unsubscribe
On 7/12/14, [email protected] <[email protected]> wrote: > Send rsyslog mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.adiscon.net/mailman/listinfo/rsyslog > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of rsyslog digest..." > > > Today's Topics: > > 1. diskfull / uninterruptible sleep situation (Marc Fournier) > 2. Re: diskfull / uninterruptible sleep situation (Rainer Gerhards) > 3. Re: diskfull / uninterruptible sleep situation (Marc Fournier) > 4. rsyslog 8.3.4 (v8-devel) released (Florian Riedl) > 5. Re: rsyslog 8.3.4 (v8-devel) released (Eugene Istomin) > 6. Re: rsyslog 8.3.4 (v8-devel) released (Eugene Istomin) > 7. Re: rsyslog 8.3.4 (v8-devel) released (Rainer Gerhards) > 8. Re: diskfull / uninterruptible sleep situation (David Lang) > 9. Re: Running as root OK? (David Lang) > 10. Re: Question on DoDie (Rainer Gerhards) > 11. Can't take a log after using log template. (Ouychai Chaita) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 11 Jul 2014 13:07:46 +0200 > From: Marc Fournier <[email protected]> > To: rsyslog <[email protected]> > Subject: [rsyslog] diskfull / uninterruptible sleep situation > Message-ID: <[email protected]> > Content-Type: text/plain; charset=UTF-8 > > Hello, > > I have a cluster of openldap servers behind a load balancer. Openldap > writes its logs to syslog(). Rsyslog grabs them via imuxsock and writes > them to files in /var/log and also ships them to a remote server. > Nothing fancy... > > The problem I have is that from time to time, the load balancer ejects a > node from the cluster for a few seconds, which means openldap is blocked > or is refusing new connections. This happens only when there's a > diskfull on the node's /var/log, which is why I'm asking here. > > As a workaround, I recently changed my config to have 2 separate action > queues, configured to drop logs when the queue is full > ($ActionQueueDiscardSeverity 0 among other settings). > > Now using ps/top, I see the 2 "rs:action X" threads, which are sleeping > most of the time. But what strikes me and worries me is that the > "rs:main Q:Reg" thread is in D (uninterruptible sleep) state most of the > time, waiting on "jbd2_log_wait_commit" (which is related to ext4 if I'm > not mistaken). > > So I'm wondering: > > - why does the main-queue thread do any disk-related activity at all ? > Shouldn't it just pass the logs down to the action-queues, and if any > disk operations have to take place, they would happen in the > action-queue threads ? > > - how can I be sure openldap will not block because rsyslog is having > trouble ? It *seems* ok now with the capped action queues, but this > thread in D state makes me wonder. > > NB: for the sake of understanding, I have disabled disk-assistance on > all the queues at the moment. And iostat indeed shows almost no activity > on the volume holding rsyslog's $WorkDirectory. > > This is running 5.8.10 (version shipped with RHEL6). I know it's old, > and I'm open to upgrade it if needed. > > Thanks ! > > Marc > > > ------------------------------ > > Message: 2 > Date: Fri, 11 Jul 2014 13:14:15 +0200 > From: Rainer Gerhards <[email protected]> > To: rsyslog-users <[email protected]> > Subject: Re: [rsyslog] diskfull / uninterruptible sleep situation > Message-ID: > <cadk+mpbtywjb+yttn4yj8qayo_buj0t12msrukzo8v5lzhx...