try eliminating the privdrop configs. They cause all sorts of permission
problems.
the debug file you provide doesn't show anything after the startup messages. You
probably need to add the 'n' flag to the startup so that it doesn't go into the
background.
David Lang
On Wed, 12 Jun 2013, Aleksandar Lazic wrote:
Date: Wed, 12 Jun 2013 20:52:43 +0200
From: Aleksandar Lazic <[email protected]>
Reply-To: rsyslog-users <[email protected]>
To: [email protected]
Subject: Re: [rsyslog] first use of rainerscript rsyslog 7.4 and unbound
messages
Dear David,
Am 12-06-2013 18:13, schrieb David Lang:
On Wed, 12 Jun 2013, Aleksandar Lazic wrote:
[snipp]
does not work.
what doesn't work about it?
As I have tried to described in my first post.
http://lists.adiscon.net/pipermail/rsyslog/2013-June/032776.html
###
I try to write all unbound syslog messages into the file
/var/log/unbound.log
### cat /etc/rsyslog.d/21-unbound.conf
if $programname == "unbound" then /var/log/unbound.log
###
after a host www.none.at I have only the message in /var/log/syslog but
not in /var/log/unbound.log
###
i'll note that the logs I've seen from postfix don't have the
programname == 'postfix', they have things like 'postfix/master', so
it's very possible that your test is just wrong.
I have started with unbound, postfix was just another try. Let us focus on
unbound.
In addition, there are conflicts between setting file ownee/group and
dropping privilages in many cases. Since we don't have your full
config we can't see if that's what's happening.
My config-files are provided here.
http://download.none.at/rsyslog_confs.tar.gz
as described here
http://lists.adiscon.net/pipermail/rsyslog/2013-June/032812.html
I have also set a chown syslog /var/log so that rsyslog can create files.
I'll also note that turning sync on will drastically reduce your write
performance (down to ~100 messges/sec on a standard 7200 rpm drive)
Thanks, i will change it.
in cases like this, the first thing to do is to simplify your config
to see what part is failing. Is the test working? if so, what of the
other options makes it quit working? If not, log with the
RSYSLOG_DebugFormat to see what the the fields really contain as per
this post
http://blog.gerhards.net/2013/06/rsyslog-how-can-i-see-which-field.html
I have used this and on Jun 10 it works,
http://lists.adiscon.net/pipermail/rsyslog/2013-June/032812.html
now 2 days later rsyslog does not write anything into this file?!
ls -larth /var/log/debugfmt
-rw-r--r-- 1 syslog adm 0 Jun 12 20:31 /var/log/debugfmt
I'm a little bit surprised that this happen?!
I have reverted all the changes but still rsyslog writes nothing into this
file.
David Lang
there was a update for libestr0
libestr0 0.1.5-0adiscon3
from
# Adiscon repository
# http://www.rsyslog.com/ubuntu-repository/
deb http://ubuntu.adiscon.com/v7-stable precise/
deb-src http://ubuntu.adiscon.com/v7-stable precise/
the output of
/usr/sbin/rsyslogd -d > rsyslogd-debug_11.log
can get from
http://download.none.at/rsyslogd-debug_11.log
The current files are in this archive.
http://download.none.at/rsyslog_confs_01.tar.gz
I would be happy for help to find a solution.
Best regards
Aleks
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
