Hi all,
I use debian 8 (Jessie) and RSyslog 8.4.2
rsyslogd 8.4.2, compiled with:
FEATURE_REGEXP: Yes
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
memory allocator: system default
Runtime Instrumentation (slow code): No
uuid support: Yes
Number of Bits in RainerScript integers: 64
I tried to setup rsyslog to use trusted properties like UID to filter
messages and write it to UID-seperated files
$ModLoad imuxsock
$InputUnixListenSocketAnnotate on
$SystemLogSocketAnnotate on
$SystemLogUsePIDFromSystem on
$SystemLogParseTrusted on
:_UID, isequal, "0" -/tmp/test.log
The result is shown below (see at /tmp/test.log):
2015-07-27T17:01:03.381493+01:00 cassiopeia rsyslogd-2207: error during
parsing file /etc/rsyslog.conf, on or before line 133: invalid character ':'
- is there an invalid escape sequence somewhere? [try
http://www.rsyslog.com/e/2207 ]
2015-07-27T17:01:03.381562+01:00 cassiopeia rsyslogd-2184: action '_UID,'
treated as ':omusrmsg:_UID,' - please change syntax, '_UID,' will not be
supported in the future [try http://www.rsyslog.com/e/2184 ]
2015-07-27T17:01:03.381584+01:00 cassiopeia rsyslogd-2207: error during
parsing file /etc/rsyslog.conf, on or before line 133: warnings occured in
file '/etc/rsyslog.conf' around line 133 [try http://www.rsyslog.com/e/2207
]
2015-07-27T17:01:03.381593+01:00 cassiopeia rsyslogd-2184: action 'isequal,'
treated as ':omusrmsg:isequal,' - please change syntax, 'isequal,' will not
be supported in the future [try http://www.rsyslog.com/e/2184 ]
2015-07-27T17:01:03.381608+01:00 cassiopeia rsyslogd-2207: error during
parsing file /etc/rsyslog.conf, on or before line 133: warnings occured in
file '/etc/rsyslog.conf' around line 133 [try http://www.rsyslog.com/e/2207
]
2015-07-27T17:01:03.381614+01:00 cassiopeia rsyslogd-2207: error during
parsing file /etc/rsyslog.conf, on or before line 133: invalid character '"'
- is there an invalid escape sequence somewhere? [try
http://www.rsyslog.com/e/2207 ]
2015-07-27T17:01:03.381624+01:00 cassiopeia rsyslogd-2184: action '0'
treated as ':omusrmsg:0' - please change syntax, '0' will not be supported
in the future [try http://www.rsyslog.com/e/2184 ]
2015-07-27T17:01:03.381636+01:00 cassiopeia rsyslogd-2207: error during
parsing file /etc/rsyslog.conf, on or before line 133: warnings occured in
file '/etc/rsyslog.conf' around line 133 [try http://www.rsyslog.com/e/2207
]
2015-07-27T17:01:03.381644+01:00 cassiopeia rsyslogd-2207: error during
parsing file /etc/rsyslog.conf, on or before line 133: invalid character '"'
- is there an invalid escape sequence somewhere? [try
http://www.rsyslog.com/e/2207 ]
If I send Messages from another user with a UID != 0 I still see the message
in /tmp/test.log. The matching is not working.
I am wondering why I can't see log messages with the annotated string like
@..... at the end of my log lines.
Then I Changed the config to
:omusrmsg:_UID, isequal, 0 -/tmp/test.log
and nothing is shown in my logfile. How can I check which modules are loaded
by a running rsyslog instance? How can I filter log messages by the UID?
Tanks for help.
Best,
David
--
David Spautz
Consultant
credativ Ltd
Suite 5, Bloxam Court
CV21 2DU
UK office: +44 1788 298150
Email: [email protected]
Web: http://www.credativ.co.uk
--
credativ Ltd is registered in England & Wales, company no. 5261743
Certified by CompTIA / AccredIT UK with the ICT Supply standard of
quality for Software Product Design and Development
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
