On Thu, 12 Sep 2013, Erik Steffl wrote:
Default rsyslog setup (at least the Ubuntu packages) seems to not allow
rsyslog to write to its spool directory.
In /etc/rsyslog.conf:
$WorkDirectory /var/spool/rsyslog
Permissions:
drwxr-xr-x 2 root root 4096 Mar 30 2012 /var/spool/rsyslog
Rsyslog runs as syslog:
syslog 18744 0.0 0.0 375120 2436 ? Sl Sep11 0:00 rsyslogd
I am not sure how to trigger writing to spool directory so I didn't test
whether it actually writes there or not.
However I noticed some apparmor files that mention /var/spool/rsyslog/, is
that supposed to make it possible for rsyslog to write to
/var/spool/rsyslog/? Looking into apparmor but don't understand what those
setting are for yet.
the nice thing about apparmor is that it's pretty simple
you should be able to change the line that is
/var/spool/rsyslog/ r,
to
/var/spool/rsyslog/ rw,
however, if I am understanding the definition correctly, if you create a file
/var/spool/rsyslog/queuedir and put your queue files in that queuedir the
existing apparmor config should work.
David Lang
thanks,
erik
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
