Re: question on spamd logging

To: debian-user@lists.debian.org
Subject: Re: question on spamd logging
From: Reco <recoverym4n@gmail.com>
Date: Sat, 25 Aug 2018 21:15:38 +0300
Message-id: <[🔎] 20180825181538.go3ydycktrl6vek7@p5k.home>
In-reply-to: <[🔎] 201808251349.53790.gheskett@shentel.net>
References: <[🔎] 201808251127.32103.gheskett@shentel.net> <[🔎] 201808251216.49765.gheskett@shentel.net> <[🔎] 20180825170829.mpusnobazlulhgab@p5k.home> <[🔎] 201808251349.53790.gheskett@shentel.net>

	Hi.

On Sat, Aug 25, 2018 at 01:49:53PM -0400, Gene Heskett wrote:
> > > Aug 25 12:11:35 coyote spamd[4707]: prefork: child states: II
> > >
> > > Several hundred a day...
> >
> > Try this:
> >
> > cat > /etc/rsyslog.d/spamd.conf << EOF
> >
> > :syslogtag, startswith, "spamd" /var/log/spamd.log
> > :syslogtag, startswith, "spamd" stop
> >
> > EOF
> >
> > service rsyslogd restart
> >
> no permission

I assumed that I could skip obligatory 'please assume root privileges
before making systemwide changes'. Apparently I was wrong, but …

> so I cd to e/rs.d sudo -i and made this file
> :syslogtag, startswith, "spamd" /var/log/spamd.log
> :syslogtag, startswith, "spamd" stop

… since things worked out themselves, we now have this:

> And had to do the restart as root, which logged this:
> Aug 25 13:34:45 coyote rsyslogd: [origin software="rsyslogd" 
> swVersion="7.6.3" x-pid="3079" x-info="http://www.rsyslog.com";] exiting 
> on signal 15.
> Aug 25 13:34:45 coyote rsyslogd: [origin software="rsyslogd" 
> swVersion="7.6.3" x-pid="23099" x-info="http://www.rsyslog.com";] start

These two are you usual rsyslogd restart. Nothing to see here.

> Aug 25 13:34:45 coyote rsyslogd-3000: unknown priority name ""
> 
> No clue what that error might be, you?

But this one is sure cryptic. Even if one takes [1] into the account.
It's been awhile since I've tinkered with wheezy's rsyslogd, try
replacing "stop" with "~". I.e. replace:

:syslogtag, startswith, "spamd" stop

with:

:syslogtag, startswith, "spamd" ~

> Thanks Reco.

You're welcome.

> > Consider adding logrotate configuration file for the new
> > /var/log/spamd.log.
> >
> > And, before you ask, documentation for rsyslogd lives in "rsyslog-doc"
> > package.
> 
> Synaptic says its installed, but its not on /usr/share?

It should be /usr/share/doc/rsyslogd-doc.
I made a habit doing 'dpkg -L …' on newly installed packages.

> Ahh, found it but no mention of that exact syntax of :syslogtag

To put it simply, it's that thing that follows hostname in your typical
syslog entry. Usually comes in format "process_name[process_pid]".
In this case it's "spamd[4707]".

[1] https://www.rsyslog.com/?s=error+3000

Reco

Reply to:

Follow-Ups:
- Re: question on spamd logging
  - From: Gene Heskett <gheskett@shentel.net>

References:
- question on spamd logging
  - From: Gene Heskett <gheskett@shentel.net>
- Re: question on spamd logging
  - From: Gene Heskett <gheskett@shentel.net>
- Re: question on spamd logging
  - From: Reco <recoverym4n@gmail.com>
- Re: question on spamd logging
  - From: Gene Heskett <gheskett@shentel.net>

Prev by Date: Re: question on spamd logging
Next by Date: Re: mailing list vs "the futur"
Previous by thread: Re: question on spamd logging
Next by thread: Re: question on spamd logging
Index(es):
- Date
- Thread