Rsyslog Problems

Home » CentOS » Rsyslog Problems
CentOS 1 Comment

Hi, My rsyslog is not working as expected. I have some thing in rsyslog.d that do well, like this:
# Log all iptables stuff separately
:msg, contains, “iptables: ” {
action(type=”omfile” file=”/var/log/iptraf/info”)
}

No problems with that. Bu what’s in /etc/rsyslog.conf like:
mail.* /var/log/mail/info

don’t do anything at all. Rsyslogd -N1 is OK, rsyslogd -D -N1 looks good too as does rsyslogd -d -N1. Here is my rsyslog.conf. What am I doing wrong?
# rsyslog configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$OmitLocalLogging off
$ModLoad imjournal # provides access to the systemd journal
$ModLoad imklog # reads kernel messages (the same are read from journald)

# Provides RELP syslog reception
$ModLoad imrelp
$InputRELPServerRun 2514

#### GLOBAL DIRECTIVES ####

# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog

# Use default timestamp format
#$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf

# File to store the position in the journal
$IMJournalStateFile imjournal.state

# Set the default permissions for all log files.
$FileOwner root
$FileGroup root
$FileCreateMode 0644
$DirCreateMode 0755
$Umask 0022

#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console kern.crit :omusrmsg:*

# Everybody gets emergency messages
*.emerg :omusrmsg:*

# Log anything (except mail) of level info or higher.
# Don’t log private authentication messages!
kern.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access. authpriv.* /var/log/auth/info auth.* /var/log/auth/info

# Log all the mail messages in one place. mail.* /var/log/mail/info

# Log daemon stuff daemon.* /var/log/daemon/info

# Log cron stuff cron.* /var/log/cron

# Save virus scan messages local0.* /var/log/local0/info

# Save boot messages also to boot.log local7.* /var/log/boot.log

One thought on - Rsyslog Problems

  • Nothing I can see as “wrong”. In full “Rainerscript”
    the mail part would be written as (copy from my config, please adapt the file=”” part as you like):
    [code]
    if ($syslogfacility-text == ‘mail’) then {
    action(type=”omfile” file=”/var/log/mail/all”)
    stop
    }
    [/code]

    Try and check, if this works, well OK, if not, ask again.

    Ah, and please check if there is a SELinux problem with the logfile, it could be a permission problem.

    – Yamaban