I continued to extend my config after i managed to solve this issue. Logs are comming in from localhost and remote host on TCP 514.
Apaches send their logs to the syslog with the following config: ErrorLog "|/usr/bin/logger -p local6.warn -t httpd_error_vhostname" CustomLog "|/usr/bin/logger -p local6.info -t httpd_access_vhostname" combined Added the following lines to rsyslog conf $template ApacheLogFormat,"%msg:2:10000%\n" $template local6error,"/var/log/%programname:13:50%_error_log.%$YEAR%%$MONTH%%$DAY%" $template local6access,"/var/log/%programname:14:50%_access_log.%$YEAR%%$MONTH%%$DAY%" if $syslogfacility-text == 'local6' and $programname startswith 'httpd_error' then -?local6error;ApacheLogFormat #& ~ if $syslogfacility-text == 'local6' and $programname startswith 'httpd_access' then -?local6access;ApacheLogFormat #& ~ I getting this error message in syslog: rsyslogd: Could not open dynamic file '/var/log/vhostname_access_log.20111020' - discarding message rsyslogd: Could not open dynamic file '/var/log/vhostname_error_log.20111020' - discarding message I've already given /var/log to syslog user and the files are created perfectly however it cannot write them for some reason. I tried to open files in a different location and also same effect, files are created but rsyslog tells me could not open. Files are created with this mask. -rw-r----- 1 syslog syslog 0 2011-10-20 11:34 vhostname_access_log.20111020 -rw-r----- 1 syslog syslog 0 2011-10-20 11:34 vhostname_error_log.20111020 Am i missing something? Sorry if i am missing something obvious. On 13 October 2011 11:47, Ryan Kelly <[email protected]> wrote: >> I would like to get opinions about this: >> >> I have the following line in my rsyslog conf: >> $template DynFile,"/var/log/syslog-%HOSTNAME%" >> *.*;auth,authpriv.none ?DynFile >> >> And it is not working. > At a glance it looks ok. Try invoking rsyslog with -N1 to see if it > complains about your configuration. > >> After hours of different tries realized if i remove ;auth,authpriv.none >> It starts to work magically. >> $template DynFile,"/var/log/syslog-%HOSTNAME%" >> *.* ?DynFile >> >> However i had to touch the files manually because these error messages >> appeared in the log: >> rsyslogd: Could not open dynamic file '/var/log/syslog-XXX' - discarding >> message > The dynamic files aren't created when rsyslog starts, so it needs > permission to write them after it drops permissions (the default > configuration in Ubuntu). If you try to write the file to /var/log > (which you are) you will get this error because /var/log is owned by > root and syslog cannot write new files there. At our site we work around > this by creating a new folder owned by syslog. > >> It is an Ubuntu 10.04 LTS with the repo install of rsyslog 4.2.0 > The important lines to note are these: > $PrivDropToUser syslog > $PrivDropToGroup syslog > > Which are why the file can't be created dynamically in /var/log. > >> Do you have any idea what the problem with my original try and why >> rsyslog cannot open logfiles? > > -Ryan Kelly > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