@mail.gmail.com> > Content-Type: text/plain; charset=UTF-8 > > Pls provide full config. > > Sent from phone, thus brief. > Am 11.07.2014 13:08 schrieb "Marc Fournier" <[email protected]>: > >> Hello, >> >> I have a cluster of openldap servers behind a load balancer. Openldap >> writes its logs to syslog(). Rsyslog grabs them via imuxsock and writes >> them to files in /var/log and also ships them to a remote server. >> Nothing fancy... >> >> The problem I have is that from time to time, the load balancer ejects a >> node from the cluster for a few seconds, which means openldap is blocked >> or is refusing new connections. This happens only when there's a >> diskfull on the node's /var/log, which is why I'm asking here. >> >> As a workaround, I recently changed my config to have 2 separate action >> queues, configured to drop logs when the queue is full >> ($ActionQueueDiscardSeverity 0 among other settings). >> >> Now using ps/top, I see the 2 "rs:action X" threads, which are sleeping >> most of the time. But what strikes me and worries me is that the >> "rs:main Q:Reg" thread is in D (uninterruptible sleep) state most of the >> time, waiting on "jbd2_log_wait_commit" (which is related to ext4 if I'm >> not mistaken). >> >> So I'm wondering: >> >> - why does the main-queue thread do any disk-related activity at all ? >> Shouldn't it just pass the logs down to the action-queues, and if any >> disk operations have to take place, they would happen in the >> action-queue threads ? >> >> - how can I be sure openldap will not block because rsyslog is having >> trouble ? It *seems* ok now with the capped action queues, but this >> thread in D state makes me wonder. >> >> NB: for the sake of understanding, I have disabled disk-assistance on >> all the queues at the moment. And iostat indeed shows almost no activity >> on the volume holding rsyslog's $WorkDirectory. >> >> This is running 5.8.10 (version shipped with RHEL6). I know it's old, >> and I'm open to upgrade it if needed. >> >> Thanks ! >> >> Marc >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> DON'T LIKE THAT. >> > > > ------------------------------ > > Message: 3 > Date: Fri, 11 Jul 2014 15:35:22 +0200 > From: Marc Fournier <[email protected]> > To: rsyslog <[email protected]> > Subject: Re: [rsyslog] diskfull / uninterruptible sleep situation > Message-ID: <[email protected]> > Content-Type: text/plain; charset="utf-8" > > Excerpts from Rainer Gerhards's message of 2014-07-11 13:14:15 +0200: >> Pls provide full config. >> > > Yes, sorry, here they are. Both the initial one which definetely blocks > openldap, and the second one, which I'm not sure about because of the > main Q thread in "uninterruptible sleep". > > Meanwhile, during a diskfull where a node got ejected out of the load > balancer pool, I noticed some openldap threads which were sleeping with > "unix_wait_for_peer" in ps's WCHAN column (something I didn't notice before > sending my previous email). This was on a node which still had the initial > configuration. > > Marc > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: rsyslog.conf-initial-setup > Type: application/octet-stream > Size: 966 bytes > Desc: not available > URL: > <http://lists.adiscon.net/pipermail/rsyslog/attachments/20140711/a05ebf33/attachment-0002.obj> > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: rsyslog.conf-with-action-queues > Type: application/octet-stream > Size: 1347 bytes > Desc: not available > URL: > <http://lists.adiscon.net/pipermail/rsyslog/attachments/20140711/a05ebf33/attachment-0003.obj> > > ------------------------------ > > Message: 4 > Date: Fri, 11 Jul 2014 15:39:48 +0200 > From: Florian Riedl <[email protected]> > To: rsyslog-users <[email protected]> > Subject: [rsyslog] rsyslog 8.3.4 (v8-devel) released > Message-ID: > <CAAq4--QuLD_OowLJTup5eLx0k4fbuk=etiab35dfv5zeh-n...