My systemd target/service design has multiple sub-services all uniquely identified. My test.target requires 10 test-@.service instances. The result is target runs and there are 10 identified services. e.g. test-@0.service, test-@1.service, etc... This is a common way to have a target control a bunch of similar services.
Each service has the Systemd SyslogIndentifer set to SyslogIdentifier=test-%i. So when it logs to syslog/journald, the facility name is test-0,test-1, etc...
Here's a sample journald log, note the facility test-0:
Oct 29 03:32:35 black-node.local test-0[5015]: 1603942355636701,CON,192.168.10.151:57458,4,12,1,-,-,-,timeout expired; UDP connection assumed closed.
Now, I need/want to log all of the resulting test-* syslog messaging into a separate log file. I tried adding the following in `/etc/rsyslog.d/test.conf:
$template TestFile,"/var/log/test-%syslogfacility-text%.log"
test-*.* ?TestFile
But I receive the following errors when restoring rsyslogd (sudo systemctl restart rsyslog):
Message from syslogd@black-node at Oct 29 03:19:22 ...
rsyslogd:file './.* ? TestFile': open error: Permission denied [v8.24.0-52.el7 try http://www.rsyslog.com/e/2433 ]
Message from syslogd@black-node at Oct 29 03:19:22 ...
rsyslogd:action 'action 2' resumed (module 'builtin:omfile') [v8.24.0-52.el7 try http://www.rsyslog.com/e/2359 ]
It's not file permissions, and the rsyslog error 2359 page says it could be selinux (!!!) related. So I tried turning off selinux (sudo setenforce 0) and restarting rsyslogd again:
Message from syslogd@black-node at Oct 29 03:18:07 ...
systemd:Started System Logging Service.
Message from syslogd@black-node at Oct 29 03:18:07 ...
rsyslogd:error during parsing file /etc/rsyslog.d/test.conf, on or before line 7: warnings occured in file '/etc/rsyslog.d/transfers.conf' around line 7 [v8.24.0-52.el7 try http://www.rsyslog.com/e/2207 ]
Message from syslogd@black-node at Oct 29 03:18:07 ...
rsyslogd:action '*' treated as ':omusrmsg:*' - please use ':omusrmsg:*' syntax instead, '*' will not be supported in the future [v8.24.0-52.el7 try http://www.rsyslog.com/e/2184 ]
That's a little more encouraging? I have no clue how or if I should apply :omusrmsg: but I tried:
$template TestFile,"/var/log/test-%syslogfacility-text%.log"
test-:omusrmsg:*.* ?TestFile
Now rsyslog restarts fine, no errors or complaints, but also no new log file.
At this point I'm going crazy, so I isolate the 1st service facility test-0:
$template TestFile,"/var/log/test-%syslogfacility-text%.log"
test-0.* ?TestFile
I see the logs in messages/journald, but my log file isn't created and there aren't any rsyslog errors when restarting it.
How can I simply aggregate multiple log facilities into one log file? I can't even seem to get the general dynamic log file type case to work?! Any tips would be greatly appreciated. Thank you.
