3

I've been tasked with setting up longer/better log retention for our postgres servers, but after configuring postgres to ship logs to syslog via local0 I've found that they never actually hit the configured local file.

/etc/rsyslog.d/postgresql.conf:

local0.* /company/data/psql/company_cluster/log/postgresql.log

Relevant postgres config:

log_destination = 'syslog'
syslog_facility = 'local0'

Once I got the config in place and reloaded/restarted services I noticed that while nothing was going into the specified log file [even after touching it] I was seeing messages piped into graylog which has a *.* rule.

Even stranger is that logger -p local0.info test or any other facility doesn't generate a message anywhere that I can find. Same goes for any other local facility, or even mail.none.

Rsyslog seems to be restarting cleanly, I've doubled-checked the selinux context on the config file, and I can't find any relevant info logged from rsyslog itself. What's happening?

All rsyslog config:

# cat /etc/rsyslog.conf /etc/rsyslog.d/* | grep -v -e '^\s*#' -e '^\s*$'
$ModLoad imuxsock
$ModLoad imjournal
$WorkDirectory /var/lib/rsyslog
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
$OmitLocalLogging on
$IMJournalStateFile imjournal.state
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                 :omusrmsg:*
uucp,news.crit                                          /var/log/spooler
local7.*                                                /var/log/boot.log

# graylog.conf
*.* @graylogmaster.rancher.company.ca:8514;RSYSLOG_SyslogProtocol23Format
# listen.conf
$SystemLogSocketName /run/systemd/journal/syslog
# postgresql.conf
local0.* /company/data/psql/company_cluster/log/postgresql.log

Edit: "Not Really A Solution" Solution

Something seems to be wrong with Rsyslog [and maybe more] on the particular server that I was working on when I originally posted this question. Restarting the service hasn't done anything and I'm waiting for a maintenance window to either restart or reprovision this server.

This same config works just fine on other servers, but with the caveat that LOCAL0 seems to be invalid in at least some contexts, but local0 works everywhere.

Sammitch
  • 2,111
  • 1
  • 21
  • 35

0 Answers0