Mailing List Archive

Non-root rsyslog errors going to system messages
Background:

We are running rsyslog v8 as a non-root user.

As a non-root user, they are running:
/xxxxxx/rsyslogd -f /xxxxx/config/rsyslog.conf -i
/xxxxxxx/rsyslogd.pid

Issue:

When the non-root user starts, stops, or has a bad configuration,
these messages are being sent to the root owned rsyslog file of
/var/log/messages.

Question:

Is there an option, directive, module that could be included in
the non-root user configuration to specify a different log file where
these messages could be sent?

Thanks in advance


**

This email and any attachments may contain information that is confidential and/or privileged for the sole use of the intended recipient. Any use, review, disclosure, copying, distribution or reliance by others, and any forwarding of this email or its contents, without the express permission of the sender is strictly prohibited by law. If you are not the intended recipient, please contact the sender immediately, delete the e-mail and destroy all copies.
**
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Non-root rsyslog errors going to system messages [ In reply to ]
Have the non root user instance intercept its own messages by trapping syslog.*

# Messages from rsyslog itself
syslog.* {
call write_to_my_logfile
call send_to_siem
}

Regards,



> On Apr 27, 2021, at 14:07, William H. ten Bensel via rsyslog <rsyslog@lists.adiscon.com> wrote:
>
> Background:
>
> We are running rsyslog v8 as a non-root user.
>
> As a non-root user, they are running:
> /xxxxxx/rsyslogd -f /xxxxx/config/rsyslog.conf -i
> /xxxxxxx/rsyslogd.pid
>
> Issue:
>
> When the non-root user starts, stops, or has a bad configuration,
> these messages are being sent to the root owned rsyslog file of
> /var/log/messages.
>
> Question:
>
> Is there an option, directive, module that could be included in
> the non-root user configuration to specify a different log file where
> these messages could be sent?
>
> Thanks in advance
>
>
> **
>
> This email and any attachments may contain information that is confidential and/or privileged for the sole use of the intended recipient. Any use, review, disclosure, copying, distribution or reliance by others, and any forwarding of this email or its contents, without the express permission of the sender is strictly prohibited by law. If you are not the intended recipient, please contact the sender immediately, delete the e-mail and destroy all copies.
> **
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.