I installed rsyslog on my Alpine-based system to replace busybox syslogd. After completely disabling syslogd in openrc, enabling ryslog at boot and rebooting, all services correctly started logging to rsyslog.
However, using the logger
utility (provided by busybox, but I've ralso tried replacing it by installing the logger
package - it didn't change anything) still logs to /var/log/messages
(no matter which facility I log to), which is the default file used by busybox syslogd
.
To my understanding, logger
should not log to a file directly but use syslog protocol, so rsyslogd
should pick up the message and treat it according to the rules defined. However, despite the only rule in rsyslog to log to /var/log/messages
contains mail.none
, logger still logs to that file when I use mail.info
as facility/severity.
What's going on and how do I fix it?
--
/etc/rsyslog.conf
:
# rsyslog configuration file
#
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# or latest version online at http://www.rsyslog.com/doc/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
#### Global directives ####
# Sets the directory that rsyslog uses for work files.
$WorkDirectory /var/lib/rsyslog
# Sets default permissions for all log files.
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
# Check config syntax on startup and abort if unclean (default off).
#$AbortOnUncleanConfig on
# Reduce repeating messages (default off).
#$RepeatedMsgReduction on
#### Modules ####
# Provides --MARK-- message capability.
module(load="immark")
# Provides support for local system logging (e.g. via logger command).
module(load="imuxsock")
# Reads kernel messages.
module(load="imklog")
#### Rules ####
# Log all kernel messages to kern.log.
kern.* /var/log/kern.log
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
# NOTE: The minus sign in front of filename disables buffer flush.
*.info;authpriv.none;cron.none;kern.none;mail.none -/var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/auth.log
# Log all the mail messages in one place.
mail.* -/var/log/mail.log
# Log cron stuff.
cron.* -/var/log/cron.log
# Everybody gets emergency messages.
*.emerg :omusrmsg:*
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
#### Config files ####
# Include all config files in /etc/rsyslog.d/.
include(file="/etc/rsyslog.d/*.conf" mode="optional")
rc-update show
:
apache2 | default
bootmisc | boot
crond | default
devfs | sysinit
dovecot | default
fail2ban | default
loadkmap | boot
mdev | sysinit
networking | default
opendkim | default
openntpd | default
php-fpm7 | default
postfix | default
postgresql | default
postgrey | default
rspamd | default
rsyslog | boot default
sshd | default
ufw | default
rc-status
:
Runlevel: default
rsyslog [ started ]
ufw [ started ]
networking [ started ]
openntpd [ started ]
postgresql [ started ]
dovecot [ started ]
opendkim [ started ]
postgrey [ started ]
sshd [ started ]
rspamd [ started ]
crond [ started ]
postfix [ started ]
apache2 [ started ]
fail2ban [ started ]
php-fpm7 [ started ]
Dynamic Runlevel: hotplugged
Dynamic Runlevel: needed/wanted
hostname [ started ]
localmount [ started ]
sysfs [ started ]
Dynamic Runlevel: manual