Redirecting output from syslog to own log
Solution 1
@w0rldart in your question you write
but rsyslog won't redirect the
in another post you write
ubuntu server its sysklogd
what is true then?
for rsyslogd is goes like this
/etc/rsyslog.d/log-all.conf:
:programname, isequal, "ispconfig" /var/log/ispconfig.log
# optionally you can clear this from the original to avoid the line being logged twice
:programname, isequal, "ispconfig" ~
restart rsyslogd
/etc/init.d/rsyslog restart
Solution 2
Couldn't get @toh's answer to work on Ubuntu 13 - turns out the file has to be called something like 25-ispconfig.conf. It processed log-all.conf, or at least showed errors when I deliberately wrote rubbish in it. It started logging to the new file, but it wouldn't stop logging to syslog as well.
Had to do this in 25-dnsmasq.conf:
:programname, contains, "dnsmasq" /var/log/dnsmasq.log
& ~
Couldn't make a comment without having 50 rep, so I'm posting an answer.
Just got to work out how to rotate the files now so I don't get huge monster log files growing in my /var/log
Related videos on Youtube
w0rldart
Updated on September 18, 2022Comments
-
w0rldart over 1 year
I'm following this tutorial: Using Fail2ban To Block Wrong ISPConfig Logins, but rsyslog won't redirect the output from a file to another:
/etc/rsyslog.d/12-ispconfig.conf:
if $programname == 'ispconfig' then /var/log/ispconfig.log #the file exists
Despite this line, I keep getting the output to
syslog
:ispconfig[1117]: Login failed for user asdasd on IP XX.XX.XXX.XX
-rw-r--r-- 1 syslog adm 0 Sep 12 16:13 ispconfig.log
Any ideas how to fix this?
-
Ansgar Wiechers over 11 yearsThis may be stupid questions, but do you have
$IncludeConfig /etc/rsyslog.d/*.conf
in/etc/rsyslog.conf
, and did you restart rsyslog after creating/etc/rsyslog.d/12-ispconfig.conf
? -
w0rldart over 11 years@AnsgarWiechers I didn't had the
$IncludeCo....
so I added it at the end of the config file andinvoke-rc.d sysklogd restart
but still no effect -
Ansgar Wiechers over 11 yearsJust to be sure, try
/etc/init.d/sysklogd stop && /etc/init.d/sysklogd start
instead. Check/var/log/syslog
for errors or warnings uponsyslogd
startup. -
w0rldart over 11 yearsOn my ubuntu server its
sysklogd
, and I get no error upon any restart
-
-
Jeff Learman almost 4 yearsThe files in /etc/rsyslog.d get executed in collating order, so you need a prefix to get it to execute before other files that may need the log set first, and after files that may set logging differently for a broader class.