17

Can anyone tell me what I did wrong here?

Here is the ultimate question:

Why when I use the logger command can I not get it to output to a custom log file in /var/log?

In my script:

logger -i -t ANM -p local7.info "This is a local 7 test"

In the rsyslog.conf I appended the following to the end of the file:

local7.* /var/log/anm.log

Also, the script has permission for the /var/log/anm.log file

* UPDATE *

So I forgot to restart the logging services. I have tried rebooting and "service rsyslog restart" Still no change. The test text does not show up in /var/log/anm.log but it does appear in /var/log/syslog

* UPDATE *

What permissions does /var/log/"yourlogfilehere" need? Owner, Group, rwx?

I have tried setting grp and own to root and to the username running the logger command. No change with either.

I have also tried creating log files inside a custom directory in /var/log. ie /var/log/anm/anm.log and setting both types of permissions for the directory.

* UPDATE *

rsyslogd is running

syslog     598  0.0  0.1  31060  1292 ?        Sl   03:02   0:02 rsyslogd -c5

and here is the output from my /etc/rsyslog.conf file

#  /etc/rsyslog.conf    Configuration file for rsyslog.
#
#                       For more information see
#                       /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
#  Default logging rules can be found in /etc/rsyslog.d/50-default.conf


#################
#### MODULES ####
#################

$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
#$ModLoad immark  # provides --MARK-- message capability

# provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

# provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514


###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Filter duplicated messages
$RepeatedMsgReduction on

#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog

#
# Where to place spool files
#
$WorkDirectory /var/spool/rsyslog

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf

local7.*        /var/log/anm.log

I also tried putting it in /etc/rsyslog.d/50-default.conf (I am running Ubuntu 12.04 LTS)

#  Default rules for rsyslog.
#
#                       For more information see rsyslog.conf(5) and /etc/rsyslog.conf

#
# First some standard log files.  Log by facility.
#
auth,authpriv.*                 /var/log/auth.log
*.*;auth,authpriv.none          -/var/log/syslog
#cron.*                         /var/log/cron.log
#daemon.*                       -/var/log/daemon.log
kern.*                          -/var/log/kern.log
#lpr.*                          -/var/log/lpr.log
mail.*                          -/var/log/mail.log
#user.*                         -/var/log/user.log
local7.*                        /var/log/anm.log

* UPDATE *

Well I finally figured it out. I wish someone had answered this for me. Took several days to figure out what was wrong, but I guess there just aren't very many people on superuser.

The issue was with the file permissions of the custom log file as I originally theorized. I thought I had the permissions correct, but it turns out the owner needs to be syslog and the group adm. I determined this by comparing to the user.log file. Once permissions were modified and tested again, all works perfectly! I hope this helps someone else out there quicker than I was able to find answer.

Gryu
  • 250
  • 2
  • 8
Atomiklan
  • 637
  • 3
  • 7
  • 18
  • 1
    I saw an identical post on SF - please don't crosspost. – Journeyman Geek Aug 03 '13 at 03:51
  • Everyone kept telling me to move my post. I guess I should delete the others? – Atomiklan Aug 03 '13 at 03:57
  • 1
    yup. You can also flag your own posts to ask a moderator to move it as well in future – Journeyman Geek Aug 03 '13 at 04:32
  • "Please, need immediate assistance" also isn't a very helpful title for the question. I also personally find your question difficult to read; where's the actual question? The only real question I can see is "what permissions do /var/log/somefile need?" and the answer to that should be "let the syslogd handle it". Besides, that was many updates ago and so presumably no longer relevant. – user Aug 03 '13 at 09:25
  • You can post your solution as an answer so other people facing the same problem can see it. – gronostaj Aug 04 '13 at 12:38

3 Answers3

8

Well I finally figured it out. I wish someone had answered this for me. Took several days to figure out what was wrong, but I guess there just aren't very many people on superuser.

The issue was with the file permissions of the custom log file as I originally theorized. I thought I had the permissions correct, but it turns out the owner needs to be "syslog" and the group "adm". I determined this by comparing to the user.log file. Once permissions were modified and tested again, all works perfectly! I hope this helps someone else out there quicker than I was able to find answer.

Here are the final permissions

-rw-r--r-- 1 syslog adm 0 Aug  3 05:09 anm.log
Atomiklan
  • 637
  • 3
  • 7
  • 18
  • "I thought I had the permissions correct" implies that you created the file yourself. Why did you not simply let the syslog daemon create it? – user Aug 03 '13 at 09:23
  • The question was: Why when I use the logger command can I not get it to output to a custom log file in /var/log? I just tried to let syslog create the file and I doesn't work. Either way is fine though. I don't mind having my install script create the file and set the permissions. – Atomiklan Aug 03 '13 at 15:15
  • 1
    Feels like it when seconds = $$$ – Atomiklan Aug 06 '13 at 23:34
  • Hi @Atomiklan Thanks for your question solves my exactly same issue. However I do wondering why the file auto created by rsyslog is under root/root instead of the correct syslog/adm? Do you have any idea why? – Yudong Li Dec 27 '13 at 03:46
  • thanks man! apparently, your effort has just saved me from 2 days of debugging syslog :) And from the vague comments of @MichaelKjörling and @YudongLi I figured the daemon creates the file on its' own according to the path in the config rule. After `service restart` it knows the rule and on the first appropriate call from `logger` creates the file with correct permissions set. – xealits Nov 21 '15 at 01:53
  • My question is how do you stop sending the logs to syslog? Check /var/log/syslog...since you are already forwarding it to a file it shouldn't appear on syslog. – Khurshid Alam Nov 13 '19 at 09:00
1

@Atomiklan mentioned he had to change the owner/group of his custom file to syslog/adm. I tried that and it worked...

But the comment from @MichaelKjörling seemed right, too: why not just let the syslog daemon create the file?

The key in my case (and I suggest the OP's) is that the syslog user did not have write permission to my custom log's directory. I did a chmod o+w, restarted rsyslog, and my log file happily appeared where it should have... with syslog/adm as the user/group.

Dan H
  • 141
  • 2
1
#$ModLoad imudp
#$UDPServerRun 514

must be:

$ModLoad imudp
$UDPServerRun 514

to run remote-logging!

Worthwelle
  • 4,538
  • 11
  • 21
  • 32
rsyslog
  • 11
  • 1