[SOLVED] Rsyslog and logger test

scryptkiddy · 05-17-2016, 03:45 AM

I'm trying to set up an rsyslog rule so that it logs all auth privilege messages with priority of alert and higher, but its not logging anything. Here is what I changed in /etc/rsyslog.conf:

Code:

...
#commented this out
#authpriv.*     /var/log/secure

#added this
authpriv.alert  /var/log/my_alert_auth.log
...

I then restarted rsyslog

Code:

# systemctl restart rsyslog

I then tested an alert priority log entry with logger:

Code:

# logger -p alert "This is an alert message"

# cat /var/log/my_alert_auth.log 
#

Sure, the test message is set to priority alert, but how do I know its also an authpriv type of message?
I'm a little confused on why logger doesn't have a facility and a priority option. Maybe that's the issue?

SK

TenTenths · 05-17-2016, 05:25 AM

From:

Code:

man logger

-p pri
Enter the message with the specified priority. The priority may be specified numerically or as a "facility.level" pair. For example, "-p local3.info" logs the message(s) as informational level in the local3 facility. The default is "user.notice."

So use this to send to the facility you're testing:

Code:

logger -p authpriv.alert "Your Text Here"

scryptkiddy · 05-18-2016, 03:44 AM

You ever have those embarrassing moments where its just funny to imagine how you could have missed something that obvious and clearly written out in the man page which you swore you read a hundred times... lol

Thanks TenTenths for being gentle, lol.

SK

TenTenths · 05-18-2016, 03:57 AM

Quote:

Originally Posted by scryptkiddy

You ever have those embarrassing moments where its just funny to imagine how you could have missed something that obvious and clearly written out in the man page which you swore you read a hundred times... lol

Happens to me on a daily basis!

Habitual · 05-18-2016, 05:53 AM

Quote:

Originally Posted by TenTenths

Happens to me on a daily basis!

What ^ said.