Discussion:
[rsyslog] rsyslogd 8.24.0 and setting file ownership and permissions
sophie.loewenthal--- via rsyslog
2018-11-06 10:01:15 UTC
Permalink
Hi,

I have these global settings and this template:
# misc config
global(
workDirectory="/app/rsyslog" )
$CreateDirs on
$fileOwner root
$fileGroup admin
$dirGroup admin
$FileCreateMode 0640

action(type="omfile" dirCreateMode="0750" fileCreateMode="0640" fileGroup="admin"
File="/soft/rsyslog/messages.all")

But the file and the directory is always created thus. The above settings seem to have no effect

drwxr-xr-x 3 root root 8192 Nov 6 10:52 .
-rw------- 1 root admin 169 Nov 6 10:52 messages.all

The debug gave this:
8250.670445905:main thread : syssock.ratelimit.severity: (unset)
8250.670471472:main thread : cnf:global:cfsysline: $CreateDirs on
8250.670477425:main thread : cnf:global:cfsysline: $fileOwner root
8250.670543724:main thread : uid 0 obtained for user 'root'
8250.670550042:main thread : cnf:global:cfsysline: $fileGroup admin
8250.670612234:main thread : gid 1000 obtained for group 'admin'
8250.670617887:main thread : cnf:global:cfsysline: $dirGroup admin
8250.670645808:main thread : gid 1000 obtained for group 'admin'
8250.670650386:main thread : cnf:global:cfsysline: $FileCreateMode 0640
8250.670886419:main thread : cnf:global:obj: obj: 'global'
8250.670891193:main thread : nvlst 0x5631ac1f5b50:
8250.670894306:main thread : name: 'workDirectory', value '/app/rsyslog'
8250.670898140:main thread : nvlstGetParam: name 'workdirectory', type 14, valnode->bUsed 0
8250.670902327:main thread : glbl param blk after glblProcessCnf:
8250.670904950:main thread : workdirectory: '/app/rsyslog'
8250.670910759:main thread : dropmsgswithmaliciousdnsptrrecords: (unset)


My question :
How can I set this, and why did my settings above not work?
drwxr-x--- 3 root admin 8192 Nov 6 10:52 .
-rw-r----- 1 root admin 169 Nov 6 10:52 messages.all



May thanks, again, for any help.
Sophie

This message and any attachments (the "message") is
intended solely for the intended addressees and is confidential.
If you receive this message in error,or are not the intended recipient(s),
please delete it and any copies from your systems and immediately notify
the sender. Any unauthorized view, use that does not comply with its purpose,
dissemination or disclosure, either whole or partial, is prohibited. Since the internet
cannot guarantee the integrity of this message which may not be reliable, BNP PARIBAS
(and its subsidiaries) shall not be liable for the message if modified, changed or falsified.
Do not print this message unless it is necessary, consider the environment.

----------------------------------------------------------------------------------------------------------------------------------

Ce message et toutes les pieces jointes (ci-apres le "message")
sont etablis a l'intention exclusive de ses destinataires et sont confidentiels.
Si vous recevez ce message par erreur ou s'il ne vous est pas destine,
merci de le detruire ainsi que toute copie de votre systeme et d'en avertir
immediatement l'expediteur. Toute lecture non autorisee, toute utilisation de
ce message qui n'est pas conforme a sa destination, toute diffusion ou toute
publication, totale ou partielle, est interdite. L'Internet ne permettant pas d'assurer
l'integrite de ce message electronique susceptible d'alteration, BNP Paribas
(et ses filiales) decline(nt) toute responsabilite au titre de ce message dans l'hypothese
ou il aurait ete modifie, deforme ou falsifie.
N'imprimez ce message que si necessaire, pensez a l'environnement.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Flo Rance via rsyslog
2018-11-06 10:24:29 UTC
Permalink
Hi,

The doc says "Please note that the actual permission depend on rsyslogd’s
process umask. If in doubt, use “$umask 0000” right at the beginning of the
configuration file to remove any restrictions.".

https://www.rsyslog.com/doc/v8-stable/configuration/modules/omfile.html#id10

Maybe something to check.

