root 2722 1 0 12:19 ? 00:00:00 rsyslogd -c4 ubuntu 10.04 LTS default settings everywhere
On 20 October 2011 13:37, Rainer Gerhards <[email protected]> wrote: >> -----Original Message----- >> From: [email protected] [mailto:rsyslog- >> [email protected]] On Behalf Of Peter Horvath >> Sent: Thursday, October 20, 2011 2:18 PM >> To: rsyslog-users >> Subject: Re: [rsyslog] Dynamic file names >> >> Thank you, that makes it working however: >> >> This is the default settings >> $FileOwner syslog >> $FileGroup adm >> $FileCreateMode 0640 >> $DirCreateMode 0755 >> $Umask 0022 >> $PrivDropToUser syslog >> $PrivDropToGroup syslog >> >> If I comment out the privileges drop it is working But if I just change the >> already created files from >> -rw-r----- 1 syslog syslog 0 2011-10-20 11:34 >> vhostname_access_log.20111020 >> -rw-r----- 1 syslog syslog 0 2011-10-20 11:34 >> vhostname_error_log.20111020 >> >> to >> >> -rw-r----- 1 syslog adm 0 2011-10-20 11:34 >> vhostname_access_log.20111020 >> -rw-r----- 1 syslog adm 0 2011-10-20 11:34 >> vhostname_error_log.20111020 >> >> insted commenting out, it is also starts working. > > Mhhh, this doesn't make much sense to me. The user should be able to open > files for writing if it has permissions... and it looks like it has. Can you > check if rsyslog actually runs under the syslog user? > > Rainer > > >> >> >> On 20 October 2011 12:53, Rainer Gerhards <[email protected]> >> wrote: >> >> -----Original Message----- >> >> From: [email protected] [mailto:rsyslog- >> >> [email protected]] On Behalf Of Peter Horvath >> >> Sent: Thursday, October 20, 2011 1:48 PM >> >> To: rsyslog-users >> >> Subject: Re: [rsyslog] Dynamic file names >> >> >> >> I continued to extend my config after i managed to solve this issue. >> >> >> >> Logs are comming in from localhost and remote host on TCP 514. >> >> >> >> Apaches send their logs to the syslog with the following config: >> >> >> >> ErrorLog "|/usr/bin/logger -p local6.warn -t httpd_error_vhostname" >> >> CustomLog "|/usr/bin/logger -p local6.info -t httpd_access_vhostname" >> >> combined >> >> >> >> Added the following lines to rsyslog conf $template >> >> ApacheLogFormat,"%msg:2:10000%\n" >> >> $template >> >> >> local6error,"/var/log/%programname:13:50%_error_log.%$YEAR%%$MONT >> >> H%%$DAY%" >> >> $template >> >> >> local6access,"/var/log/%programname:14:50%_access_log.%$YEAR%%$MO >> >> NTH%%$DAY%" >> >> >> >> if $syslogfacility-text == 'local6' and $programname startswith >> > 'httpd_error' >> >> then -?local6error;ApacheLogFormat #& ~ if $syslogfacility-text == > 'local6' >> >> and $programname startswith 'httpd_access' then - >> >> ?local6access;ApacheLogFormat #& ~ >> >> >> >> I getting this error message in syslog: >> >> rsyslogd: Could not open dynamic file >> >> '/var/log/vhostname_access_log.20111020' - discarding message >> >> rsyslogd: Could not open dynamic file >> >> '/var/log/vhostname_error_log.20111020' - discarding message >> >> >> >> I've already given /var/log to syslog user and the files are created >> > perfectly >> >> however it cannot write them for some reason. >> >> I tried to open files in a different location and also same effect, >> >> files >> > are >> >> created but rsyslog tells me could not open. >> >> Files are created with this mask. >> >> -rw-r----- 1 syslog syslog 0 2011-10-20 11:34 >> >> vhostname_access_log.20111020 >> >> -rw-r----- 1 syslog syslog 0 2011-10-20 11:34 >> >> vhostname_error_log.20111020 >> >> >> >> Am i missing something? >> >> >> >> Sorry if i am missing something obvious. >> > >> > I suggest to remove >> > >> > $PrivDropToUser syslog >> > $PrivDropToGroup syslog >> > >> > From your config and retry. When it then works, we know for sure it is >> > related to the permissions. >> > >> > Rainer >> >> >> >> >> >> On 13 October 2011 11:47, Ryan Kelly <[email protected]> wrote: >> >> >> I would like to get opinions about this: >> >> >> >> >> >> I have the following line in my rsyslog conf: >> >> >> $template DynFile,"/var/log/syslog-%HOSTNAME%" >> >> >> *.*;auth,authpriv.none ?DynFile >> >> >> >> >> >> And it is not working. >> >> > At a glance it looks ok. Try invoking rsyslog with -N1 to see if it >> >> > complains about your configuration. >> >> > >> >> >> After hours of different tries realized if i remove >> >> >> ;auth,authpriv.none It starts to work magically. >> >> >> $template DynFile,"/var/log/syslog-%HOSTNAME%" >> >> >> *.* ?DynFile >> >> >> >> >> >> However i had to touch the files manually because these error >> >> >> messages appeared in the log: >> >> >> rsyslogd: Could not open dynamic file '/var/log/syslog-XXX' - >> >> >> discarding message >> >> > The dynamic files aren't created when rsyslog starts, so it needs >> >> > permission to write them after it drops permissions (the default >> >> > configuration in Ubuntu). If you try to write the file to /var/log >> >> > (which you are) you will get this error because /var/log is owned >> >> > by root and syslog cannot write new files there. At our site we >> >> > work around this by creating a new folder owned by syslog. >> >> > >> >> >> It is an Ubuntu 10.04 LTS with the repo install of rsyslog 4.2.0 >> >> > The important lines to note are these: >> >> > $PrivDropToUser syslog >> >> > $PrivDropToGroup syslog >> >> > >> >> > Which are why the file can't be created dynamically in /var/log. >> >> > >> >> >> Do you have any idea what the problem with my original try and why >> >> >> rsyslog cannot open logfiles? >> >> > >> >> > -Ryan Kelly >> >> > _______________________________________________ >> >> > rsyslog mailing list >> >> > http://lists.adiscon.net/mailman/listinfo/rsyslog >> >> > http://www.rsyslog.com >> >> > >> >> _______________________________________________ >> >> rsyslog mailing list >> >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> >> http://www.rsyslog.com >> > _______________________________________________ >> > rsyslog mailing list >> > http://lists.adiscon.net/mailman/listinfo/rsyslog >> > http://www.rsyslog.com >> > >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
