Hi,
Am 10-06-2013 19:01, schrieb Rainer Gerhards:
On Mon, Jun 10, 2013 at 6:47 PM, Aleksandar Lazic
<[email protected]>wrote:
Hi,
Am 10-06-2013 18:16, schrieb Rainer Gerhards:
On Mon, Jun 10, 2013 at 4:40 PM, Aleksandar Lazic <[email protected]
>wrote:
Dear list-member.
I try to write all unbound syslog messages into the file
/var/log/unbound.log
### cat /etc/rsyslog.d/21-unbound.conf
if $programname == "unbound" then /var/log/unbound.log
###
[snipp]
I thought that 'unbound' is the $programname but maybe I'am wrong.
you should check what the fields actually contain. I finally blogged
this
FAQ-like entry on it:
http://blog.gerhards.net/2013/06/rsyslog-how-can-i-see-which-field.html
cool tip thanks.
The output is
###
tail -f /var/log/debugfmt
Debug line with all properties:
FROMHOST: 'external', fromhost-ip: '127.0.0.1', HOSTNAME: 'external',
PRI: 30,
syslogtag 'unbound:', programname: 'unbound', APP-NAME: 'unbound',
PROCID: '-', MSGID: '-',
TIMESTAMP: 'Jun 10 23:03:01', STRUCTURED-DATA: '-',
msg: ' [5017:0] info: 127.0.0.1 43.135.47.213.in-addr.arpa. PTR IN'
escaped msg: ' [5017:0] info: 127.0.0.1 43.135.47.213.in-addr.arpa. PTR
IN'
inputname: imuxsock rawmsg: '<30>Jun 10 23:03:01 unbound: [5017:0] info:
127.0.0.1 43.135.47.213.in-addr.arpa. PTR IN'
###
So the programname == 'unbound' the logfile is created.
root ~ # ls -larth /var/log/{debugfmt,unbound.log}
-rw-r--r-- 1 syslog adm 9,2K Mai 22 16:47 /var/log/unbound.log
-rw-r--r-- 1 syslog adm 43K Jun 10 23:10 /var/log/debugfmt
the new -dn output can be found here
http://download.none.at/rsyslogd-debug_02.log
this is the part of /etc/rsyslog.d/21-unbound.conf
###
8994.435982456:7fcc66ae5740: IF
8994.435983837:7fcc66ae5740: var '$programname'
8994.435987329:7fcc66ae5740: ==
8994.435989708:7fcc66ae5740: string 'unbound'
8994.435994350:7fcc66ae5740: THEN
8994.435995783:7fcc66ae5740: ACTION 0xe95d90 [/var/log/unbound.log]
8994.436000687:7fcc66ae5740: END IF
###
Rainer
Aleks
Thx,
Rainer
BR
Aleks
after a host www.none.at I have only the message in /var/log/syslog
but
not in /var/log/unbound.log
My setup:
###
lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 12.04.2 LTS
Release: 12.04
Codename: precise
###
rsyslogd -v
rsyslogd 7.4.0, compiled with:
FEATURE_REGEXP: Yes
FEATURE_LARGEFILE: No
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
Runtime Instrumentation (slow code): No
uuid support: Yes
See http://www.rsyslog.com for more information.
####
/usr/sbin/rsyslogd -dn > rsyslogd-debug_01.log
http://download.none.at/**rsyslogd-debug_01.log<http://download.none.at/rsyslogd-debug_01.log>
<http://**download.none.at/rsyslogd-**debug_01.log<http://download.none.at/rsyslogd-debug_01.log>
>
###
Thanks for any help.
BR Aleks
______________________________****_________________
rsyslog mailing list
http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog>
<http:**//lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>
>
http://www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/>
<http://**www.rsyslog.com/professional-**services/<http://www.rsyslog.com/professional-services/>
>
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
you
DON'T LIKE THAT.
______________________________**_________________
rsyslog mailing list
http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>
http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/>
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
POST
if you DON'T LIKE THAT.
______________________________**_________________
rsyslog mailing list
http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>
http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/>
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