@mail.gmail.com> > Content-Type: text/plain; charset=UTF-8 > > Hi all, > > We have just released 8.3.4 of the v8-devel branch. > > This is a somewhat unexpected new 8.3 devel version: thanks to some > sponsor, we could work on providing better parsers for Cisco IOS devices as > well as some improvements to the general date parser. As we want to > integrate this into 8.4, we have decided to release another 8.3 version. > Please note that 8.4 stable is still immanent. This version also includes a > number of bug fixes. > > ChangeLog: > > http://www.rsyslog.com/changelog-for-8-3-4-v8-devel/ > > Download: > > http://www.rsyslog.com/download-v8-devel/ > > As always, feedback is appreciated. > > Best regards, > Florian Riedl > > > ------------------------------ > > Message: 5 > Date: Fri, 11 Jul 2014 18:23:03 +0300 > From: Eugene Istomin <[email protected]> > To: [email protected] > Subject: Re: [rsyslog] rsyslog 8.3.4 (v8-devel) released > Message-ID: <3538823.sBagBSYLUf@evis> > Content-Type: text/plain; charset="utf-8" > > Hello, > > i have a build error - > [ 166s] rsgtutil.rst rsgtutil.1 > [ 166s] make[2]: rsgtutil.rst: Command not found > > here is build log file: > https://build.opensuse.org/build/home:conecenter:suse_rev4/openSUSE_Tu > mbleweed/x86_64/rsyslog/_log[1] > > > /---/ > */Best regards,/* > /Eugene Istomin/ > > >> Hi all, >> >> We have just released 8.3.4 of the v8-devel branch. >> >> This is a somewhat unexpected new 8.3 devel version: thanks to some >> sponsor, we could work on providing better parsers for Cisco IOS devices > as >> well as some improvements to the general date parser. As we want to >> integrate this into 8.4, we have decided to release another 8.3 version. >> Please note that 8.4 stable is still immanent. This version also includes >> a >> number of bug fixes. >> >> ChangeLog: >> >> http://www.rsyslog.com/changelog-for-8-3-4-v8-devel/ >> >> Download: >> >> http://www.rsyslog.com/download-v8-devel/ >> >> As always, feedback is appreciated. >> >> Best regards, >> Florian Riedl >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of >> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T >> LIKE THAT. > > > -------- > [1] > https://build.opensuse.org/build/home:conecenter:suse_rev4/openSUSE_Tu > mbleweed/x86_64/rsyslog/_log > > > ------------------------------ > > Message: 6 > Date: Fri, 11 Jul 2014 18:25:19 +0300 > From: Eugene Istomin <[email protected]> > To: [email protected] > Subject: Re: [rsyslog] rsyslog 8.3.4 (v8-devel) released > Message-ID: <2367913.SvbBG1Jiq2@evis> > Content-Type: text/plain; charset="utf-8" > > A shorter link: > > http://goo.gl/gTu0QK > > /---/ > */Best regards,/* > /Eugene Istomin/ > > > >> Hello, >> >> i have a build error - >> [ 166s] rsgtutil.rst rsgtutil.1 >> [ 166s] make[2]: rsgtutil.rst: Command not found >> >> here is build log file: >> > https://build.opensuse.org/build/home:conecenter:suse_rev4/openSUSE_Tu >> mbleweed/x86_64/rsyslog/_log[1] >> >> >> /---/ >> */Best regards,/* >> /Eugene Istomin/ >> >> > Hi all, >> > >> > We have just released 8.3.4 of the v8-devel branch. >> > >> > This is a somewhat unexpected new 8.3 devel version: thanks to some >> > sponsor, we could work on providing better parsers for Cisco IOS > devices >> >> as >> >> > well as some improvements to the general date parser. As we want to >> > integrate this into 8.4, we have decided to release another 8.3 > version. >> > Please note that 8.4 stable is still immanent. This version also > includes >> > a >> > number of bug fixes. >> > >> > ChangeLog: >> > >> > http://www.rsyslog.com/changelog-for-8-3-4-v8-devel/ >> > >> > Download: >> > >> > http://www.rsyslog.com/download-v8-devel/ >> > >> > As always, feedback is appreciated. >> > >> > Best regards, >> > Florian Riedl >> > _______________________________________________ >> > rsyslog mailing list >> > http://lists.adiscon.net/mailman/listinfo/rsyslog >> > http://www.rsyslog.com/professional-services/ >> > What's up with rsyslog? Follow https://twitter.com/rgerhards >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > myriad >> >> of >> >> > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > you >> >> DON'T >> >> > LIKE THAT. >> >> -------- >> [1] >> > https://build.opensuse.org/build/home:conecenter:suse_rev4/openSUSE_Tu >> mbleweed/x86_64/rsyslog/_log >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of >> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T >> LIKE THAT. > > > > ------------------------------ > > Message: 7 > Date: Fri, 11 Jul 2014 18:11:11 +0200 > From: Rainer Gerhards <[email protected]> > To: rsyslog-users <[email protected]> > Subject: Re: [rsyslog] rsyslog 8.3.4 (v8-devel) released > Message-ID: > <CADk+mPAd8XQ63AmFrnSJEftrHwN1NNdtAOSWGcD1Jc+=kf+...