Re: rsyslog adding old entries again
Hi Tomás,
Thanks for your reply! More details, ok :-)
The relevant rsyslog configuration belongs to packetfence.org, and is:
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
# Disable rate-limiting of syslog
$SystemLogRateLimitInterval 0
$SystemLogRateLimitBurst 0
# Disable rate-limiting of journal messages
$imjournalRatelimitInterval 0
$imjournalRatelimitBurst 0
# Disable escaping of control characters (like the ones used by Data::Dumper)
$EscapeControlCharactersOnReceive off
# define the user and group of the file created
$FileGroup pf
# Allow the pf group to read log files
$umask 0027
# fingerbank.log
if $syslogtag contains "fingerbank" then {
-/usr/local/pf/logs/fingerbank.log
stop
}
# httpd.aaa.error
if $programname contains "httpd_aaa_err" then {
-/usr/local/pf/logs/httpd.aaa.error
stop
}
# pfdhcp.log
if $programname == "pfdhcp" then {
-/usr/local/pf/logs/pfdhcp.log
stop
}
(followed by many more similar lines)
And what I do:
- service rsyslog stop
- rm -f /usr/local/pf/logs/*
- ls /usr/local/pf/logs/ to confirm that it *is* empty
- service rsyslog start
and then all logfiles have reappeared (are regenerated?) in
/usr/local/pf/conf with timestamp NOW, filled with entries dating back
to dec 6.
This is debian 9.11. Any other info that is required.?
Thanks!
MJ
Reply to: