[CentOS] Rsyslog on C7

Adrian P. van Bloois adrian at pa0rda.nl
Tue May 17 12:57:42 UTC 2016


Hi,
I have problems with rsyslog on C7.
In /etc/rsyslog.d/iptables.conf I have:
# Log all iptables stuff separately
:msg, contains, "iptables: " {
	action(type="omfile" file="/var/log/iptraf/info")
	stop
}


THis works fine.
In /etc/rsyslog.d/mail.conf I have:
# Log all the mail messages in one place.
if      ($syslogfacility-text == 'mail') then {
         action(type="omfile" file="/var/log/mail/info")
         stop
}


This does not work, neither does a line like:
mail.*	/var/log/mail/info

if I put that in /etc/rsyslog.conf.
What am I doing wrong???
Here is my /etc/rsyslog.conf:
# rsyslog configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

# The imjournal module bellow is now used as a message source instead of imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$OmitLocalLogging off
$ModLoad imjournal # provides access to the systemd journal
$ModLoad imklog # reads kernel messages (the same are read from journald)
$ModLoad immark  # provides --MARK-- message capability

# Provides RELP syslog reception
$ModLoad imrelp
$InputRELPServerRun 2514

# provides RELP syslog transmission
$ModLoad omrelp

#### GLOBAL DIRECTIVES ####

# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf

# File to store the position in the journal
$IMJournalStateFile imjournal.state

# Set the default permissions for all log files.
$FileOwner root
$FileGroup root
$FileCreateMode 0644
$DirCreateMode 0755
$Umask 0022

#

#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console
kern.crit :omusrmsg:*

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
kern.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access.
authpriv.* /var/log/auth/info
auth.* /var/log/auth/info

# Log daemon stuff
daemon.* /var/log/daemon/info

# Log cron stuff
cron.* /var/log/cron

# Everybody gets emergency messages
#*.emerg :omusrmsg:*

# Save boot messages also to boot.log
local7.* /var/log/boot.log

-- 
	Adri P. van Bloois
	Antonlaan 104		email:	adrian at pa0rda.nl
	3701 VG Zeist		voice:	+31-(0)-30-6912741
	The Netherlands		fax:	NONE

52 05'15.77"N 5 4'44.56"E
QTH-locater	 JO 22 OC


"Elegance is not a dispensable luxury but a factor that decides between 
 success and failure."
	Edsger W. Dijkstra



More information about the CentOS mailing list