Regards,
Flo

On Tue, Nov 6, 2018 at 11:01 AM sophie.loewenthal--- via rsyslog <
Post by sophie.loewenthal--- via rsyslog
Hi,
# misc config
global(
workDirectory="/app/rsyslog" )
$CreateDirs on
$fileOwner root
$fileGroup admin
$dirGroup admin
$FileCreateMode 0640
action(type="omfile" dirCreateMode="0750" fileCreateMode="0640" fileGroup="admin"
File="/soft/rsyslog/messages.all")
But the file and the directory is always created thus. The above settings
seem to have no effect
drwxr-xr-x 3 root root 8192 Nov 6 10:52 .
-rw------- 1 root admin 169 Nov 6 10:52 messages.all
8250.670445905:main thread : syssock.ratelimit.severity: (unset)
8250.670471472:main thread : cnf:global:cfsysline: $CreateDirs on
8250.670477425:main thread : cnf:global:cfsysline: $fileOwner root
8250.670543724:main thread : uid 0 obtained for user 'root'
8250.670550042:main thread : cnf:global:cfsysline: $fileGroup admin
8250.670612234:main thread : gid 1000 obtained for group 'admin'
8250.670617887:main thread : cnf:global:cfsysline: $dirGroup admin
8250.670645808:main thread : gid 1000 obtained for group 'admin'
8250.670650386:main thread : cnf:global:cfsysline: $FileCreateMode 0640
8250.670886419:main thread : cnf:global:obj: obj: 'global'
8250.670894306:main thread : name: 'workDirectory', value '/app/rsyslog'
8250.670898140:main thread : nvlstGetParam: name 'workdirectory', type
14, valnode->bUsed 0
8250.670904950:main thread : workdirectory: '/app/rsyslog'
8250.670910759:main thread : dropmsgswithmaliciousdnsptrrecords: (unset)
How can I set this, and why did my settings above not work?
drwxr-x--- 3 root admin 8192 Nov 6 10:52 .
-rw-r----- 1 root admin 169 Nov 6 10:52 messages.all
May thanks, again, for any help.
Sophie
This message and any attachments (the "message") is
intended solely for the intended addressees and is confidential.
If you receive this message in error,or are not the intended recipient(s),
please delete it and any copies from your systems and immediately notify
the sender. Any unauthorized view, use that does not comply with its purpose,
dissemination or disclosure, either whole or partial, is prohibited. Since the internet
cannot guarantee the integrity of this message which may not be reliable, BNP PARIBAS
(and its subsidiaries) shall not be liable for the message if modified,
changed or falsified.
Do not print this message unless it is necessary, consider the environment.
----------------------------------------------------------------------------------------------------------------------------------
Ce message et toutes les pieces jointes (ci-apres le "message")
sont etablis a l'intention exclusive de ses destinataires et sont confidentiels.
Si vous recevez ce message par erreur ou s'il ne vous est pas destine,
merci de le detruire ainsi que toute copie de votre systeme et d'en avertir
immediatement l'expediteur. Toute lecture non autorisee, toute utilisation de
ce message qui n'est pas conforme a sa destination, toute diffusion ou toute
publication, totale ou partielle, est interdite. L'Internet ne permettant pas d'assurer
l'integrite de ce message electronique susceptible d'alteration, BNP Paribas
(et ses filiales) decline(nt) toute responsabilite au titre de ce message dans l'hypothese
ou il aurait ete modifie, deforme ou falsifie.
N'imprimez ce message que si necessaire, pensez a l'environnement.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
sophie.loewenthal--- via rsyslog
2018-11-06 11:36:20 UTC
Permalink
Thanks Flo. This worked.

From: Flo Rance [mailto:***@gmail.com]
Sent: Tuesday, November 06, 2018 11:24 AM
To: rsyslog-users
Cc: LOEWENTHAL Sophie
Subject: Re: [rsyslog] rsyslogd 8.24.0 and setting file ownership and permissions

Hi,

The doc says "Please note that the actual permission depend on rsyslogd’s process umask. If in doubt, use “$umask 0000” right at the beginning of the configuration file to remove any restrictions.".

https://www.rsyslog.com/doc/v8-stable/configuration/modules/omfile.html#id10

Maybe something to check.