@mail.gmail.com> > Content-Type: text/plain; charset=UTF-8 > > Thanks, I have updated the tarball. This always happens when the cached man > pages are older than the rst files, and I regularly forget to touch them. I > guess I'll finally add a configure option again to unconditionally rebuild > them ;) > > Thanks, > Rainer > > > On Fri, Jul 11, 2014 at 5:25 PM, Eugene Istomin <[email protected]> wrote: > >> A shorter link: >> >> http://goo.gl/gTu0QK >> >> /---/ >> */Best regards,/* >> /Eugene Istomin/ >> >> >> >> > Hello, >> > >> > i have a build error - >> > [ 166s] rsgtutil.rst rsgtutil.1 >> > [ 166s] make[2]: rsgtutil.rst: Command not found >> > >> > here is build log file: >> > >> https://build.opensuse.org/build/home:conecenter:suse_rev4/openSUSE_Tu >> > mbleweed/x86_64/rsyslog/_log[1] >> > >> > >> > /---/ >> > */Best regards,/* >> > /Eugene Istomin/ >> > >> > > Hi all, >> > > >> > > We have just released 8.3.4 of the v8-devel branch. >> > > >> > > This is a somewhat unexpected new 8.3 devel version: thanks to some >> > > sponsor, we could work on providing better parsers for Cisco IOS >> devices >> > >> > as >> > >> > > well as some improvements to the general date parser. As we want to >> > > integrate this into 8.4, we have decided to release another 8.3 >> version. >> > > Please note that 8.4 stable is still immanent. This version also >> includes >> > > a >> > > number of bug fixes. >> > > >> > > ChangeLog: >> > > >> > > http://www.rsyslog.com/changelog-for-8-3-4-v8-devel/ >> > > >> > > Download: >> > > >> > > http://www.rsyslog.com/download-v8-devel/ >> > > >> > > As always, feedback is appreciated. >> > > >> > > Best regards, >> > > Florian Riedl >> > > _______________________________________________ >> > > rsyslog mailing list >> > > http://lists.adiscon.net/mailman/listinfo/rsyslog >> > > http://www.rsyslog.com/professional-services/ >> > > What's up with rsyslog? Follow https://twitter.com/rgerhards >> > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >> myriad >> > >> > of >> > >> > > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if >> you >> > >> > DON'T >> > >> > > LIKE THAT. >> > >> > -------- >> > [1] >> > >> https://build.opensuse.org/build/home:conecenter:suse_rev4/openSUSE_Tu >> > mbleweed/x86_64/rsyslog/_log >> > _______________________________________________ >> > rsyslog mailing list >> > http://lists.adiscon.net/mailman/listinfo/rsyslog >> > http://www.rsyslog.com/professional-services/ >> > What's up with rsyslog? Follow https://twitter.com/rgerhards >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >> > myriad >> of >> > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> DON'T >> > LIKE THAT. >> >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> DON'T LIKE THAT. >> > > > ------------------------------ > > Message: 8 > Date: Fri, 11 Jul 2014 11:12:02 -0700 (PDT) > From: David Lang <[email protected]> > To: rsyslog-users <[email protected]> > Subject: Re: [rsyslog] diskfull / uninterruptible sleep situation > Message-ID: <[email protected]> > Content-Type: text/plain; charset="us-ascii"; Format="flowed" > > On Fri, 11 Jul 2014, Marc Fournier wrote: > >> Excerpts from Rainer Gerhards's message of 2014-07-11 13:14:15 +0200: >>> Pls provide full config. >>> >> >> Yes, sorry, here they are. Both the initial one which definetely blocks >> openldap, and the second one, which I'm not sure about because of the >> main Q thread in "uninterruptible sleep". >> >> Meanwhile, during a diskfull where a node got ejected out of the load >> balancer pool, I noticed some openldap threads which were sleeping with >> "unix_wait_for_peer" in ps's WCHAN column (something I didn't notice >> before >> sending my previous email). This was on a node which still had the >> initial >> configuration. > > action queues only apply to the next action listed > > so you have an action queue for > > *.