Re: question on spamd logging
Hi.
On Sat, Aug 25, 2018 at 01:49:53PM -0400, Gene Heskett wrote:
> > > Aug 25 12:11:35 coyote spamd[4707]: prefork: child states: II
> > >
> > > Several hundred a day...
> >
> > Try this:
> >
> > cat > /etc/rsyslog.d/spamd.conf << EOF
> >
> > :syslogtag, startswith, "spamd" /var/log/spamd.log
> > :syslogtag, startswith, "spamd" stop
> >
> > EOF
> >
> > service rsyslogd restart
> >
> no permission
I assumed that I could skip obligatory 'please assume root privileges
before making systemwide changes'. Apparently I was wrong, but …
> so I cd to e/rs.d sudo -i and made this file
> :syslogtag, startswith, "spamd" /var/log/spamd.log
> :syslogtag, startswith, "spamd" stop
… since things worked out themselves, we now have this:
> And had to do the restart as root, which logged this:
> Aug 25 13:34:45 coyote rsyslogd: [origin software="rsyslogd"
> swVersion="7.6.3" x-pid="3079" x-info="http://www.rsyslog.com"] exiting
> on signal 15.
> Aug 25 13:34:45 coyote rsyslogd: [origin software="rsyslogd"
> swVersion="7.6.3" x-pid="23099" x-info="http://www.rsyslog.com"] start
These two are you usual rsyslogd restart. Nothing to see here.
> Aug 25 13:34:45 coyote rsyslogd-3000: unknown priority name ""
>
> No clue what that error might be, you?
But this one is sure cryptic. Even if one takes [1] into the account.
It's been awhile since I've tinkered with wheezy's rsyslogd, try
replacing "stop" with "~". I.e. replace:
:syslogtag, startswith, "spamd" stop
with:
:syslogtag, startswith, "spamd" ~
> Thanks Reco.
You're welcome.
> > Consider adding logrotate configuration file for the new
> > /var/log/spamd.log.
> >
> > And, before you ask, documentation for rsyslogd lives in "rsyslog-doc"
> > package.
>
> Synaptic says its installed, but its not on /usr/share?
It should be /usr/share/doc/rsyslogd-doc.
I made a habit doing 'dpkg -L …' on newly installed packages.
> Ahh, found it but no mention of that exact syntax of :syslogtag
To put it simply, it's that thing that follows hostname in your typical
syslog entry. Usually comes in format "process_name[process_pid]".
In this case it's "spamd[4707]".
[1] https://www.rsyslog.com/?s=error+3000
Reco
Reply to: