On Thu, July 23, 2015 13:19, m.roth@5-cent.us wrote:
Physically dragging the thread back on topic...
I really am going crazy, trying to deal with the hourly logs from the loghost. We've got 170+ servers and workstations... but a *very* large percentage of what's showing up is from his bloody new fedora 22, with its idiot systemd logging of *ever* selinux message to /var/log/messages.
I tried creating a rule, /etc/rsyslog.d/audit.conf, that reads:
if $msg contains "audit" and $msg,contains,'res=success' then -
but that seemed to send *everything* to /dev/null. That was my best guess, based on googling (yahooing?) and man pages. Can anyone tell me what's wrong with that syntax?
mark
And Lennart blames Linus[1] for why he gets hate mail.
We are giving RHEL-7 a pass on this iteration. We have installed it on a couple of test hosts and are not favourably impressed with much of the user interface. At least not from the sys-admin side of things. This is not to imply that there is nothing good in 7. There are at lot of improvements that we certainly value. But it is too early in systemd development for us to waste time debugging somebody else's pipe-dream on our dime.
We will see what 8 offers and decide then whether to move to something else.
[1]. https://plus.google.com/app/basic/stream/z13rdjryqyn1xlt3522sxpugoz3gujbhh04
If selinux is causing you a headache, then disable it.
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of James B. Byrne Sent: Friday, July 24, 2015 8:16 AM To: CentOS mailing list Subject: Re: [CentOS] rsyslog.conf
On Thu, July 23, 2015 13:19, m.roth@5-cent.us wrote:
Physically dragging the thread back on topic...
I really am going crazy, trying to deal with the hourly logs from the loghost. We've got 170+ servers and workstations... but a *very* large percentage of what's showing up is from his bloody new fedora 22, with its idiot systemd logging of *ever* selinux message to /var/log/messages.
I tried creating a rule, /etc/rsyslog.d/audit.conf, that reads:
if $msg contains "audit" and $msg,contains,'res=success' then -
but that seemed to send *everything* to /dev/null. That was my best guess, based on googling (yahooing?) and man pages. Can anyone tell me what's wrong with that syntax?
mark
And Lennart blames Linus[1] for why he gets hate mail.
We are giving RHEL-7 a pass on this iteration. We have installed it on a couple of test hosts and are not favourably impressed with much of the user interface. At least not from the sys-admin side of things. This is not to imply that there is nothing good in 7. There are at lot of improvements that we certainly value. But it is too early in systemd development for us to waste time debugging somebody else's pipe-dream on our dime.
We will see what 8 offers and decide then whether to move to something else.
[1]. https://plus.google.com/app/basic/stream/z13rdjryqyn1xlt3522sxpugoz3gujbhh04
On Fri, July 24, 2015 8:16 am, James B. Byrne wrote:
On Thu, July 23, 2015 13:19, m.roth@5-cent.us wrote:
Physically dragging the thread back on topic...
I really am going crazy, trying to deal with the hourly logs from the loghost. We've got 170+ servers and workstations... but a *very* large percentage of what's showing up is from his bloody new fedora 22, with its idiot systemd logging of *ever* selinux message to /var/log/messages.
I tried creating a rule, /etc/rsyslog.d/audit.conf, that reads:
if $msg contains "audit" and $msg,contains,'res=success' then -
but that seemed to send *everything* to /dev/null. That was my best guess, based on googling (yahooing?) and man pages. Can anyone tell me what's wrong with that syntax?
markAnd Lennart blames Linus[1] for why he gets hate mail.
Indeed. And thanks to Linus we have Linux kernel. And thanks to Lennart we have config files polluted with XML tags.
We are giving RHEL-7 a pass on this iteration.
Good for you. I started installing CentOS 7 on all new workstations (but we do pass on Linux on all new servers in favor of FreeBSD - number crunchers and maybe workstations have to be Linux though...)
Valeri
We have installed it on a couple of test hosts and are not favourably impressed with much of the user interface. At least not from the sys-admin side of things. This is not to imply that there is nothing good in 7. There are at lot of improvements that we certainly value. But it is too early in systemd development for us to waste time debugging somebody else's pipe-dream on our dime.
We will see what 8 offers and decide then whether to move to something else.
[1]. https://plus.google.com/app/basic/stream/z13rdjryqyn1xlt3522sxpugoz3gujbhh04
-- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
On Fri, Jul 24, 2015 at 09:36:17AM -0500, Valeri Galtsev wrote:
Indeed. And thanks to Linus we have Linux kernel. And thanks to Lennart we have config files polluted with XML tags.
There's no XML in the systemd configuration language. You might be thinking of launchd.
On Fri, Jul 24, 2015 at 09:16:26AM -0400, James B. Byrne wrote:
We are giving RHEL-7 a pass on this iteration.
For what it's worth, the problem described at the beginning of this thread doesn't happen in RHEL7. Yet. Supposedly systemd is being rebased in 7.2 so we'll see.
This is why Fedora exists, to work out all these kinds of problems before it hits an enterprise OS.
Jonathan Billings wrote:
On Fri, Jul 24, 2015 at 09:16:26AM -0400, James B. Byrne wrote:
We are giving RHEL-7 a pass on this iteration.
For what it's worth, the problem described at the beginning of this thread doesn't happen in RHEL7. Yet. Supposedly systemd is being rebased in 7.2 so we'll see.
This is why Fedora exists, to work out all these kinds of problems before it hits an enterprise OS.
Ok, this is frustrating. May I take it, then, that no one has written the conditional filters described in the rsyslog manual?
I've tried several variations, such as if $msg contains 'audit' and $msg contains 'res=success' then - which resulted in *all* messages going to /dev/null, even though everything I find in googling (or I should say what little I find in googling) suggests that should work.
mark
On Jul 24, 2015, at 2:30 PM, m.roth@5-cent.us wrote:
Ok, this is frustrating. May I take it, then, that no one has written the conditional filters described in the rsyslog manual?
We’ve had this in our RHEL6 and now our RHEL7 rsyslog.conf:
# Ignore OpenAFS errors :msg, contains, "byte-range lock/unlock ignored" ~ :msg, contains, "byte-range locks only enforced for processes on this machine" ~
I’m seeing warnings in the logs that this is an old syntax on RHEL7, but it still works.
-- Jonathan Billings billings@negate.org
-
James B. Byrne -
Jonathan Billings -
m.roth@5-cent.us -
Robert Wolfe -
Valeri Galtsev