Regards,
Flo

On Tue, Nov 6, 2018 at 11:01 AM sophie.loewenthal--- via rsyslog <***@lists.adiscon.com> wrote:
Hi,

I have these global settings and this template:
# misc config
global(
 workDirectory="/app/rsyslog" )
 $CreateDirs on
 $fileOwner root
 $fileGroup admin
 $dirGroup admin
 $FileCreateMode 0640

action(type="omfile" dirCreateMode="0750" fileCreateMode="0640" fileGroup="admin"
       File="/soft/rsyslog/messages.all")

But the file and the directory is always created thus.  The above settings seem to have no effect

drwxr-xr-x 3 root root 8192 Nov  6 10:52 .
-rw------- 1 root admin 169 Nov  6 10:52 messages.all

The debug gave this:
8250.670445905:main thread    : syssock.ratelimit.severity: (unset)
8250.670471472:main thread    : cnf:global:cfsysline: $CreateDirs on
8250.670477425:main thread    : cnf:global:cfsysline: $fileOwner root
8250.670543724:main thread    : uid 0 obtained for user 'root'
8250.670550042:main thread    : cnf:global:cfsysline: $fileGroup admin
8250.670612234:main thread    : gid 1000 obtained for group 'admin'
8250.670617887:main thread    : cnf:global:cfsysline: $dirGroup admin
8250.670645808:main thread    : gid 1000 obtained for group 'admin'
8250.670650386:main thread    : cnf:global:cfsysline: $FileCreateMode 0640
8250.670886419:main thread    : cnf:global:obj: obj: 'global'
8250.670891193:main thread    : nvlst 0x5631ac1f5b50:
8250.670894306:main thread    :         name: 'workDirectory', value '/app/rsyslog'
8250.670898140:main thread    : nvlstGetParam: name 'workdirectory', type 14, valnode->bUsed 0
8250.670902327:main thread    : glbl param blk after glblProcessCnf:
8250.670904950:main thread    : workdirectory:  '/app/rsyslog'
8250.670910759:main thread    : dropmsgswithmaliciousdnsptrrecords: (unset)


My question :
How can I set this, and why did my settings above not work?
drwxr-x--- 3 root admin 8192 Nov  6 10:52 .
-rw-r----- 1 root admin 169 Nov  6 10:52 messages.all



May thanks, again, for any help.
Sophie

This message and any attachments (the "message") is
intended solely for the intended addressees and is confidential.
If you receive this message in error,or are not the intended recipient(s),
please delete it and any copies from your systems and immediately notify
the sender. Any unauthorized view, use that does not comply with its purpose,
dissemination or disclosure, either whole or partial, is prohibited. Since the internet
cannot guarantee the integrity of this message which may not be reliable, BNP PARIBAS
(and its subsidiaries) shall not be liable for the message if modified, changed or falsified.
Do not print this message unless it is necessary, consider the environment.

----------------------------------------------------------------------------------------------------------------------------------

Ce message et toutes les pieces jointes (ci-apres le "message")
sont etablis a l'intention exclusive de ses destinataires et sont confidentiels.
Si vous recevez ce message par erreur ou s'il ne vous est pas destine,
merci de le detruire ainsi que toute copie de votre systeme et d'en avertir
immediatement l'expediteur. Toute lecture non autorisee, toute utilisation de
ce message qui n'est pas conforme a sa destination, toute diffusion ou toute
publication, totale ou partielle, est interdite. L'Internet ne permettant pas d'assurer
l'integrite de ce message electronique susceptible d'alteration, BNP Paribas
(et ses filiales) decline(nt) toute responsabilite au titre de ce message dans l'hypothese
ou il aurait ete modifie, deforme ou falsifie.
N'imprimez ce message que si necessaire, pensez a l'environnement.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLE
David Lang
2018-11-06 21:04:05 UTC
Permalink
Post by Flo Rance via rsyslog
The doc says "Please note that the actual permission depend on rsyslogd’s
process umask. If in doubt, use “$umask 0000” right at the beginning of the
configuration file to remove any restrictions.".
https://www.rsyslog.com/doc/v8-stable/configuration/modules/omfile.html#id10
that doc is obsolete, $umask (and any other $foo setting) has no effect on
action() settings, everything is self contained in the action() statement

David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and
David Lang
2018-11-06 21:02:37 UTC
Permalink
Post by sophie.loewenthal--- via rsyslog
# misc config
global(
workDirectory="/app/rsyslog" )
$CreateDirs on
$fileOwner root
$fileGroup admin
$dirGroup admin
$FileCreateMode 0640
other than the workdirectory, these settings have no effect on anything define
with an action() statement. they only affect legacy outputs
Post by sophie.loewenthal--- via rsyslog
action(type="omfile" dirCreateMode="0750" fileCreateMode="0640" fileGroup="admin"
File="/soft/rsyslog/messages.all")
But the file and the directory is always created thus. The above settings seem to have no effect
drwxr-xr-x 3 root root 8192 Nov 6 10:52 .
-rw------- 1 root admin 169 Nov 6 10:52 messages.all
did the file already exist? or was it created by rsyslog?

do you have privdrop set in your config? (that can prevent rsyslog from setting
permissions on files)

David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
sophie.loewenthal--- via rsyslog
2018-11-07 09:24:07 UTC
Permalink
Hi David,

I don't have privdrop configured. I'll add this later.
Post by David Lang
did the file already exist? or was it created by rsyslog?
Yes these existed before. This explains why it worked before.

