0

Ubuntu 64 14.04 comes with rsyslog (7) built-in.

I've added test.conf to /etc/rsyslog.d with the following line:

:syslogtag,isequal,"test"       /var/log/test.log

I then restart rsyslog and log using logger:

echo "hi there" | logger -t test

I expect that line to reach /var/log/test.log, but instead it reaches syslog.log.

What am I doing wrong?

Assaf Lavie
  • 297
  • 1
  • 6
  • 17

1 Answers1

2

You're missing a colon after test. It reads "test" but should read "test:".

This is the same issue: how to filter rsyslog messages by tags.

Community
  • 1
  • I've disabled all rules in the rsyslog.d dir and left only the above test rule. Restarted rsyslog. Nothing reaches test.log (nor does anything reach syslog, naturally). I've tried specifying `-p user.notice` but it did not make a difference. – Assaf Lavie Aug 31 '15 at 19:35
  • I misread part of your question and didn't notice you were trying to route based on the tag. The commonly accepted practice is to use the facility to route syslog messages. I think you'll find that much more straightforward. That said, I think your problem is you're missing a colon in `"test"`. It should be `"test:"`. See: [how to filer rsyslog messages by tags](http://serverfault.com/questions/514901/how-to-filer-rsyslog-messages-by-tags). –  Aug 31 '15 at 19:58
  • 1
    That was it. Thanks. (if you edit your answer to update it I'd be happy to accept it) – Assaf Lavie Sep 01 '15 at 06:40