On Mon, 30 Aug 2010, Mauricio Tavares wrote:
On Mon, Aug 30, 2010 at 6:43 PM, <[email protected]> wrote:
On Mon, 30 Aug 2010, Mauricio Tavares wrote:
In my ongoing quest to understand rsyslog, I have a few log
file-related questions:
1) What does the "-" in
news.err /var/log/news/news.err
news.notice -/var/log/news/news.notice
stand for? I probably passed through its explanation a few times but
did not see it.
actually, in rsyslog the - has no effect (and can even cause problems)
How could it cause problems?
in sysklogd syslog.conf -...@ip is valid, in rsyslog this isn't valid and
causes a problem. I don't remember if the problem is that rsyslog doesn't
send the logs, or that it has some other problem.
in other syslog implementations the - tells syslog that it doesn't have to
do a fsync after writing each message to disk, it can just keep writing
and let the OS buffer them and write them to disk.
This is the default in rsyslog.
Now it makes sense. Thanks!
2) Let's say I want to generate dynamic file names. Based on the man
page, I create the following template:
$template AuthFile,"/var/log/auth/auth-%$YEAR%-%$MONTH%-%$DAY%.log"
And apply it to, say, auth:
# auth,authpriv.* /var/log/auth.log
# auth,authpriv.* -?AuthFile
auth,authpriv.* ?AuthFile
What I noticed is that instead of the log file be owned by syslog:adm,
it is owned by syslog:syslog. Did I miss anything?
I believe that there are options to define what the file ownership is.
in /etc/rsyslog.conf I have
#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog
If I tell it to write to /var/log/auth.log, rsyslog seems to honor
$FileOwner and $FileGroup. But when I tell it to create a dynamic
filename log file, it seems to be using the user:group it dropped to
once it started, namely syslog:syslog:
that makes sense, once it drops privilages it may not have the ability to
use different credentials.
the privilage dropping feature of rsyslog was a quick-and-dirty
modification, there are many things that do not work with it because after
the privilages are dropped the process doesn't have the rights to do what
it's trying to do.
David Lang
r...@ubuntu1004-x64:/etc/rsyslog.d$ ls -l /var/log/auth.log
/var/log/auth/auth-2010-08-30.log
-rw-r----- 1 syslog syslog 0 2010-08-30 17:33
/var/log/auth/auth-2010-08-30.log
-rw-r----- 1 syslog adm 36701 2010-08-30 17:38 /var/log/auth.log
r...@ubuntu1004-x64:/etc/rsyslog.d$
And that is what confuses me.
3) If I create a log file with dynamic filename as in the previous
question and want to have it linked to, say, /var/log/auth.log, can I
do that from within rsyslog or should I do it using a external program
(cron comes to mind)?
I don't know any way do create links from inside rsyslog.
Not worries; there are other ways to do that. =)
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