I added this:
*.warning {
action(
type="omfile"
dirCreateMode="0750"
fileCreateMode="0640"
fileGroup="admin"
name="warnActionName"
file="/app/rsyslog/messages.all"
)
}

Next I stopped rsyslog, deleted the files, and started again, but no new file was created.
-----Original Message-----
Sent: Tuesday, November 06, 2018 10:03 PM
To: sophie.loewenthal--- via rsyslog
Cc: LOEWENTHAL Sophie
Subject: Re: [rsyslog] rsyslogd 8.24.0 and setting file ownership and permissions
Post by David Lang
# misc config
global(
workDirectory="/app/rsyslog" )
$CreateDirs on
$fileOwner root
$fileGroup admin
$dirGroup admin
$FileCreateMode 0640
other than the workdirectory, these settings have no effect on anything define
with an action() statement. they only affect legacy outputs
Post by David Lang
action(type="omfile" dirCreateMode="0750" fileCreateMode="0640"
fileGroup="admin"
Post by David Lang
File="/soft/rsyslog/messages.all")
But the file and the directory is always created thus. The above settings seem
to have no effect
Post by David Lang
drwxr-xr-x 3 root root 8192 Nov 6 10:52 .
-rw------- 1 root admin 169 Nov 6 10:52 messages.all
did the file already exist? or was it created by rsyslog?
do you have privdrop set in your config? (that can prevent rsyslog from setting
permissions on files)
David Lang
This message and any attachments (the "message") is
intended solely for the intended addressees and is confidential.
If you receive this message in error,or are not the intended recipient(s),
please delete it and any copies from your systems and immediately notify
the sender. Any unauthorized view, use that does not comply with its purpose,
dissemination or disclosure, either whole or partial, is prohibited. Since the internet
cannot guarantee the integrity of this message which may not be reliable, BNP PARIBAS
(and its subsidiaries) shall not be liable for the message if modified, changed or falsified.
Do not print this message unless it is necessary, consider the environment.

----------------------------------------------------------------------------------------------------------------------------------

Ce message et toutes les pieces jointes (ci-apres le "message")
sont etablis a l'intention exclusive de ses destinataires et sont confidentiels.
Si vous recevez ce message par erreur ou s'il ne vous est pas destine,
merci de le detruire ainsi que toute copie de votre systeme et d'en avertir
immediatement l'expediteur. Toute lecture non autorisee, toute utilisation de
ce message qui n'est pas conforme a sa destination, toute diffusion ou toute
publication, totale ou partielle, est interdite. L'Internet ne permettant pas d'assurer
l'integrite de ce message electronique susceptible d'alteration, BNP Paribas
(et ses filiales) decline(nt) toute responsabilite au titre de ce message dans l'hypothese
ou il aurait ete modifie, deforme ou falsifie.
N'imprimez ce message que si necessaire, pensez a l'environnement.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
David Lang
2018-11-07 17:42:56 UTC
Permalink
Post by sophie.loewenthal--- via rsyslog
Hi David,
I don't have privdrop configured. I'll add this later.
privdrop is more likely to cause problems that solve them
Post by sophie.loewenthal--- via rsyslog
Post by David Lang
did the file already exist? or was it created by rsyslog?
Yes these existed before. This explains why it worked before.
*.warning {
action(
type="omfile"
dirCreateMode="0750"
fileCreateMode="0640"
fileGroup="admin"
name="warnActionName"
file="/app/rsyslog/messages.all"
)
}
Next I stopped rsyslog, deleted the files, and started again, but no new file was created.
rsyslog doesn't create files until there is a log that needs to go to them.

rsyslog doesn't change permissions of files that already exist, it only sets the
permissions of files that it is creating.

