> -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Peter Horvath > Sent: Thursday, October 20, 2011 3:14 PM > To: rsyslog-users > Subject: Re: [rsyslog] Dynamic file names > > root 2722 1 0 12:19 ? 00:00:00 rsyslogd -c4 > ubuntu 10.04 LTS default settings everywhere
Even more puzzling. I suggest you ask on an Ubuntu list, and would appreciate if you could post the result here. The Ubuntu package was broken in various ways due to the way they dropped privileges but did not sync that with the rest of their packages. The one you use may have such defects (to the best of my knowledge they still have not solved all issues). Rainer > > On 20 October 2011 13:37, Rainer Gerhards <[email protected]> > wrote: > >> -----Original Message----- > >> From: [email protected] [mailto:rsyslog- > >> [email protected]] On Behalf Of Peter Horvath > >> Sent: Thursday, October 20, 2011 2:18 PM > >> To: rsyslog-users > >> Subject: Re: [rsyslog] Dynamic file names > >> > >> Thank you, that makes it working however: > >> > >> This is the default settings > >> $FileOwner syslog > >> $FileGroup adm > >> $FileCreateMode 0640 > >> $DirCreateMode 0755 > >> $Umask 0022 > >> $PrivDropToUser syslog > >> $PrivDropToGroup syslog > >> > >> If I comment out the privileges drop it is working But if I just > change the > >> already created files from > >> -rw-r----- 1 syslog syslog 0 2011-10-20 11:34 > >> vhostname_access_log.20111020 > >> -rw-r----- 1 syslog syslog 0 2011-10-20 11:34 > >> vhostname_error_log.20111020 > >> > >> to > >> > >> -rw-r----- 1 syslog adm 0 2011-10-20 11:34 > >> vhostname_access_log.20111020 > >> -rw-r----- 1 syslog adm 0 2011-10-20 11:34 > >> vhostname_error_log.20111020 > >> > >> insted commenting out, it is also starts working. > > > > Mhhh, this doesn't make much sense to me. The user should be able to > open > > files for writing if it has permissions... and it looks like it has. > Can you > > check if rsyslog actually runs under the syslog user? > > > > Rainer > > > > > >> > >> > >> On 20 October 2011 12:53, Rainer Gerhards <[email protected]> > >> wrote: > >> >> -----Original Message----- > >> >> From: [email protected] [mailto:rsyslog- > >> >> [email protected]] On Behalf Of Peter Horvath > >> >> Sent: Thursday, October 20, 2011 1:48 PM > >> >> To: rsyslog-users > >> >> Subject: Re: [rsyslog] Dynamic file names > >> >> > >> >> I continued to extend my config after i managed to solve this > issue. > >> >> > >> >> Logs are comming in from localhost and remote host on TCP 514. > >> >> > >> >> Apaches send their logs to the syslog with the following config: > >> >> > >> >> ErrorLog "|/usr/bin/logger -p local6.warn -t > httpd_error_vhostname" > >> >> CustomLog "|/usr/bin/logger -p local6.info -t > httpd_access_vhostname" > >> >> combined > >> >> > >> >> Added the following lines to rsyslog conf $template > >> >> ApacheLogFormat,"%msg:2:10000%\n" > >> >> $template > >> >> > >> local6error,"/var/log/%programname:13:50%_error_log.%$YEAR%%$MONT > >> >> H%%$DAY%" > >> >> $template > >> >> > >> local6access,"/var/log/%programname:14:50%_access_log.