[rsyslog] errors from "omprog" script
Hello, I am using custom python script to process logs, and ban offending IPs: local0.* action(type="omprog" name="asterisk" binary="/usr/local/sbin/asterisk.py") When my script generates some error, I don't see it anywhere in the logs (but I do see python errors when I run my script manually with given input) Do I have to redirect the errors somewhere explicitly ? thanks, ___ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
[rsyslog] syslogtag: only log daemon name, without the [pid]
Hello, I have defined my own template for logging: $template long-iso,"%$NOW% %timereported:8:15% %syslogtag% %msg%\n" Which logs in following format: 2021-08-14 05:55:31 sshd[1856]: message How can I make the %syslogtag% to only log daemon name, without the [pid] part ? I am using rsyslog 8.1901 on Debian 10 thank you, ___ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
[rsyslog] combining multiple filters
Hello, How can I filter messages that satisfy both conditions at the same time? :syslogtag, startswith, "dovecot"stop :msg, startswith, "imap-login " stop I am using rsyslog 8.1901.0-1 on Debian 10 thanks, ___ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] errors from omprog script
> On 2021-01-15 19:57, John Chivian wrote: The python script should trap its own stderr (and/or stdout) and write it to a separate file. but what if there is syntax error in my script? Where can I see this error? thanks, ___ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
[rsyslog] errors from omprog script
Hello I am using omprog, to send logs to my script: mail.* action(type="omprog" binary="/usr/bin/blacklist.py ... ) If my script generates errors, where can I see these errors? I looked in my main syslog log file, but there is nothing. I can run my script from commandline, and see the error, but not when it is run by syslog. thanks, ___ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
[rsyslog] rsyslog tries to open network socket when (re)started
Hello, every time I restart rsyslog, it tries to open network socket on my main interface eth0 and on 127.0.1.1 I assume this is to resolve my hostname ? I have added all IPs to /etc/hosts, so that rsyslog does not need to resolve any hostnames 127.0.0.1localhost 127.0.1.1myhost 1.2.3.4myhost# eth0 10.1.1.1myhost-v1# eth1 10.1.2.1myhost-v2# eth2 where 1.2.3.4 is substituted for my real IP. I have my reasons why this bothers me, by I think these are not relevant to this discussion. I can explain in more detail if necessary. Q: can I tell rsyslog to not use network sockets at all, and only act as local daemon? I also have "$PreserveFQDN on" in my /etc/rsyslog.conf many thanks, ___ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] omprog script left running after rsyslog stopped
> On 2020-06-04 20:00, John Chivian via rsyslog wrote: From the documentation page... [omprog] Executes the configured program and feeds log messages to that binary via stdin. The binary is free to do whatever it wants with the supplied data. If the program terminates, it is re-started. If rsyslog terminates, the program’s stdin will see EOF. The program must then terminate. So don't expect rsyslog to terminate the program, the program must recognize the EOF on stdin and exit of its own accord. thank you. now everything works perfectly. ___ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
[rsyslog] omprog script left running after rsyslog stopped
Hello, I am using omprog to send mail logs to my script: mail.* action(type="omprog" name="blacklist" binary="/usr/local/sbin/blacklist.py" template="long-iso") It works well, but I have noticed that when I stop rsyslog, the script is not terminated, but continues running. I can see the process with "ps". Shouldn't the scrip be terminated when rsyslog exits? What should happen when I start rsyslog, should it start new instance, or use the already running instance? Is this correct behavior ? thanks, ___ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
[rsyslog] logrotate does not work when rsyslog logs via external program (omprog)
Hello,
in my /etc/rsyslog.conf, I am calling external script to handle
mail.* logging:
mail.*action(type="omprog" name="blacklist-postfix"
binary="/usr/local/sbin/postfix.py" template="long-iso")
This custom script processes logs, and writes to /var/log/mail/mail.log
Everything works well, except my logs are not being logrotated properly.
This is my logrotate config:
/var/log/mail/mail.log {
rotate 4
weekly
sharedscripts
postrotate
invoke-rc.d rsyslog rotate > /dev/null
endscript
}
I suspect, the problem is that "invoke-rc.d rsyslog rotate" does rotate
rsyslog, but not my external script.
What would be the proper way to handle this?
Do I have to restart rsyslog, so that my script is terminated and
started anew?
___
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
[rsyslog] using 2 different ActionOMProgBinary
Hello, I am using "ActionOMProgBinary" in my /etc/rsyslog.conf ... $ActionOMProgBinary /usr/local/sbin/blacklist.py ... mail.* :omprog: ... Now I actually need to define 2 different binaries, and call one for mail.* and the other for auth.* How could I do this ? I am using rsyslog 8.1901 on Debian. thanks, ___ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
