Forum: CFEngine Help Subject: log entries in /var/log/messages not making it to remote syslog host Author: bennettroller Link to topic: https://cfengine.com/forum/read.php?3,23859,23859#msg-23859
We are running cfengine-community-3.1.4-1.el5 on OEL 5.5 I have produced log entries in /var/log/messages via reports and via log messages. I changed my syslog.conf to send all messages to a remote host(no luck). I cannot for the life of me figure out why. I can see via strace that the message is getting written to somewhere other than /dev/log.... maybe the file in outputs? write(1, " -> Object /etc/motd had permiss"..., 59) = 59 write(1, "L: cf3: /etc/motd has been overw"..., 40) = 40 I can see that file handle 1 is not /dev/log (syslogd) # lsof /dev/log COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME syslogd 19897 root 0u unix 0xffff810124bdf480 31457771 /dev/log # so it looks like there is some magic that happens to get the log entry to /var/log/messages... # tail -n 6 /var/log/messages Nov 1 08:20:41 cftest1 cf-serverd[20748]: Private decrypt failed = block type is not 02 ***** Nov 1 08:21:55 cftest1 community>[22198]: L: cf3: /etc/motd has been overwritten. Nov 1 08:21:55 cftest1 community>[22198]: L: cf3: /etc/motd has been overwritten. Nov 1 08:26:04 cftest1 cf-serverd[20748]: Private decrypt failed = padding check failed Nov 1 08:28:50 cftest1 community>[22408]: L: cf3: /etc/motd has been overwritten. The short question is that I want my local syslog server to get "messages" when stuff changes so it can forward it to a remote syslog server... Help please. Bennett _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
