Default rsyslog setup (at least the Ubuntu packages) seems to not
allow rsyslog to write to its spool directory.
In /etc/rsyslog.conf:
$WorkDirectory /var/spool/rsyslog
Permissions:
drwxr-xr-x 2 root root 4096 Mar 30 2012 /var/spool/rsyslog
Rsyslog runs as syslog:
syslog 18744 0.0 0.0 375120 2436 ? Sl Sep11 0:00 rsyslogd
I am not sure how to trigger writing to spool directory so I didn't
test whether it actually writes there or not.
However I noticed some apparmor files that mention
/var/spool/rsyslog/, is that supposed to make it possible for rsyslog to
write to /var/spool/rsyslog/? Looking into apparmor but don't understand
what those setting are for yet.
thanks,
erik
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
