Re: user rsyslog/syslog

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 24 Feb 2016 09:36:54 +0200, Ran Shalit said:

> I am trying to write to rsyslog from application.
> With openlog(..., LOG_USER), it works fine and I find the log in
> /var/log/user.log (it is defines in /etc/rsyslog.d/50-defaults.conf )
> But we need to enable different applications to have each its own log file.
> I tried to use LOG_LOCAL0 instead and configured it in
> /etc/rsyslog.d/50-defaults.conf the same way as user:
>
> local0.* action
> {
>   type="omfile"
>  FILE="/var/log/local0.log"
>  FileOwner="root"
>  FileGroup="adm"
>
> }
>
> I then did
> 1. /etc/init.d/rsyslog stop
> 2. /etc/init.d/rsyslog start
> I see no warnings or errors, and I started the application trying to
> write to LOG_LOCAL0, But there is no new file created, no logs.
>
> Is there any idea whatws wrong, or how I can achieve this multi user's logs ?

Not really a kernel issue, is it?  But anyhow....

First thing to do is to make sure your code checks the return code
from openlog().

The next thing to check is that your application is actually trying to
log to LOCAL0.  Using the debugging tool of your choice, ensure that control
flow reaches the syslog() statement. Make sure that it's using LOCAL0.

Define an action for *.* dumping to /var/log/everything.log - does your
message show up in there?

In other words, all the usual userspace debugging.. start at the beginning
and trace through the flow.

And since rsyslog allows regex matching, maybe you should be letting all the
applications continue logging to LOG_USER, and then use filters
of the form 'programname startswith app1', 'programname startswith app2',
and so on to select based on the program name.

Attachment: pgpsZ4PYU9xdI.pgp
Description: PGP signature

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@xxxxxxxxxxxxxxxxx
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux