On 2007-08-29, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>>
>> Aug 27 21:58:01 syslogd 1.4.1: restart.
>> Aug 27 21:58:01 syslogd 1.4.1: restart.
>> Aug 27 21:58:01 syslogd 1.4.1: restart.
>>
>> Aug 27 22:02:48 last message repeated 12 times
>> Aug 27 22:02:49 last message repeated 6 times
>> Aug 27 22:02:49 last message repeated 92 times
>>
>
> in your example above, %programname% was an empty string, so you've
> ended up with the logfile /var/log/rsyslog/apps/.log.
In the entry:
Aug 27 22:00:17 censored5.domain.mgmt /usr/bin/sudo djksjdks :
TTY=unknown ; PWD=/home/djksjdks ; USER=root ; COMMAND=/sbin/iptables-save
I'd expect it to be "/usr/bin/sudo djksjdks ", and that's what I think sudo
intended it to be. Testing using "logger" I see that %programname% gets a bit
strange interpretations:
# logger -t xyz test
# cat xyz.log
Aug 29 13:18:27 loghost1 xyz: test
# logger -t "x y z" test
# cat x.log
Aug 29 13:19:30 loghost1 x y z: test
# logger -t "y z " test
# cat y.log
Aug 29 13:21:17 loghost1 y z : test
And strangely, this one sets the %programname% to the hostname:
# logger -t " w" test
# cat loghost1.log
Aug 29 13:26:08 loghost1 loghost1 w: test
-jf
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
