Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to change Destination via Syslog Configuration #172

Open
linus-komnick opened this issue Feb 10, 2022 · 1 comment
Open

Unable to change Destination via Syslog Configuration #172

linus-komnick opened this issue Feb 10, 2022 · 1 comment

Comments

@linus-komnick
Copy link

I'm trying to write all logs of my broker.js node application to /var/log/broker.log. In my syslog config file (/etc/rsyslog.conf), I do as stated in the documentation:

source tcp_s {
  tcp(ip(127.0.0.1) port(514) max-connections(256));
};
destination broker {
  file("/var/log/broker.log");
};
log { source(tcp_s); destination(broker); };

However, when I restart syslog I get the following error:

Feb 10 19:50:27 v2202012135155134936 systemd[1]: Starting System Logging Service...
Feb 10 19:50:27 v2202012135155134936 rsyslogd[4756]: action 'source' treated as ':omusrmsg:source' - please use ':omusrmsg:source' syntax instead
Feb 10 19:50:27 v2202012135155134936 rsyslogd[4756]: error during parsing file /etc/rsyslog.conf, on or before line 73: warnings occured in file 
Feb 10 19:50:27 v2202012135155134936 systemd[1]: Started System Logging Service.
Feb 10 19:50:27 v2202012135155134936 rsyslogd[4756]: action 'tcp_s' treated as ':omusrmsg:tcp_s' - please use ':omusrmsg:tcp_s' syntax instead, '
Feb 10 19:50:27 v2202012135155134936 rsyslogd[4756]: error during parsing file /etc/rsyslog.conf, on or before line 73: warnings occured in file 
Feb 10 19:50:27 v2202012135155134936 rsyslogd[4756]: error during parsing file /etc/rsyslog.conf, on or before line 73: syntax error on token '{'
Feb 10 19:50:27 v2202012135155134936 rsyslogd[4756]: could not interpret master config file '/etc/rsyslog.conf'. [v8.1901.0 try https://www.rsysl
Feb 10 19:50:27 v2202012135155134936 rsyslogd[4756]: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd.  [v8.1901.
Feb 10 19:50:27 v2202012135155134936 rsyslogd[4756]:  [origin software="rsyslogd" swVersion="8.1901.0" x-pid="4756" x-info="https://www.rsyslog.c

It looks like something is wrong with the syntax, but I don't know where I can find the correct syntax. Does anybody know how to fix this? Thx in advance!
@linus-komnick
Copy link
Author

linus-komnick commented Feb 10, 2022
edited
Loading

I'd still be interested in the correct syntax! Though for now, I ended up using the following in /etc/rsyslog.conf:

local0.*                        -/var/log/broker.log

And since I'm using docker, I had to make sure to add the following to the run command:

--log-opt syslog-facility=local0

Or alternatively update /etc/docker/daemon.json with the desired facility:

{
  "log-driver": "syslog",
  "log-opts": {
    "syslog-address": "tcp://127.0.0.1:514",
    "syslog-facility": "local0"
  }
}

This will require you to restart docker:

systemctl restart docker

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@linus-komnick