[rsyslog-notify] Forum Thread: Re: Rsyslog not redirecting matched msg to file - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Tue Feb 17 02:37:44 CET 2015
User: Michiel
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25260#p25260
Message:
----------
[quote="dlang":u26brcds]When filtering fails, there are two possible
answers
1. permission problems make it so you can't write the output
2. your filter rules don't actually match the log message that you get
[/quote:u26brcds]
Apparently these [i:u26brcds]aren't[/i:u26brcds] the only two possible
answers because there is another one:
3. Permission problems make it so that you can't read the kernel ring
buffer from /proc/ksmg.
Editing /etc/rsyslog.conf, this line must be uncommented:
[code:u26brcds]
$ModLoad imklog # provides kernel logging support
[/code:u26brcds]
And these two must be commented (or at least one of them, so as to provide
read access to the kernel ring buffer)
[code:u26brcds]
#$PrivDropToUser syslog
#$PrivDropToGroup syslog
[/code:u26brcds]
Restart, and everything works. Thanks again for taking the time and effort
to reply. IRC was unhelpful, got snarky replies, stackexchange and
serverfault had posts with the similar questions but no replies or
unhelpful replies, so I was afraid I was running out of options.
More information about the rsyslog-notify
mailing list