%$YEAR%%$MO > >> >> NTH%%$DAY%" > >> >> > >> >> if $syslogfacility-text == 'local6' and $programname startswith > >> > 'httpd_error' > >> >> then -?local6error;ApacheLogFormat #& ~ if $syslogfacility-text > == > > 'local6' > >> >> and $programname startswith 'httpd_access' then - > >> >> ?local6access;ApacheLogFormat #& ~ > >> >> > >> >> I getting this error message in syslog: > >> >> rsyslogd: Could not open dynamic file > >> >> '/var/log/vhostname_access_log.20111020' - discarding message > >> >> rsyslogd: Could not open dynamic file > >> >> '/var/log/vhostname_error_log.20111020' - discarding message > >> >> > >> >> I've already given /var/log to syslog user and the files are > created > >> > perfectly > >> >> however it cannot write them for some reason. > >> >> I tried to open files in a different location and also same > effect, > >> >> files > >> > are > >> >> created but rsyslog tells me could not open. > >> >> Files are created with this mask. > >> >> -rw-r----- 1 syslog syslog 0 2011-10-20 11:34 > >> >> vhostname_access_log.20111020 > >> >> -rw-r----- 1 syslog syslog 0 2011-10-20 11:34 > >> >> vhostname_error_log.20111020 > >> >> > >> >> Am i missing something? > >> >> > >> >> Sorry if i am missing something obvious. > >> > > >> > I suggest to remove > >> > > >> > $PrivDropToUser syslog > >> > $PrivDropToGroup syslog > >> > > >> > From your config and retry. When it then works, we know for sure > it is > >> > related to the permissions. > >> > > >> > Rainer > >> >> > >> >> > >> >> On 13 October 2011 11:47, Ryan Kelly <[email protected]> wrote: > >> >> >> I would like to get opinions about this: > >> >> >> > >> >> >> I have the following line in my rsyslog conf: > >> >> >> $template DynFile,"/var/log/syslog-%HOSTNAME%" > >> >> >> *.*;auth,authpriv.none ?DynFile > >> >> >> > >> >> >> And it is not working. > >> >> > At a glance it looks ok. Try invoking rsyslog with -N1 to see > if it > >> >> > complains about your configuration. > >> >> > > >> >> >> After hours of different tries realized if i remove > >> >> >> ;auth,authpriv.none It starts to work magically. > >> >> >> $template DynFile,"/var/log/syslog-%HOSTNAME%" > >> >> >> *.* ?DynFile > >> >> >> > >> >> >> However i had to touch the files manually because these error > >> >> >> messages appeared in the log: > >> >> >> rsyslogd: Could not open dynamic file '/var/log/syslog-XXX' - > >> >> >> discarding message > >> >> > The dynamic files aren't created when rsyslog starts, so it > needs > >> >> > permission to write them after it drops permissions (the > default > >> >> > configuration in Ubuntu). If you try to write the file to > /var/log > >> >> > (which you are) you will get this error because /var/log is > owned > >> >> > by root and syslog cannot write new files there. At our site we > >> >> > work around this by creating a new folder owned by syslog. > >> >> > > >> >> >> It is an Ubuntu 10.04 LTS with the repo install of rsyslog > 4.2.0 > >> >> > The important lines to note are these: > >> >> > $PrivDropToUser syslog > >> >> > $PrivDropToGroup syslog > >> >> > > >> >> > Which are why the file can't be created dynamically in > /var/log. > >> >> > > >> >> >> Do you have any idea what the problem with my original try and > why > >> >> >> rsyslog cannot open logfiles? > >> >> > > >> >> > -Ryan Kelly > >> >> > _______________________________________________ > >> >> > rsyslog mailing list > >> >> > http://lists.adiscon.net/mailman/listinfo/rsyslog > >> >> > http://www.rsyslog.com > >> >> > > >> >> _______________________________________________ > >> >> rsyslog mailing list > >> >> http://lists.adiscon.net/mailman/listinfo/rsyslog > >> >> http://www.rsyslog.com > >> > _______________________________________________ > >> > rsyslog mailing list > >> > http://lists.adiscon.net/mailman/listinfo/rsyslog > >> > http://www.rsyslog.com > >> > > >> _______________________________________________ > >> rsyslog mailing list > >> http://lists.adiscon.net/mailman/listinfo/rsyslog > >> http://www.rsyslog.com > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
