Michael, You are a star. I dont know what I did before but I re-installed rsyslog and changed the PrivateTmp to no It works now. I can see /tmp/server.log is now pushing syslog contents Thank you very much.
On Mon, Nov 13, 2023 at 10:24 AM Michael Biebl <bi...@debian.org> wrote: > Am 13.11.23 um 10:13 schrieb Bhasker C V: > > I forgot to answer the question on why I am doing this > > I am experimenting on a no-log system where there is no writes > > what-so-ever to /var/log (except for mails) or systemd journal > > (currently kept volatile) > > /tmp/ is tmpfs mounted > > Attached is the rsyslog config as-it-is being used now. > > > > With the attached rsyslog.conf, disabling PrivateTmp makes rsyslog log > to /run/server.log correctly (verified locally). > > I can only assume you didn't follow my instructions properly. > > Please make sure after following my instruction that you have afterwards > # systemctl show -P PrivateTmp rsyslog.service > no > > Btw, for your use case, a subdirectory in /run would be more suitable, > like say /run/syslog/. > > Also, you currently have > *.* -/tmp/server.log > *and* > *.=info;*.=notice;*.=warn;\ > auth,authpriv.none;\ > cron,daemon.none;\ > mail,audit,news.none -/tmp/server.log > > This doesn't make any sense. > This will basically duplicate the log messages in /tmp/server.log and > interleave them. > > Either you split up the logs facilities and log them to separate files > or you only keep a single log rule like > > *.* -/tmp/server.log > > which simply logs everything to /tmp/server.log > >