* @@logserver:514;RSYSLOG_ForwardFormat > > and > > auth,authpriv.* /var/log/secure > > everything else is handled by the main queue. > > what version of rsyslog are you running? there are significant performance > improvements in recent versions compared to v5 that is stock on many > distros > > Having no actions as part of the main queue is actually a problem, rsyslog > ends > up moving the messages very inefficently (one at a time instead of in > batches) > > David Lang > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: rsyslog.conf-initial-setup > Type: application/octet-stream > Size: 966 bytes > Desc: > URL: > <http://lists.adiscon.net/pipermail/rsyslog/attachments/20140711/da2b3483/attachment-0002.obj> > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: rsyslog.conf-with-action-queues > Type: application/octet-stream > Size: 1347 bytes > Desc: > URL: > <http://lists.adiscon.net/pipermail/rsyslog/attachments/20140711/da2b3483/attachment-0003.obj> > -------------- next part -------------- > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. > > ------------------------------ > > Message: 9 > Date: Fri, 11 Jul 2014 11:17:58 -0700 (PDT) > From: David Lang <[email protected]> > To: rsyslog-users <[email protected]> > Subject: Re: [rsyslog] Running as root OK? > Message-ID: <[email protected]> > Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed > > It very much depends on who you ask. > > Rsyslog supports dropping privileges to run most of the time as a non-root > user, > and some security folks will argue that this is always a very good thing. > > The problem is that doing so adds additional complications (the new user > needs > to have permissions to open files), and frequently this is not handled well > in > practice (the distro default permissions don't allow this). > > Then there is the entire world of enhanced permissions from SELinux and > AppArmor. These can be argued to add more security than running non-root, > but > again, they add another way for things to break > > As a result, a large number of people don't bother and just run it as root > (or > with whatever defaults their distro provides) > > David Lang > > > On Wed, 9 Jul 2014, Otis Gospodnetic wrote: > >> I don't have a specific reason for wondering so I wanted to know what is >> the recommended best practice... >> >> Thanks, >> Otis >> -- >> Performance Monitoring * Log Analytics * Search Analytics >> Solr & Elasticsearch Support * http://sematext.com/ >> >> >> On Tue, Jul 8, 2014 at 7:20 PM, David Lang <[email protected]> wrote: >> >>> Rsyslog usually runs as root >>> >>> some people don't like this, and they fight the issues that you are >>> thinking of. >>> >>> Other than the generic knee-jerk reaction of "nothing should be running >>> as >>> root", why is it that you want to have it run as another user? >>> >>> are you worried about attacks from other local processes writing >>> malformed >>> logs? >>> >>> are you worried about remote logs being delivered? >>> >>> other? >>> >>> David Lang >>> >>> >>> On Tue, 8 Jul 2014, Otis Gospodnetic wrote: >>> >>> Hi, >>>> >>>> Is it advisable to be running rsyslog as root? >>>> >>>> Assuming the answer is negative, then: >>>> >>>> If rsyslog has to be able to read local