On Mon, Jun 10, 2013 at 11:18 PM, Aleksandar Lazic <[email protected]>wrote:
> Hi, > > Am 10-06-2013 19:01, schrieb Rainer Gerhards: > > On Mon, Jun 10, 2013 at 6:47 PM, Aleksandar Lazic <[email protected] >> >wrote: >> >> Hi, >>> >>> Am 10-06-2013 18:16, schrieb Rainer Gerhards: >>> >>> On Mon, Jun 10, 2013 at 4:40 PM, Aleksandar Lazic <[email protected] >>> >>>> >wrote: >>>> >>>> Dear list-member. >>>> >>>>> >>>>> I try to write all unbound syslog messages into the file >>>>> /var/log/unbound.log >>>>> >>>>> ### cat /etc/rsyslog.d/21-unbound.conf >>>>> if $programname == "unbound" then /var/log/unbound.log >>>>> ### >>>>> >>>> > [snipp] > > > I thought that 'unbound' is the $programname but maybe I'am wrong. >>> >>> you should check what the fields actually contain. I finally blogged >> this >> FAQ-like entry on it: >> >> http://blog.gerhards.net/2013/**06/rsyslog-how-can-i-see-** >> which-field.html<http://blog.gerhards.net/2013/06/rsyslog-how-can-i-see-which-field.html> >> > > cool tip thanks. > > The output is > ### > tail -f /var/log/debugfmt > Debug line with all properties: > FROMHOST: 'external', fromhost-ip: '127.0.0.1', HOSTNAME: 'external', PRI: > 30, > syslogtag 'unbound:', programname: 'unbound', APP-NAME: 'unbound', PROCID: > '-', MSGID: '-', > TIMESTAMP: 'Jun 10 23:03:01', STRUCTURED-DATA: '-', > msg: ' [5017:0] info: 127.0.0.1 43.135.47.213.in-addr.arpa. PTR IN' > escaped msg: ' [5017:0] info: 127.0.0.1 43.135.47.213.in-addr.arpa. PTR IN' > inputname: imuxsock rawmsg: '<30>Jun 10 23:03:01 unbound: [5017:0] info: > 127.0.0.1 43.135.47.213.in-addr.arpa. PTR IN' > ### > > So the programname == 'unbound' the logfile is created. > > sorry - so do you say it works (the rest of the message somehow does not look so ;))? Rainer > root ~ # ls -larth /var/log/{debugfmt,unbound.**log} > -rw-r--r-- 1 syslog adm 9,2K Mai 22 16:47 /var/log/unbound.log > -rw-r--r-- 1 syslog adm 43K Jun 10 23:10 /var/log/debugfmt > > the new -dn output can be found here > > http://download.none.at/**rsyslogd-debug_02.log<http://download.none.at/rsyslogd-debug_02.log> > > this is the part of /etc/rsyslog.d/21-unbound.conf > > ### > 8994.435982456:7fcc66ae5740: IF > 8994.435983837:7fcc66ae5740: var '$programname' > 8994.435987329:7fcc66ae5740: == > 8994.435989708:7fcc66ae5740: string 'unbound' > 8994.435994350:7fcc66ae5740: THEN > 8994.435995783:7fcc66ae5740: ACTION 0xe95d90 [/var/log/unbound.log] > 8994.436000687:7fcc66ae5740: END IF > ### > > Rainer >> > > Aleks > > Thx, >>> >>>> Rainer >>>> >>>> >>> BR >>> Aleks >>> >>> after a host www.none.at I have only the message in /var/log/syslog but >>> >>>> not in /var/log/unbound.log >>>>> >>>>> >>>>> My setup: >>>>> >>>>> ### >>>>> lsb_release -a >>>>> No LSB modules are available. >>>>> Distributor ID: Ubuntu >>>>> Description: Ubuntu 12.04.2 LTS >>>>> Release: 12.04 >>>>> Codename: precise >>>>> ### >>>>> >>>>> rsyslogd -v >>>>> rsyslogd 7.4.0, compiled with: >>>>> FEATURE_REGEXP: Yes >>>>> FEATURE_LARGEFILE: No >>>>> GSSAPI Kerberos 5 support: Yes >>>>> FEATURE_DEBUG (debug build, slow code): No >>>>> 32bit Atomic operations supported: Yes >>>>> 64bit Atomic operations supported: Yes >>>>> Runtime Instrumentation (slow code): No >>>>> uuid support: Yes >>>>> >>>>> See http://www.rsyslog.com for more information. >>>>> #### >>>>> >>>>> /usr/sbin/rsyslogd -dn > rsyslogd-debug_01.log >>>>> >>>>> http://download.none.at/****rsyslogd-debug_01.log<http://download.none.at/**rsyslogd-debug_01.log> >>>>> <http://**download.none.at/rsyslogd-**debug_01.log<http://download.none.at/rsyslogd-debug_01.log> >>>>> > >>>>> <http://**download.none.at/**rsyslogd-**debug_01.log<http://download.none.at/rsyslogd-**debug_01.log> >>>>> <http:/**/download.none.at/rsyslogd-**debug_01.log<http://download.none.at/rsyslogd-debug_01.log> >>>>> > >>>>> >>>>> > >>>>> >>>>> ### >>>>> >>>>> Thanks for any help. >>>>> >>>>> BR Aleks >>>>> >>>>> ______________________________******_________________ >>>>> rsyslog mailing list >>>>> http://lists.adiscon.net/******mailman/listinfo/rsyslog<http://lists.adiscon.net/****mailman/listinfo/rsyslog> >>>>> <http:**//lists.adiscon.net/**mailman/**listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog> >>>>> > >>>>> <http:**//lists.adiscon.net/**mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/**listinfo/rsyslog> >>>>> <htt**p://lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>>>> > >>>>> > >>>>> http://www.rsyslog.com/******professional-services/<http://www.rsyslog.com/****professional-services/> >>>>> <http://**www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/> >>>>> > >>>>> <http://**www.rsyslog.com/**professional-**services/<http://www.rsyslog.com/professional-**services/> >>>>> <http:**//www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/> >>>>> > >>>>> >>>>> > >>>>> >>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >>>>> myriad >>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >>>>> DON'T LIKE THAT. >>>>> >>>>> ______________________________****_________________ >>>>> >>>> rsyslog mailing list >>>> http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog> >>>> <http:**//lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>>> > >>>> http://www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/> >>>> <http://**www.rsyslog.com/professional-**services/<http://www.rsyslog.com/professional-services/> >>>> > >>>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >>>> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST >>>> if you DON'T LIKE THAT. >>>> >>>> ______________________________****_________________ >>> rsyslog mailing list >>> http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog> >>> <http:**//lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>> > >>> http://www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/> >>> <http://**www.rsyslog.com/professional-**services/<http://www.rsyslog.com/professional-services/> >>> > >>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >>> DON'T LIKE THAT. >>> >>> ______________________________**_________________ >> rsyslog mailing list >> http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >> http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/> >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST >> if you DON'T LIKE THAT. >> > ______________________________**_________________ > rsyslog mailing list > http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> > http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/> > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