David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
sophie.loewenthal--- via rsyslog
2018-11-08 08:34:08 UTC
Permalink
-----Original Message-----
Sent: Wednesday, November 07, 2018 6:43 PM
To: LOEWENTHAL Sophie
Cc: sophie.loewenthal--- via rsyslog
Subject: RE: [rsyslog] rsyslogd 8.24.0 and setting file ownership and permissions
Post by sophie.loewenthal--- via rsyslog
Hi David,
I don't have privdrop configured. I'll add this later.
privdrop is more likely to cause problems that solve them
Post by sophie.loewenthal--- via rsyslog
Post by David Lang
did the file already exist? or was it created by rsyslog?
Yes these existed before. This explains why it worked before.
*.warning {
action(
type="omfile"
dirCreateMode="0750"
fileCreateMode="0640"
fileGroup="admin"
name="warnActionName"
file="/app/rsyslog/messages.all"
)
}
Next I stopped rsyslog, deleted the files, and started again, but no new file was
created.
rsyslog doesn't create files until there is a log that needs to go to them.
rsyslog doesn't change permissions of files that already exist, it only sets the
permissions of files that it is creating.
David Lang
Hi David,
rsyslog doesn't change permissions of files that already exist,
I deleted all log files and the *.info works with the correct file permissions. Thank-you for all your & everybody else's help so far.

Question 1 : The remote servers look like they log into the *.warn file file="/app/rsyslog/messages.all" except the actual syslog server, which does not: # logger -t user.kern TEST logs into the *.info file but not the *.warn /messages.all.

Question 2: Is it worth adding disk based queues for the locally logged files below? e.g

template(name="dynaName" type="string" string="/app/rsyslog/%hostname%.log")
*.info {
action(
type="omfile"
name="infoActionName"
dynafile="dynaName"
queue.spoolDirectory="/app/rsyslog/queues"
queue.size="1024000"
queue.filename="hostname-info.queue"
queue.maxdiskspace="64m"
queue.type="FixedArray"
queue.maxfilesize="10m"
queue.saveonshutdown="on"
queue.discardseverity="7"
Action.ResumeInterval="1"
Action.ResumeRetryCount="-1"
)
}
*.warn {
action(
type="omfile"
name="warnActionName"
file="/app/rsyslog/messages.warn.all"
)
}
This message and any attachments (the "message") is
intended solely for the intended addressees and is confidential.
If you receive this message in error,or are not the intended recipient(s),
please delete it and any copies from your systems and immediately notify
the sender. Any unauthorized view, use that does not comply with its purpose,
dissemination or disclosure, either whole or partial, is prohibited. Since the internet
cannot guarantee the integrity of this message which may not be reliable, BNP PARIBAS
(and its subsidiaries) shall not be liable for the message if modified, changed or falsified.
Do not print this message unless it is necessary, consider the environment.

----------------------------------------------------------------------------------------------------------------------------------

Ce message et toutes les pieces jointes (ci-apres le "message")
sont etablis a l'intention exclusive de ses destinataires et sont confidentiels.
Si vous recevez ce message par erreur ou s'il ne vous est pas destine,
merci de le detruire ainsi que toute copie de votre systeme et d'en avertir
immediatement l'expediteur. Toute lecture non autorisee, toute utilisation de
ce message qui n'est pas conforme a sa destination, toute diffusion ou toute
publication, totale ou partielle, est interdite. L'Internet ne permettant pas d'assurer
l'integrite de ce message electronique susceptible d'alteration, BNP Paribas
(et ses filiales) decline(nt) toute responsabilite au titre de ce message dans l'hypothese
ou il aurait ete modifie, deforme ou falsifie.
N'imprimez ce message que si necessaire, pensez a l'environnement.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
David Lang
2018-11-08 21:26:41 UTC
Permalink
Post by sophie.loewenthal--- via rsyslog
Hi David,
Post by David Lang
rsyslog doesn't change permissions of files that already exist,
I deleted all log files and the *.info works with the correct file permissions. Thank-you for all your & everybody else's help so far.
Question 1 : The remote servers look like they log into the *.warn file file="/app/rsyslog/messages.all" except the actual syslog server, which does not: # logger -t user.kern TEST logs into the *.info file but not the *.warn /messages.all.
user.kern doesn't mean anything, user and kern are both facilities and it's
supposed to be facility.severity