kernel logs, how can one do >>>> that >>>> without running it as root? >>>> >>>> Thanks, >>>> Otis >>>> -- >>>> Performance Monitoring * Log Management * http://sematext.com/ >>>> _______________________________________________ >>>> rsyslog mailing list >>>> http://lists.adiscon.net/mailman/listinfo/rsyslog >>>> http://www.rsyslog.com/professional-services/ >>>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >>>> myriad >>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >>>> DON'T LIKE THAT. >>>> >>>> _______________________________________________ >>> rsyslog mailing list >>> http://lists.adiscon.net/mailman/listinfo/rsyslog >>> http://www.rsyslog.com/professional-services/ >>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >>> DON'T LIKE THAT. >>> >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> DON'T LIKE THAT. >> > > > ------------------------------ > > Message: 10 > Date: Fri, 11 Jul 2014 20:58:13 +0200 > From: Rainer Gerhards <[email protected]> > To: rsyslog-users <[email protected]> > Subject: Re: [rsyslog] Question on DoDie > Message-ID: > <cadk+mpa8rfpoqyw0dcg9e1jap+yml8wwb0equ3hdyw3tkay...@mail.gmail.com> > Content-Type: text/plain; charset=UTF-8 > > Just in case you have overlooked my message: i am waiting for a debug log. > And... sorry if *I* overlooked a log you sent ;) > > Rainer > > Sent from phone, thus brief. > > > ------------------------------ > > Message: 11 > Date: Sat, 12 Jul 2014 13:51:40 +0700 > From: Ouychai Chaita <[email protected]> > To: rsyslog-users <[email protected]> > Subject: [rsyslog] Can't take a log after using log template. > Message-ID: > <CADJHkrCb_zmx1n0_34-d=mdmezdiigxcjlh8eh8trxmzrt7...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > Dear, Everybody. > Thank you for you helpfull about Rsyslog. I have problems about log > template. Can't sending a log text to file. I'm using ubuntu server 12.04. > I'm config by below and attache configuration files. > > > $template > DailyLogs,"/var/log/iptables/%$YEAR%/%$MONTH%/%$DAY%_%$MONTH%_%$YEAR%_iptables.log" > > $template > SquidTemplate,"%$day%/%timegenerated:1:3:date-rfc3164%/%$year%,%timegenerated:12:23:date-rfc3339%,%HOSTNAME%,%syslogtag%,%msg%\n" > > $template > SquidDailyLogs,"/var/log/squid/%$YEAR%/%$MONTH%/%$DAY%_%$MONTH%_%$YEAR%_squid.log" > > kern.=debug -/var/log/iptables/iptables.log > # kern.=debug -?Dailylog > > kern.*;kern.!=debug -/var/log/kern.log > > # local0.* -/var/log/squid/squid.log > > local0.* -?SquidDailyLogs;SquidTemplate > > > A squid log can sending without log template. I config the iptables log at > "/etc/rsyslog.d/70-iptables.conf". > > > Reguards > Ouychai Chaita > > President of Lanna Opensource Software Club > www.lanna-oss.org > (66) 08-7185-0920 > skype : ouychai_chaita > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: rsyslog.conf > Type: application/octet-stream > Size: 1940 bytes > Desc: not available > URL: > <http://lists.adiscon.net/pipermail/rsyslog/attachments/20140712/6ad8a2d9/attachment.obj> > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: squid.conf > Type: application/octet-stream > Size: 208061 bytes > Desc: not available > URL: > <http://lists.adiscon.net/pipermail/rsyslog/attachments/20140712/6ad8a2d9/attachment-0001.obj> > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: 70-iptables.conf > Type: application/octet-stream > Size: 300 bytes > Desc: not available > URL: > <http://lists.adiscon.net/pipermail/rsyslog/attachments/20140712/6ad8a2d9/attachment-0002.obj> > > ------------------------------ > > _______________________________________________ > rsyslog mailing list > [email protected] > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > End of rsyslog Digest, Vol 89, Issue 3 > ************************************** > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
