Well, you can filter on syslogtag 'kernel:'
http://www.rsyslog.com/doc/v8-stable/configuration/filters.html
http://www.rsyslog.com/doc/property_replacer.html
On Tue, 4 Nov 2014, Zak Estrada wrote:
Got it, so does this mean that even though it's coming from "syslogtag
'kernel:', programname: 'kernel', APP-NAME: 'kernel'" I need to construct
my rule to catch user.notice? How can I go about making an rsyslog message
that would get these messages into the logs without grabbing other stuff
(I'm guessing things other than kernel debug messages would come along with
that user.notice priority).
Thanks!
--Zak
On Mon, Nov 3, 2014 at 11:41 PM, David Lang <[email protected]> wrote:
Pri 1,5 is user.notice, not kern.debug
the debug log will show you what happens in detail as you are processing
the log, including each test that is performed.
David Lang
On Mon, 3 Nov 2014, Zak Estrada wrote:
Thanks for the reply! I did that and I do see my "hello world" message:
---
Debug line with all properties:
FROMHOST: 'HOSTNAME', fromhost-ip: '127.0.0.1', HOSTNAME: 'HOSTNAME',
PRI: 1
5,
syslogtag 'kernel:', programname: 'kernel', APP-NAME: 'kernel', PROCID:
'-', MSGID: '-',
TIMESTAMP: 'Nov 3 18:11:09', STRUCTURED-DATA: '-',
msg: 'Hello world!'
escaped msg: 'Hello world!'
inputname: imjournal rawmsg: 'Hello world!'
---
So now we've definitely confirmed that rsyslog is getting the message. Is
there a way to demonstrate that it's trying to write to /var/log/kern.log
as I've configured it (or that the message is going someplace else)?
Thanks again,
Zak
On Mon, Nov 3, 2014 at 4:14 PM, David Lang <[email protected]> wrote:
If you log with the format RSYSLOG_DebugFormat you will be able to see
what the log shows up as
add the line:
/var/log/testing;RSYSLOG_DebugFormat
to your config file and see what shows up there as you load your module.
David Lang
On Mon, 3 Nov 2014, Zak Estrada wrote:
Hi all,
I'm using CENTOS7 and I've been trying to get my KERN_DEBUG messages
into
a
log file (/var/log/kern.log), so I've added a file to rsyslog.d that
just
has this one line in it:
---
kern.=debug /var/log/kern.log
---
After restarting rsyslog and loading a "hello world" type module, I
still
don't get anything in that file (or /var/log/messages, since it only
seems
to show KERN_INFO, etc...). I've even tried creating the file manually,
ensuring permissions and SELinux contexts matched other stuff in
/var/log.
I then decided to run rsyslog with debug mode (plain old "rsyslogd -dn")
to
see if rsyslog was getting tickled when I loaded my module. Sure enough,
it
was. However, I cannot understand the debug output.
The output is included in this pastebin:
http://pastebin.com/wFdt7xYr
Can anyone help me interpret the debugging output or what I'm doing
wrong?
Thanks!
--Zak
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
