Geek Answers Handbook

How to configure rsyslog for use with the SysLogHandler logging class?

To write the "myapp" log messages to /var/log/local5.log , I use SysLogHandler .

Problem

"myapp" works well, there is no error, but nothing is logged, /var/log/local5.log remains empty.

registration configuration

Relevant parts of the logging configuration file:

 handlers: mainHandler: class: logging.handlers.SysLogHandler level: INFO formatter: defaultFormatter address: '/dev/log' facility: 'local5' loggers: __main__: level: INFO handlers: [mainHandler]

registration test

This is how I try to write a log in the main script of the myapp file:

 with open('myconfig.yml') as f: logging.config.dictConfig(yaml.load(f)) log = logging.getLogger(__name__) log.info("Starting")

I added a few sys.stderr.write() to /usr/lib/python3.4/logging/handlers.py to find out what happens and I get:

 $ myapp [SysLogHandler._connect_unixsocket()] Sucessfully connected to socket: /dev/log [SysLogHandler.emit()] called [SysLogHandler.emit()] msg=b'<174>2016/04/23 07:17:00.453 myapp: main: Starting\x00' [SysLogHandler.emit()] msg sent to unix socket (no OSError)

Rsyslog configuration

  • /etc/rsyslog.conf (relevant sections: TCP and UDP syslog receptions disabled):

     $ModLoad imuxsock # provides support for local system logging $ModLoad imklog # provides kernel logging support [...] $IncludeConfig /etc/rsyslog.d/*.conf

  • /etc/rsyslog.d/40-local.conf :

     local5.* /var/log/local5.log

Rsyslog test

According to the output of lsof , it looks like rsyslogd listening on /dev/log (or am I wrong?):

 # lsof | grep "/dev/log" lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs Output information may be incomplete. rsyslogd 28044 syslog 0u unix 0xffff8800b4b9b100 0t0 3088160 /dev/log in:imuxso 28044 28045 syslog 0u unix 0xffff8800b4b9b100 0t0 3088160 /dev/log in:imklog 28044 28046 syslog 0u unix 0xffff8800b4b9b100 0t0 3088160 /dev/log rs:main 28044 28047 syslog 0u unix 0xffff8800b4b9b100 0t0 3088160 /dev/log

I do not put all the output of rsyslogd -N1 as it is a bit long, but mentioning the "local" lines:

 # rsyslogd -N1 | grep local rsyslogd: version 7.4.4, config validation run (level 1), master config /etc/rsyslog.conf 3119.943361369:7f39080fc780: cnf:global:cfsysline: $ModLoad imuxsock # provides support for local system logging 3119.944034769:7f39080fc780: rsyslog/glbl: using '127.0.0.1' as localhost IP 3119.946084095:7f39080fc780: requested to include config file '/etc/rsyslog.d/40-local.conf' 3119.946135638:7f39080fc780: config parser: pushed file /etc/rsyslog.d/40-local.conf on top of stack 3119.946432390:7f39080fc780: config parser: resume parsing of file /etc/rsyslog.d/40-local.conf at line 1 3119.946678298:7f39080fc780: config parser: reached end of file /etc/rsyslog.d/40-local.conf 3119.946697644:7f39080fc780: Decoding traditional PRI filter 'local5.*' 3119.946723904:7f39080fc780: symbolic name: local5 ==> 168 3119.949560475:7f39080fc780: PRIFILT 'local5.*' 3119.949675782:7f39080fc780: ACTION 0x224cda0 [builtin:omfile:/var/log/local5.log] 3119.953397587:7f39080fc780: PRIFILT 'local5.*' 3119.953806713:7f39080fc780: ACTION 0x224cda0 [builtin:omfile:/var/log/local5.log] rsyslogd: End of config validation run. Bye.

I do not understand what is missing. The rsyslog documentation corresponding to the version used (7.4.4) seems outdated and I cannot find it in it. Not sure where to find how to fix my problem.

edits:

  • It is not possible to define a "personal" facility, such as "myapp" (even if it is defined in rsyslog.conf , so I changed it to use "local5").
+1
source share
1 answer

Cause of the problem

It finally turned out that I had previously created /var/log/local5.log with an inappropriate owner and group ( root:root ). They were inappropriate because /etc/rsyslog.conf indicates explicitly to the owner and group should be syslog:syslog :

 # # Set the default permissions for all log files. # $FileOwner syslog $FileGroup adm $FileCreateMode 0640 $DirCreateMode 0755 $Umask 0022 $PrivDropToUser syslog $PrivDropToGroup syslog

Unfortunately, other rsyslog log rsyslog should take care (e.g. auth.log ) were also root:root , so as you can see from ls -lah , mine were no different from others ... (which is also empty, I wonder why such a non-functional configuration set by default).

Unfortunately, rsyslog does not record any errors (or at least I did not find where).

Additional information that may be useful to complete rsyslog configuration

As a side note, rsyslog expects a special format for the messages it receives, and if not, it adds some default data (timestamp node name). You can modify them. Anyway, from my python script, I decided to send the message only to the log and let rsyslog format the output. So finally, the relevant parts of my logging configuration file are:

 formatters: rsyslogdFormatter: format: '%(filename)s: %(funcName)s: %(message)s' handlers: mainHandler: class: logging.handlers.SysLogHandler level: INFO formatter: rsyslogdFormatter address: '/dev/log' facility: 'local5' loggers: __main__: level: INFO handlers: [mainHandler]

And I added a custom template to /etc/rsyslog.conf :

 $template MyappTpl,"%$now% %timegenerated:12:23:date-rfc3339% %syslogtag%%msg%\n"

and accordingly modified by /etc/rsyslog.d/40-local.conf :

 local5.* /var/log/local5.log;MyappTpl

I also want to mention that the documentation provided by the corresponding package ( rsyslog-doc for ubuntu) corresponds to the installed version, of course, and contains tips that I did not find in the online documentation.

+2
source

More articles:


All Articles