Got it, so does this mean that even though it's coming from "syslogtag 'kernel:', programname: 'kernel', APP-NAME: 'kernel'" I need to construct my rule to catch user.notice? How can I go about making an rsyslog message that would get these messages into the logs without grabbing other stuff (I'm guessing things other than kernel debug messages would come along with that user.notice priority).
Thanks! --Zak On Mon, Nov 3, 2014 at 11:41 PM, David Lang <[email protected]> wrote: > Pri 1,5 is user.notice, not kern.debug > > the debug log will show you what happens in detail as you are processing > the log, including each test that is performed. > > > David Lang > > On Mon, 3 Nov 2014, Zak Estrada wrote: > > Thanks for the reply! I did that and I do see my "hello world" message: >> --- >> Debug line with all properties: >> FROMHOST: 'HOSTNAME', fromhost-ip: '127.0.0.1', HOSTNAME: 'HOSTNAME', >> PRI: 1 >> 5, >> syslogtag 'kernel:', programname: 'kernel', APP-NAME: 'kernel', PROCID: >> '-', MSGID: '-', >> TIMESTAMP: 'Nov 3 18:11:09', STRUCTURED-DATA: '-', >> msg: 'Hello world!' >> escaped msg: 'Hello world!' >> inputname: imjournal rawmsg: 'Hello world!' >> --- >> >> So now we've definitely confirmed that rsyslog is getting the message. Is >> there a way to demonstrate that it's trying to write to /var/log/kern.log >> as I've configured it (or that the message is going someplace else)? >> >> Thanks again, >> Zak >> >> On Mon, Nov 3, 2014 at 4:14 PM, David Lang <[email protected]> wrote: >> >> If you log with the format RSYSLOG_DebugFormat you will be able to see >>> what the log shows up as >>> >>> add the line: >>> /var/log/testing;RSYSLOG_DebugFormat >>> to your config file and see what shows up there as you load your module. >>> >>> David Lang >>> >>> >>> On Mon, 3 Nov 2014, Zak Estrada wrote: >>> >>> Hi all, >>> >>>> >>>> I'm using CENTOS7 and I've been trying to get my KERN_DEBUG messages >>>> into >>>> a >>>> log file (/var/log/kern.log), so I've added a file to rsyslog.d that >>>> just >>>> has this one line in it: >>>> --- >>>> kern.=debug /var/log/kern.log >>>> --- >>>> >>>> After restarting rsyslog and loading a "hello world" type module, I >>>> still >>>> don't get anything in that file (or /var/log/messages, since it only >>>> seems >>>> to show KERN_INFO, etc...). I've even tried creating the file manually, >>>> ensuring permissions and SELinux contexts matched other stuff in >>>> /var/log. >>>> >>>> I then decided to run rsyslog with debug mode (plain old "rsyslogd -dn") >>>> to >>>> see if rsyslog was getting tickled when I loaded my module. Sure enough, >>>> it >>>> was. However, I cannot understand the debug output. >>>> >>>> The output is included in this pastebin: >>>> http://pastebin.com/wFdt7xYr >>>> >>>> Can anyone help me interpret the debugging output or what I'm doing >>>> wrong? >>>> >>>> Thanks! >>>> --Zak >>>> _______________________________________________ >>>> rsyslog mailing list >>>> http://lists.adiscon.net/mailman/listinfo/rsyslog >>>> http://www.rsyslog.com/professional-services/ >>>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >>>> DON'T LIKE THAT. >>>> >>>> _______________________________________________ >>>> >>> rsyslog mailing list >>> http://lists.adiscon.net/mailman/listinfo/rsyslog >>> http://www.rsyslog.com/professional-services/ >>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >>> DON'T LIKE THAT. >>> >>> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> DON'T LIKE THAT. >> >> _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
