if logs are not going where you expect, log them using the template
RSYSLOG_DebugFormat and take a look at that. it shows you many of the properties
that are extracted from the log and the raw log as it arrives on your machine.
If it still doesn't make sense as to why the logs are going where they are, post
a sample log (the rawmsg field is probably enough and we cn help explain it.
David Lang
On Sun, 24 May 2020, dgermanrsysl--- via rsyslog wrote:
Date: Sun, 24 May 2020 09:02:32 -0400
From: dgermanrsysl--- via rsyslog <[email protected]>
To: [email protected]
Cc: [email protected]
Subject: [rsyslog] host abuses priority and uses priority as facility
I have issues with a group of hosts, specifically apple mac os as they
generate messages like:
smacpro 192.168.1.1 user.err syncdefaultsd[2730]: objc[2730]: Class
SYDClient is implemented in both ... . One of the two will be used.
Which one is undefined.
smacpro 192.168.1.1 alert.warning softwareupdated[698]:
BackgroundActivity: Starting background download now.
smacpro 192.168.1.1 alert.err softwareupdated[328]: Product
finished: 001-05919
smacpro 192.168.1.1 user.warning com.apple.xpc.launchd[1]
(com.apple.CoreLocationAgent[642]): Endpoint has been activated
through legacy launch(3) APIs. Please switch to XPC or
bootstrap_check_in(): com.apple.CoreLocation.agent
smacpro 192.168.1.1 user.err Unknown[542]:
smacpro 192.168.1.1 daemon.err logkextloadsd[26707]:
These messages should really be debug.
Notice also incorrect facilities alert.err and alert.warning!
My config file includes
*.emerg /var/log/00_emerg.log
local5.info { /var/log/local5.info stop }
*.alert /var/log/01_alert.log
*.crit /var/log/02_crit.log
*.err /var/log/03_err.log
*.warn /var/log/04_warn.log
Running on PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"
rsyslogd 8.1901.0 (aka 2019.01) compiled with:
PLATFORM: arm-unknown-linux-gnueabihf
PLATFORM (lsb_release -d):
FEATURE_REGEXP: Yes
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
memory allocator: system default
Runtime Instrumentation (slow code): No
uuid support: Yes
systemd support: Yes
Number of Bits in RainerScript integers: 64
Thanks for your help.
Any comments/suggestions welcome.
Sincerely,
Dennis German
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
