On Mon, Aug 30, 2010 at 7:02 PM, <[email protected]> wrote:
> On Mon, 30 Aug 2010, Mauricio Tavares wrote:
>
>> On Mon, Aug 30, 2010 at 6:43 PM, <[email protected]> wrote:
>>>
>>> On Mon, 30 Aug 2010, Mauricio Tavares wrote:
>>>
>>>> In my ongoing quest to understand rsyslog, I have a few log
>>>> file-related questions:
>>>>
>>>> 1) What does the "-" in
>>>>
>>>> news.err /var/log/news/news.err
>>>> news.notice -/var/log/news/news.notice
>>>>
>>>> stand for? I probably passed through its explanation a few times but
>>>> did not see it.
>>>
>>> actually, in rsyslog the - has no effect (and can even cause problems)
>>>
>> How could it cause problems?
>
> in sysklogd syslog.conf -...@ip is valid, in rsyslog this isn't valid and
> causes a problem. I don't remember if the problem is that rsyslog doesn't
> send the logs, or that it has some other problem.
>
Ok. But would that be a problem if instead of being forwarded to
another machine it is just being saved to a local file? I ask since
the ubuntu config file for rsyslog only has entries to save to log
file with and without the "-".
>>> in other syslog implementations the - tells syslog that it doesn't have
>>> to
>>> do a fsync after writing each message to disk, it can just keep writing
>>> and let the OS buffer them and write them to disk.
>>>
>>> This is the default in rsyslog.
>>>
>> Now it makes sense. Thanks!
>>
>>>> 2) Let's say I want to generate dynamic file names. Based on the man
>>>> page, I create the following template:
>>>>
>>>> $template AuthFile,"/var/log/auth/auth-%$YEAR%-%$MONTH%-%$DAY%.log"
>>>>
>>>> And apply it to, say, auth:
>>>>
>>>> # auth,authpriv.* /var/log/auth.log
>>>> # auth,authpriv.* -?AuthFile
>>>> auth,authpriv.* ?AuthFile
>>>>
>>>> What I noticed is that instead of the log file be owned by syslog:adm,
>>>> it is owned by syslog:syslog. Did I miss anything?
>>>
>>> I believe that there are options to define what the file ownership is.
>>>
>> in /etc/rsyslog.conf I have
>>
>> #
>> # Set the default permissions for all log files.
>> #
>> $FileOwner syslog
>> $FileGroup adm
>> $FileCreateMode 0640
>> $DirCreateMode 0755
>> $Umask 0022
>> $PrivDropToUser syslog
>> $PrivDropToGroup syslog
>>
>> If I tell it to write to /var/log/auth.log, rsyslog seems to honor
>> $FileOwner and $FileGroup. But when I tell it to create a dynamic
>> filename log file, it seems to be using the user:group it dropped to
>> once it started, namely syslog:syslog:
>
> that makes sense, once it drops privilages it may not have the ability to
> use different credentials.
>
> the privilage dropping feature of rsyslog was a quick-and-dirty
> modification, there are many things that do not work with it because after
> the privilages are dropped the process doesn't have the rights to do what
> it's trying to do.
>
That said, in examples like
http://wiki.rsyslog.com/index.php/DailyLogRotation, they are using
dynamic filenames. I would think those examples reflect used
configurations. Could it be they are older/newer examples, so that
either the issue I am having did not exist or was solved? Or perhaps
it is just me who did not set it up right.
> David Lang
>
>> r...@ubuntu1004-x64:/etc/rsyslog.d$ ls -l /var/log/auth.log
>> /var/log/auth/auth-2010-08-30.log
>> -rw-r----- 1 syslog syslog 0 2010-08-30 17:33
>> /var/log/auth/auth-2010-08-30.log
>> -rw-r----- 1 syslog adm 36701 2010-08-30 17:38 /var/log/auth.log
>> r...@ubuntu1004-x64:/etc/rsyslog.d$
>>
>> And that is what confuses me.
>>
>>>> 3) If I create a log file with dynamic filename as in the previous
>>>> question and want to have it linked to, say, /var/log/auth.log, can I
>>>> do that from within rsyslog or should I do it using a external program
>>>> (cron comes to mind)?
>>>
>>> I don't know any way do create links from inside rsyslog.
>>>
>> Not worries; there are other ways to do that. =)
>>
>>> David Lang
>>> _______________________________________________
>>> rsyslog mailing list
>>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>>> http://www.rsyslog.com
>>>
>> _______________________________________________
>> rsyslog mailing list
>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com
>
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com
>
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
