On Mon, 30 Aug 2010, Mauricio Tavares wrote:
On Mon, Aug 30, 2010 at 7:02 PM, <[email protected]> wrote:
On Mon, 30 Aug 2010, Mauricio Tavares wrote:
On Mon, Aug 30, 2010 at 6:43 PM, <[email protected]> wrote:
On Mon, 30 Aug 2010, Mauricio Tavares wrote:
In my ongoing quest to understand rsyslog, I have a few log
file-related questions:
1) What does the "-" in
news.err /var/log/news/news.err
news.notice -/var/log/news/news.notice
stand for? I probably passed through its explanation a few times but
did not see it.
actually, in rsyslog the - has no effect (and can even cause problems)
How could it cause problems?
in sysklogd syslog.conf -...@ip is valid, in rsyslog this isn't valid and
causes a problem. I don't remember if the problem is that rsyslog doesn't
send the logs, or that it has some other problem.
Ok. But would that be a problem if instead of being forwarded to
another machine it is just being saved to a local file? I ask since
the ubuntu config file for rsyslog only has entries to save to log
file with and without the "-".
In that case I believe that the '-' does nothing and causes no harm.
in other syslog implementations the - tells syslog that it doesn't have
to
do a fsync after writing each message to disk, it can just keep writing
and let the OS buffer them and write them to disk.
This is the default in rsyslog.
Now it makes sense. Thanks!
2) Let's say I want to generate dynamic file names. Based on the man
page, I create the following template:
$template AuthFile,"/var/log/auth/auth-%$YEAR%-%$MONTH%-%$DAY%.log"
And apply it to, say, auth:
# auth,authpriv.* /var/log/auth.log
# auth,authpriv.* -?AuthFile
auth,authpriv.* ?AuthFile
What I noticed is that instead of the log file be owned by syslog:adm,
it is owned by syslog:syslog. Did I miss anything?
I believe that there are options to define what the file ownership is.
in /etc/rsyslog.conf I have
#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog
If I tell it to write to /var/log/auth.log, rsyslog seems to honor
$FileOwner and $FileGroup. But when I tell it to create a dynamic
filename log file, it seems to be using the user:group it dropped to
once it started, namely syslog:syslog:
that makes sense, once it drops privilages it may not have the ability to
use different credentials.
the privilage dropping feature of rsyslog was a quick-and-dirty
modification, there are many things that do not work with it because after
the privilages are dropped the process doesn't have the rights to do what
it's trying to do.
That said, in examples like
http://wiki.rsyslog.com/index.php/DailyLogRotation, they are using
dynamic filenames. I would think those examples reflect used
configurations. Could it be they are older/newer examples, so that
either the issue I am having did not exist or was solved? Or perhaps
it is just me who did not set it up right.
but that example says nothing about dropping privilage.
There are a lot of things in rsyslog that work perfectly without dropping
privilage, but don't work once privilages have been dropped. Unfortunantly
such things have not been documented as such (mostly they've been
identified as not working, questions are asked here or on the message
board and the response is very similar to what I posted, just with the
authority of the developers saying "yeah, that won't work with reduced
privilages")
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