see https://en.wikipedia.org/wiki/Syslog
Post by sophie.loewenthal--- via rsyslog
Question 2: Is it worth adding disk based queues for the locally logged files below? e.g
it's almost never worth adding a queue for a local file, let alone a disk based
queue. The process to delivery the log locally is so fast that you probably slow
things down by adding a queue to it.
Post by sophie.loewenthal--- via rsyslog
template(name="dynaName" type="string" string="/app/rsyslog/%hostname%.log")
*.info {
action(
type="omfile"
name="infoActionName"
dynafile="dynaName"
queue.spoolDirectory="/app/rsyslog/queues"
queue.size="1024000"
queue.filename="hostname-info.queue"
queue.maxdiskspace="64m"
queue.type="FixedArray"
queue.maxfilesize="10m"
queue.saveonshutdown="on"
queue.discardseverity="7"
Action.ResumeInterval="1"
Action.ResumeRetryCount="-1"
)
}
*.warn {
action(
type="omfile"
name="warnActionName"
file="/app/rsyslog/messages.warn.all"
)
}
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
sophie.loewenthal--- via rsyslog
2018-11-09 08:24:16 UTC
Permalink
-----Original Message-----
Sent: Thursday, November 08, 2018 10:27 PM
To: LOEWENTHAL Sophie
Cc: sophie.loewenthal--- via rsyslog
Subject: RE: [rsyslog] rsyslogd 8.24.0 and setting file ownership and permissions
Post by sophie.loewenthal--- via rsyslog
Hi David,
Post by David Lang
rsyslog doesn't change permissions of files that already exist,
I deleted all log files and the *.info works with the correct file permissions.
Thank-you for all your & everybody else's help so far.
Post by sophie.loewenthal--- via rsyslog
Question 1 : The remote servers look like they log into the *.warn file
# logger -t user.kern TEST logs into the *.info file but not the *.warn
/messages.all.
user.kern doesn't mean anything, user and kern are both facilities and it's
supposed to be facility.severity
see https://en.wikipedia.org/wiki/Syslog
Post by sophie.loewenthal--- via rsyslog
Question 2: Is it worth adding disk based queues for the locally logged files
below? e.g
it's almost never worth adding a queue for a local file, let alone a disk based
queue. The process to delivery the log locally is so fast that you probably slow
things down by adding a queue to it.
Post by sophie.loewenthal--- via rsyslog
template(name="dynaName" type="string"
string="/app/rsyslog/%hostname%.log")
Post by sophie.loewenthal--- via rsyslog
*.info {
action(
type="omfile"
name="infoActionName"
dynafile="dynaName"
queue.spoolDirectory="/app/rsyslog/queues"
queue.size="1024000"
queue.filename="hostname-info.queue"
queue.maxdiskspace="64m"
queue.type="FixedArray"
queue.maxfilesize="10m"
queue.saveonshutdown="on"
queue.discardseverity="7"
Action.ResumeInterval="1"
Action.ResumeRetryCount="-1"
)
}
*.warn {
action(
type="omfile"
name="warnActionName"
file="/app/rsyslog/messages.warn.all"
)
}
Hi David,
user.kern doesn't mean anything,
I shall blame this on yesterday's lack of coffee, and I'll drop any local queues.

Many thanks for your advice.
Sophie
This message and any attachments (the "message") is
intended solely for the intended addressees and is confidential.
If you receive this message in error,or are not the intended recipient(s),
please delete it and any copies from your systems and immediately notify
the sender. Any unauthorized view, use that does not comply with its purpose,
dissemination or disclosure, either whole or partial, is prohibited. Since the internet
cannot guarantee the integrity of this message which may not be reliable, BNP PARIBAS
(and its subsidiaries) shall not be liable for the message if modified, changed or falsified.
Do not print this message unless it is necessary, consider the environment.

----------------------------------------------------------------------------------------------------------------------------------

Ce message et toutes les pieces jointes (ci-apres le "message")
sont etablis a l'intention exclusive de ses destinataires et sont confidentiels.
Si vous recevez ce message par erreur ou s'il ne vous est pas destine,
merci de le detruire ainsi que toute copie de votre systeme et d'en avertir
immediatement l'expediteur. Toute lecture non autorisee, toute utilisation de
ce message qui n'est pas conforme a sa destination, toute diffusion ou toute
publication, totale ou partielle, est interdite. L'Internet ne permettant pas d'assurer
l'integrite de ce message electronique susceptible d'alteration, BNP Paribas
(et ses filiales) decline(nt) toute responsabilite au titre de ce message dans l'hypothese
ou il aurait ete modifie, deforme ou falsifie.
N'imprimez ce message que si necessaire, pensez a l'environnement.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Loading...