Rsyslog outputting to custom log file
Solution 1
Well I finally figured it out. I wish someone had answered this for me. Took several days to figure out what was wrong, but I guess there just aren't very many people on superuser.
The issue was with the file permissions of the custom log file as I originally theorized. I thought I had the permissions correct, but it turns out the owner needs to be "syslog" and the group "adm". I determined this by comparing to the user.log file. Once permissions were modified and tested again, all works perfectly! I hope this helps someone else out there quicker than I was able to find answer.
Here are the final permissions
-rw-r--r-- 1 syslog adm 0 Aug 3 05:09 anm.log
Solution 2
@Atomiklan mentioned he had to change the owner/group of his custom file to syslog/adm. I tried that and it worked...
But the comment from @MichaelKjörling seemed right, too: why not just let the syslog daemon create the file?
The key in my case (and I suggest the OP's) is that the syslog user did not have write permission to my custom log's directory. I did a chmod o+w
, restarted rsyslog, and my log file happily appeared where it should have... with syslog/adm as the user/group.
Solution 3
#$ModLoad imudp
#$UDPServerRun 514
must be:
$ModLoad imudp
$UDPServerRun 514
to run remote-logging!
Related videos on Youtube
Atomiklan
Updated on September 18, 2022Comments
-
Atomiklan over 1 year
Can anyone tell me what I did wrong here?
Here is the ultimate question:
Why when I use the logger command can I not get it to output to a custom log file in
/var/log
?In my script:
logger -i -t ANM -p local7.info "This is a local 7 test"
In the
rsyslog.conf
I appended the following to the end of the file:local7.* /var/log/anm.log
Also, the script has permission for the
/var/log/anm.log
file* UPDATE *
So I forgot to restart the logging services. I have tried rebooting and "
service rsyslog restart
" Still no change. The test text does not show up in/var/log/anm.log
but it does appear in/var/log/syslog
* UPDATE *
What permissions does
/var/log/"yourlogfilehere"
need?Owner
,Group
,rwx
?I have tried setting grp and own to root and to the username running the logger command. No change with either.
I have also tried creating log files inside a custom directory in
/var/log
. ie/var/log/anm/anm.log
and setting both types of permissions for the directory.* UPDATE *
rsyslogd is running
syslog 598 0.0 0.1 31060 1292 ? Sl 03:02 0:02 rsyslogd -c5
and here is the output from my
/etc/rsyslog.conf
file# /etc/rsyslog.conf Configuration file for rsyslog. # # For more information see # /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html # # Default logging rules can be found in /etc/rsyslog.d/50-default.conf ################# #### MODULES #### ################# $ModLoad imuxsock # provides support for local system logging $ModLoad imklog # provides kernel logging support (previously done by rklogd) #$ModLoad immark # provides --MARK-- message capability # provides UDP syslog reception #$ModLoad imudp #$UDPServerRun 514 # provides TCP syslog reception #$ModLoad imtcp #$InputTCPServerRun 514 ########################### #### GLOBAL DIRECTIVES #### ########################### # # Use traditional timestamp format. # To enable high precision timestamps, comment out the following line. # $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # Filter duplicated messages $RepeatedMsgReduction on # # Set the default permissions for all log files. # $FileOwner syslog $FileGroup adm $FileCreateMode 0640 $DirCreateMode 0755 $Umask 0022 $PrivDropToUser syslog $PrivDropToGroup syslog # # Where to place spool files # $WorkDirectory /var/spool/rsyslog # # Include all config files in /etc/rsyslog.d/ # $IncludeConfig /etc/rsyslog.d/*.conf local7.* /var/log/anm.log
I also tried putting it in
/etc/rsyslog.d/50-default.conf
(I am running Ubuntu 12.04 LTS)# Default rules for rsyslog. # # For more information see rsyslog.conf(5) and /etc/rsyslog.conf # # First some standard log files. Log by facility. # auth,authpriv.* /var/log/auth.log *.*;auth,authpriv.none -/var/log/syslog #cron.* /var/log/cron.log #daemon.* -/var/log/daemon.log kern.* -/var/log/kern.log #lpr.* -/var/log/lpr.log mail.* -/var/log/mail.log #user.* -/var/log/user.log local7.* /var/log/anm.log
* UPDATE *
Well I finally figured it out. I wish someone had answered this for me. Took several days to figure out what was wrong, but I guess there just aren't very many people on superuser.
The issue was with the file permissions of the custom log file as I originally theorized. I thought I had the permissions correct, but it turns out the owner needs to be
syslog
and the groupadm
. I determined this by comparing to theuser.log
file. Once permissions were modified and tested again, all works perfectly! I hope this helps someone else out there quicker than I was able to find answer.-
Thalys almost 11 yearsI saw an identical post on SF - please don't crosspost.
-
Atomiklan almost 11 yearsEveryone kept telling me to move my post. I guess I should delete the others?
-
Thalys almost 11 yearsyup. You can also flag your own posts to ask a moderator to move it as well in future
-
user almost 11 years"Please, need immediate assistance" also isn't a very helpful title for the question. I also personally find your question difficult to read; where's the actual question? The only real question I can see is "what permissions do /var/log/somefile need?" and the answer to that should be "let the syslogd handle it". Besides, that was many updates ago and so presumably no longer relevant.
-
gronostaj almost 11 yearsYou can post your solution as an answer so other people facing the same problem can see it.
-
-
user almost 11 years"I thought I had the permissions correct" implies that you created the file yourself. Why did you not simply let the syslog daemon create it?
-
Atomiklan almost 11 yearsThe question was: Why when I use the logger command can I not get it to output to a custom log file in /var/log? I just tried to let syslog create the file and I doesn't work. Either way is fine though. I don't mind having my install script create the file and set the permissions.
-
Atomiklan almost 11 yearsFeels like it when seconds = $$$
-
Yudong Li over 10 yearsHi @Atomiklan Thanks for your question solves my exactly same issue. However I do wondering why the file auto created by rsyslog is under root/root instead of the correct syslog/adm? Do you have any idea why?
-
xealits over 8 yearsthanks man! apparently, your effort has just saved me from 2 days of debugging syslog :) And from the vague comments of @MichaelKjörling and @YudongLi I figured the daemon creates the file on its' own according to the path in the config rule. After
service restart
it knows the rule and on the first appropriate call fromlogger
creates the file with correct permissions set. -
Khurshid Alam over 4 yearsMy question is how do you stop sending the logs to syslog? Check /var/log/syslog...since you are already forwarding it to a file it shouldn't appear on syslog.