On Mon, Aug 30, 2010 at 6:43 PM, <[email protected]> wrote:
> On Mon, 30 Aug 2010, Mauricio Tavares wrote:
>
>> In my ongoing quest to understand rsyslog, I have a few log
>> file-related questions:
>>
>> 1) What does the "-" in
>>
>> news.err /var/log/news/news.err
>> news.notice -/var/log/news/news.notice
>>
>> stand for? I probably passed through its explanation a few times but
>> did not see it.
>
> actually, in rsyslog the - has no effect (and can even cause problems)
>
How could it cause problems?
> in other syslog implementations the - tells syslog that it doesn't have to
> do a fsync after writing each message to disk, it can just keep writing
> and let the OS buffer them and write them to disk.
>
> This is the default in rsyslog.
>
Now it makes sense. Thanks!
>> 2) Let's say I want to generate dynamic file names. Based on the man
>> page, I create the following template:
>>
>> $template AuthFile,"/var/log/auth/auth-%$YEAR%-%$MONTH%-%$DAY%.log"
>>
>> And apply it to, say, auth:
>>
>> # auth,authpriv.* /var/log/auth.log
>> # auth,authpriv.* -?AuthFile
>> auth,authpriv.* ?AuthFile
>>
>> What I noticed is that instead of the log file be owned by syslog:adm,
>> it is owned by syslog:syslog. Did I miss anything?
>
> I believe that there are options to define what the file ownership is.
>
in /etc/rsyslog.conf I have
#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog
If I tell it to write to /var/log/auth.log, rsyslog seems to honor
$FileOwner and $FileGroup. But when I tell it to create a dynamic
filename log file, it seems to be using the user:group it dropped to
once it started, namely syslog:syslog:
r...@ubuntu1004-x64:/etc/rsyslog.d$ ls -l /var/log/auth.log
/var/log/auth/auth-2010-08-30.log
-rw-r----- 1 syslog syslog 0 2010-08-30 17:33
/var/log/auth/auth-2010-08-30.log
-rw-r----- 1 syslog adm 36701 2010-08-30 17:38 /var/log/auth.log
r...@ubuntu1004-x64:/etc/rsyslog.d$
And that is what confuses me.
>> 3) If I create a log file with dynamic filename as in the previous
>> question and want to have it linked to, say, /var/log/auth.log, can I
>> do that from within rsyslog or should I do it using a external program
>> (cron comes to mind)?
>
> I don't know any way do create links from inside rsyslog.
>
Not worries; there are other ways to do that. =)
> David Lang
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
