Thank you, that makes it working however: This is the default settings $FileOwner syslog $FileGroup adm $FileCreateMode 0640 $DirCreateMode 0755 $Umask 0022 $PrivDropToUser syslog $PrivDropToGroup syslog
If I comment out the privileges drop it is working But if I just change the already created files from -rw-r----- 1 syslog syslog 0 2011-10-20 11:34 vhostname_access_log.20111020 -rw-r----- 1 syslog syslog 0 2011-10-20 11:34 vhostname_error_log.20111020 to -rw-r----- 1 syslog adm 0 2011-10-20 11:34 vhostname_access_log.20111020 -rw-r----- 1 syslog adm 0 2011-10-20 11:34 vhostname_error_log.20111020 insted commenting out, it is also starts working. On 20 October 2011 12:53, Rainer Gerhards <[email protected]> wrote: >> -----Original Message----- >> From: [email protected] [mailto:rsyslog- >> [email protected]] On Behalf Of Peter Horvath >> Sent: Thursday, October 20, 2011 1:48 PM >> To: rsyslog-users >> Subject: Re: [rsyslog] Dynamic file names >> >> I continued to extend my config after i managed to solve this issue. >> >> Logs are comming in from localhost and remote host on TCP 514. >> >> Apaches send their logs to the syslog with the following config: >> >> ErrorLog "|/usr/bin/logger -p local6.warn -t httpd_error_vhostname" >> CustomLog "|/usr/bin/logger -p local6.info -t httpd_access_vhostname" >> combined >> >> Added the following lines to rsyslog conf $template >> ApacheLogFormat,"%msg:2:10000%\n" >> $template >> local6error,"/var/log/%programname:13:50%_error_log.%$YEAR%%$MONT >> H%%$DAY%" >> $template >> local6access,"/var/log/%programname:14:50%_access_log.%$YEAR%%$MO >> NTH%%$DAY%" >> >> if $syslogfacility-text == 'local6' and $programname startswith > 'httpd_error' >> then -?local6error;ApacheLogFormat #& ~ if $syslogfacility-text == 'local6' >> and $programname startswith 'httpd_access' then - >> ?local6access;ApacheLogFormat #& ~ >> >> I getting this error message in syslog: >> rsyslogd: Could not open dynamic file >> '/var/log/vhostname_access_log.20111020' - discarding message >> rsyslogd: Could not open dynamic file >> '/var/log/vhostname_error_log.20111020' - discarding message >> >> I've already given /var/log to syslog user and the files are created > perfectly >> however it cannot write them for some reason. >> I tried to open files in a different location and also same effect, files > are >> created but rsyslog tells me could not open. >> Files are created with this mask. >> -rw-r----- 1 syslog syslog 0 2011-10-20 11:34 >> vhostname_access_log.20111020 >> -rw-r----- 1 syslog syslog 0 2011-10-20 11:34 >> vhostname_error_log.20111020 >> >> Am i missing something? >> >> Sorry if i am missing something obvious. > > I suggest to remove > > $PrivDropToUser syslog > $PrivDropToGroup syslog > > From your config and retry. When it then works, we know for sure it is > related to the permissions. > > Rainer >> >> >> On 13 October 2011 11:47, Ryan Kelly <[email protected]> wrote: >> >> I would like to get opinions about this: >> >> >> >> I have the following line in my rsyslog conf: >> >> $template DynFile,"/var/log/syslog-%HOSTNAME%" >> >> *.*;auth,authpriv.none ?DynFile >> >> >> >> And it is not working. >> > At a glance it looks ok. Try invoking rsyslog with -N1 to see if it >> > complains about your configuration. >> > >> >> After hours of different tries realized if i remove >> >> ;auth,authpriv.none It starts to work magically. >> >> $template DynFile,"/var/log/syslog-%HOSTNAME%" >> >> *.* ?DynFile >> >> >> >> However i had to touch the files manually because these error >> >> messages appeared in the log: >> >> rsyslogd: Could not open dynamic file '/var/log/syslog-XXX' - >> >> discarding message >> > The dynamic files aren't created when rsyslog starts, so it needs >> > permission to write them after it drops permissions (the default >> > configuration in Ubuntu). If you try to write the file to /var/log >> > (which you are) you will get this error because /var/log is owned by >> > root and syslog cannot write new files there. At our site we work >> > around this by creating a new folder owned by syslog. >> > >> >> It is an Ubuntu 10.04 LTS with the repo install of rsyslog 4.2.0 >> > The important lines to note are these: >> > $PrivDropToUser syslog >> > $PrivDropToGroup syslog >> > >> > Which are why the file can't be created dynamically in /var/log. >> > >> >> Do you have any idea what the problem with my original try and why >> >> rsyslog cannot open logfiles? >> > >> > -Ryan Kelly >> > _______________________________________________ >> > rsyslog mailing list >> > http://lists.adiscon.net/mailman/listinfo/rsyslog >> > http://www.rsyslog.com >> > >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
