Thread (5 messages) 5 messages, 3 authors, 2016-02-24

user rsyslog/syslog

From: Ran Shalit <hidden>
Date: 2016-02-24 12:20:23 

On Wed, Feb 24, 2016 at 10:17 AM,  [off-list ref] wrote:
On Wed, 24 Feb 2016 09:36:54 +0200, Ran Shalit said:
quoted
I am trying to write to rsyslog from application.
With openlog(..., LOG_USER), it works fine and I find the log in
/var/log/user.log (it is defines in /etc/rsyslog.d/50-defaults.conf )
But we need to enable different applications to have each its own log file.
I tried to use LOG_LOCAL0 instead and configured it in
/etc/rsyslog.d/50-defaults.conf the same way as user:

local0.* action
{
  type="omfile"
 FILE="/var/log/local0.log"
 FileOwner="root"
 FileGroup="adm"

}

I then did
1. /etc/init.d/rsyslog stop
2. /etc/init.d/rsyslog start
I see no warnings or errors, and I started the application trying to
write to LOG_LOCAL0, But there is no new file created, no logs.

Is there any idea whatws wrong, or how I can achieve this multi user's logs ?
Not really a kernel issue, is it?  But anyhow....

First thing to do is to make sure your code checks the return code
from openlog().

The next thing to check is that your application is actually trying to
log to LOCAL0.  Using the debugging tool of your choice, ensure that control
flow reaches the syslog() statement. Make sure that it's using LOCAL0.

Define an action for *.* dumping to /var/log/everything.log - does your
message show up in there?

In other words, all the usual userspace debugging.. start at the beginning
and trace through the flow.

And since rsyslog allows regex matching, maybe you should be letting all the
applications continue logging to LOG_USER, and then use filters
of the form 'programname startswith app1', 'programname startswith app2',
and so on to select based on the program name.
Hi Vladis,

Thanks a lot.
I see that openlog has not retuen value, and it seems that only
openlog get the LOG_USER (or LOG_LOCAL0) arguments.
the other functions such as syslog does not use it at all, for example:

openlog("Logs", "", LOG_USER);
syslog(LOG_INFO, "Start logging");
closelog();

Anyway, on debugging I seet that these routines are called, but
nothing gets into the expected localX files. It only works with the
USER file.

Maybe the last suggestion will be the most practical if this issue
can't be resolved, which means that I will use one file for all logs,
in which each line will have its own tag string according to the
application.

Thanks,
Ran
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help