[opensuse] Intrusive wall from rsyslog
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My rsyslog is configured to log messages from the router into a file like this: #CER: router messages into a separate file and stop further processing. # http://wiki.rsyslog.com/index.php/Sysklogd_drop-in_with_remote_logs_separate... # ^program-to-execute;template - doc: rsyslog_conf_actions.html if ($source == 'router') and ($msg contains 'Received valid IP address from server. Connection UP.') then \ ^/usr/local/bin/askandlogexternalIP_sh if ($source == 'router') then \ -/var/log/router & ~ so far so good. A bit later there is this default setting: # Emergency messages to everyone logged on (wall) *.emerg :omusrmsg:* The problem is that emergency messages from the router are also printed on all terminals; and the router booting is considered and emergency. Like this: cer@Telcontar:~> Message from syslogd@BCM96345 at Oct 9 19:25:15 ... started: BusyBox v0.60.4 (2005.10.07-11:27+0000) Message from syslogd@BCM96345 at Oct 9 19:28:39 ... started: BusyBox v0.60.4 (2005.10.07-11:27+0000) How can I stop those emergency messages from the router being displayed everywhere? [thinking] I have seen this rule in the wiki indicated above: # Everybody gets emergency messages #*.emerg * if \ $source == 'localhost' \ and \ $syslogseverity-text == 'emerg' \ then * which looks interesting. I wonder how to integrate both. Perhaps this: if ($source == 'localhost') and ($syslogseverity <= 0 /* emergency */) then :omusrmsg:* would that be correct? - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) iEYEARECAAYFAlB0i14ACgkQtTMYHG2NR9U1cACfcvyYdC7FHxkCH4t0qPseCZOS dggAn127cQd7FWlY2fak7b+V78vsZVuV =aRXX -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
I have seen this rule in the wiki indicated above:
# Everybody gets emergency messages #*.emerg * if \ $source == 'localhost' \ and \ $syslogseverity-text == 'emerg' \ then *
which looks interesting. I wonder how to integrate both. Perhaps this:
if ($source == 'localhost') and ($syslogseverity <= 0 /* emergency */) then :omusrmsg:*
would that be correct?
It looks good, try it. -- Per Jessen, Zürich (13.4°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2012-10-10 09:17, Per Jessen wrote:
Carlos E. R. wrote:
which looks interesting. I wonder how to integrate both. Perhaps this:
if ($source == 'localhost') and ($syslogseverity <= 0 /* emergency */) then :omusrmsg:*
would that be correct?
It looks good, try it.
Yes, I was trying it - but in the process I lost all logging from the router. I thought it was my changes, but even after I reverted all of them it was no go. Then I though of using ethereal, and it turned out that if the router senses that that its external syslog is not listening, it stops sending logs! So... yes, the change above works if 'localhost' is changed to 'Telcontar', ie, the actual name of localhost. And I lost external logging because I accepted the changes a previous rpm update did in /etc/rsyslog.d/remote.conf.rpmnew. I reverted to the backup and it worked (after I restarted the router). I'll have to investigate those rpm changes another time. - -- Cheers / Saludos, Carlos E. R. (from 12.1 x86_64 "Asparagus" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlB1N8YACgkQIvFNjefEBxrv3gCaAq91KX9AtsNuy1LamlHq7F/J 8f8AoJtBETpJA7wnz77O2qiHqdA/tbq9 =trM2 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2012-10-10 09:17, Per Jessen wrote:
Carlos E. R. wrote:
which looks interesting. I wonder how to integrate both. Perhaps this:
if ($source == 'localhost') and ($syslogseverity <= 0 /* emergency */) then :omusrmsg:*
would that be correct?
It looks good, try it.
Yes, I was trying it - but in the process I lost all logging from the router. I thought it was my changes, but even after I reverted all of them it was no go. Then I though of using ethereal, and it turned out that if the router senses that that its external syslog is not listening, it stops sending logs!
I wonder how it manages to do that - isn't it using UDP on port 514? -- Per Jessen, Zürich (13.6°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2012-10-10 12:07, Per Jessen wrote:
Carlos E. R. wrote:
Yes, I was trying it - but in the process I lost all logging from the router. I thought it was my changes, but even after I reverted all of them it was no go. Then I though of using ethereal, and it turned out that if the router senses that that its external syslog is not listening, it stops sending logs!
I wonder how it manages to do that - isn't it using UDP on port 514?
Me too... Indeed it is using UDP. Could the rsyslog daemon send something back if it is not listening? - -- Cheers / Saludos, Carlos E. R. (from 12.1 x86_64 "Asparagus" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlB1SdIACgkQIvFNjefEBxrh3gCg0KIxUsLRV1e1uMQQd3qRPfP8 9cgAoM0UV39H93WnV+p2TAz7X7b+llKY =696d -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2012-10-10 12:07, Per Jessen wrote:
Carlos E. R. wrote:
Yes, I was trying it - but in the process I lost all logging from the router. I thought it was my changes, but even after I reverted all of them it was no go. Then I though of using ethereal, and it turned out that if the router senses that that its external syslog is not listening, it stops sending logs!
I wonder how it manages to do that - isn't it using UDP on port 514?
Me too... Indeed it is using UDP. Could the rsyslog daemon send something back if it is not listening?
Yes, the sender will probably receive an ICMP port unreachable message, which I guess a sender could be looking for, but normally UDP is shoot and forget. -- Per Jessen, Zürich (14.0°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (3)
-
Carlos E. R. -
Carlos E. R. -
Per Jessen