Re: [rsyslog] Non-root rsyslog errors going to system messages

Tue, 27 Apr 2021 12:28:46 -0700 

Have the non root user instance intercept its own messages by trapping syslog.*

# Messages from rsyslog itself
syslog.* {
  call write_to_my_logfile
  call send_to_siem
}

Regards,



> On Apr 27, 2021, at 14:07, William H. ten Bensel via rsyslog 
> <[email protected]> wrote:
> 
> Background:
> 
>        We are running rsyslog v8 as a non-root user.
> 
>        As a non-root user, they are running:
>                /xxxxxx/rsyslogd -f /xxxxx/config/rsyslog.conf -i 
> /xxxxxxx/rsyslogd.pid
> 
> Issue: 
> 
>        When the non-root user starts, stops, or has a bad configuration, 
> these messages are being sent to the root owned rsyslog file of 
> /var/log/messages.
> 
> Question:
> 
>        Is there an option, directive, module that could be included in 
> the non-root user configuration to specify a different log file where 
> these messages could be sent?
> 
> Thanks in advance
> 
> 
> **
> 
> This email and any attachments may contain information that is confidential 
> and/or privileged for the sole use of the intended recipient.  Any use, 
> review, disclosure, copying, distribution or reliance by others, and any 
> forwarding of this email or its contents, without the express permission of 
> the sender is strictly prohibited by law.  If you are not the intended 
> recipient, please contact the sender immediately, delete the e-mail and 
> destroy all copies.
> **
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
> LIKE THAT.

_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Reply via email to