Web lists-archives.com

Re: question on spamd logging




On Saturday 25 August 2018 14:15:38 Reco wrote:

> 	Hi.
>
> On Sat, Aug 25, 2018 at 01:49:53PM -0400, Gene Heskett wrote:
> > > > Aug 25 12:11:35 coyote spamd[4707]: prefork: child states: II
> > > >
> > > > Several hundred a day...
> > >
> > > Try this:
> > >
> > > cat > /etc/rsyslog.d/spamd.conf << EOF
> > >
> > > :syslogtag, startswith, "spamd" /var/log/spamd.log
> > > :syslogtag, startswith, "spamd" stop
> > >
> > > EOF
> > >
> > > service rsyslogd restart
> >
> > no permission
>
> I assumed that I could skip obligatory 'please assume root privileges
> before making systemwide changes'. Apparently I was wrong, but …
>
> > so I cd to e/rs.d sudo -i and made this file
> >
> > :syslogtag, startswith, "spamd" /var/log/spamd.log
> > :syslogtag, startswith, "spamd" stop
>
> … since things worked out themselves, we now have this:
> > And had to do the restart as root, which logged this:
> > Aug 25 13:34:45 coyote rsyslogd: [origin software="rsyslogd"
> > swVersion="7.6.3" x-pid="3079" x-info="http://www.rsyslog.com";]
> > exiting on signal 15.
> > Aug 25 13:34:45 coyote rsyslogd: [origin software="rsyslogd"
> > swVersion="7.6.3" x-pid="23099" x-info="http://www.rsyslog.com";]
> > start
>
> These two are you usual rsyslogd restart. Nothing to see here.
>
> > Aug 25 13:34:45 coyote rsyslogd-3000: unknown priority name ""
> >
> > No clue what that error might be, you?
>
> But this one is sure cryptic. Even if one takes [1] into the account.
> It's been awhile since I've tinkered with wheezy's rsyslogd, try
>
> replacing "stop" with "~". I.e. replace:
> :syslogtag, startswith, "spamd" stop
>
> with:
> :syslogtag, startswith, "spamd" ~
> :
> > Thanks Reco.
>
> You're welcome.
>
> > > Consider adding logrotate configuration file for the new
> > > /var/log/spamd.log.
> > >
> > > And, before you ask, documentation for rsyslogd lives in
> > > "rsyslog-doc" package.
> >
> > Synaptic says its installed, but its not on /usr/share?
>
> It should be /usr/share/doc/rsyslogd-doc.
> I made a habit doing 'dpkg -L …' on newly installed packages.
>
> > Ahh, found it but no mention of that exact syntax of :syslogtag
>
> To put it simply, it's that thing that follows hostname in your
> typical syslog entry. Usually comes in format
> "process_name[process_pid]". In this case it's "spamd[4707]".
>
Ahh, so. Thanks.
> [1] https://www.rsyslog.com/?s=error+3000
>
Generic error, a placeholder IOW. Might be the stop at that because its 
running as a daemon and never shuts down except while rebooting.

> Reco

Back from the radio station now.  Gawd I hate intermittants that fix 
themselves 15 minutes after I've taken the obvious failure apart, 
cleaned all the contacts and it works when I put it back together, then 
drops out 30 minutes later for 20 minutes, and then comes back for the 
rest of the day. But I am a bit smarter for the next time it dies. I'll 
know where to put a couple scope probes next time, just as soon as I can 
get my scope out of the truck and get it powered up.

Thanks Reco.


-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>