater JO 22 OC
"Elegance is not a dispensable luxury but a factor that decides between
success and failure."
Edsger W. Dijkstra
