Can anyone tell me what I did wrong here?

Here is the ultimate question:

Why when I use the logger command can I not get it to output to a custom log file in /var/log?

In my script:

logger -i -t ANM -p local7.info "This is a local 7 test"

In the rsyslog.conf I appended the following to the end of the file:

local7.* /var/log/anm.log

Also, the script has permission for the /var/log/anm.log file


So I forgot to restart the logging services. I have tried rebooting and "service rsyslog restart" Still no change. The test text does not show up in /var/log/anm.log but it does appear in /var/log/syslog


What permissions does /var/log/"yourlogfilehere" need? Owner, Group, rwx?

I have tried setting grp and own to root and to the username running the logger command. No change with either.

I have also tried creating log files inside a custom directory in /var/log. ie /var/log/anm/anm.log and setting both types of permissions for the directory.


rsyslogd is running

syslog     598  0.0  0.1  31060  1292 ?        Sl   03:02   0:02 rsyslogd -c5

and here is the output from my /etc/rsyslog.conf file

#  /etc/rsyslog.conf    Configuration file for rsyslog.
#                       For more information see
#                       /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#  Default logging rules can be found in /etc/rsyslog.d/50-default.conf

#### MODULES ####

$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
#$ModLoad immark  # provides --MARK-- message capability

# provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

# provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514


# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Filter duplicated messages
$RepeatedMsgReduction on

# Set the default permissions for all log files.
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog

# Where to place spool files
$WorkDirectory /var/spool/rsyslog

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf

local7.*        /var/log/anm.log

I also tried putting it in /etc/rsyslog.d/50-default.conf (I am running Ubuntu 12.04 LTS)

#  Default rules for rsyslog.
#                       For more information see rsyslog.conf(5) and /etc/rsyslog.conf

# First some standard log files.  Log by facility.
auth,authpriv.*                 /var/log/auth.log
*.*;auth,authpriv.none          -/var/log/syslog
#cron.*                         /var/log/cron.log
#daemon.*                       -/var/log/daemon.log
kern.*                          -/var/log/kern.log
#lpr.*                          -/var/log/lpr.log
mail.*                          -/var/log/mail.log
#user.*                         -/var/log/user.log
local7.*                        /var/log/anm.log


Well I finally figured it out. I wish someone had answered this for me. Took several days to figure out what was wrong, but I guess there just aren't very many people on superuser.

The issue was with the file permissions of the custom log file as I originally theorized. I thought I had the permissions correct, but it turns out the owner needs to be syslog and the group adm. I determined this by comparing to the user.log file. Once permissions were modified and tested again, all works perfectly! I hope this helps someone else out there quicker than I was able to find answer.

    I saw an identical post on SF - please don't crosspost.
    – Journeyman Geek
    Commented Aug 3, 2013 at 3:51
  • Everyone kept telling me to move my post. I guess I should delete the others?
    – Atomiklan
    Commented Aug 3, 2013 at 3:57
    yup. You can also flag your own posts to ask a moderator to move it as well in future
    – Journeyman Geek
    Commented Aug 3, 2013 at 4:32
  • "Please, need immediate assistance" also isn't a very helpful title for the question. I also personally find your question difficult to read; where's the actual question? The only real question I can see is "what permissions do /var/log/somefile need?" and the answer to that should be "let the syslogd handle it". Besides, that was many updates ago and so presumably no longer relevant.
    – user
    Commented Aug 3, 2013 at 9:25
  • You can post your solution as an answer so other people facing the same problem can see it.
    – gronostaj
    Commented Aug 4, 2013 at 12:38

Here are the final permissions

-rw-r--r-- 1 syslog adm 0 Aug  3 05:09 anm.log
  • "I thought I had the permissions correct" implies that you created the file yourself. Why did you not simply let the syslog daemon create it?
    – user
    Commented Aug 3, 2013 at 9:23
  • The question was: Why when I use the logger command can I not get it to output to a custom log file in /var/log? I just tried to let syslog create the file and I doesn't work. Either way is fine though. I don't mind having my install script create the file and set the permissions.
    – Atomiklan
    Commented Aug 3, 2013 at 15:15
    Feels like it when seconds = $$$
    – Atomiklan
    Commented Aug 6, 2013 at 23:34
  • Hi @Atomiklan Thanks for your question solves my exactly same issue. However I do wondering why the file auto created by rsyslog is under root/root instead of the correct syslog/adm? Do you have any idea why?
    – Yudong Li
    Commented Dec 27, 2013 at 3:46
  • thanks man! apparently, your effort has just saved me from 2 days of debugging syslog :) And from the vague comments of @MichaelKjörling and @YudongLi I figured the daemon creates the file on its' own according to the path in the config rule. After service restart it knows the rule and on the first appropriate call from logger creates the file with correct permissions set.
    – xealits
    Commented Nov 21, 2015 at 1:53

@Atomiklan mentioned he had to change the owner/group of his custom file to syslog/adm. I tried that and it worked...

But the comment from @MichaelKjörling seemed right, too: why not just let the syslog daemon create the file?

The key in my case (and I suggest the OP's) is that the syslog user did not have write permission to my custom log's directory. I did a chmod o+w, restarted rsyslog, and my log file happily appeared where it should have... with syslog/adm as the user/group.

#$ModLoad imudp
#$UDPServerRun 514

must be:

$ModLoad imudp
$UDPServerRun 514

to run remote-logging!

