Hi. On Sat, Aug 25, 2018 at 01:49:53PM -0400, Gene Heskett wrote: > > > Aug 25 12:11:35 coyote spamd[4707]: prefork: child states: II > > > > > > Several hundred a day... > > > > Try this: > > > > cat > /etc/rsyslog.d/spamd.conf << EOF > > > > :syslogtag, startswith, "spamd" /var/log/spamd.log > > :syslogtag, startswith, "spamd" stop > > > > EOF > > > > service rsyslogd restart > > > no permission
I assumed that I could skip obligatory 'please assume root privileges before making systemwide changes'. Apparently I was wrong, but … > so I cd to e/rs.d sudo -i and made this file > :syslogtag, startswith, "spamd" /var/log/spamd.log > :syslogtag, startswith, "spamd" stop … since things worked out themselves, we now have this: > And had to do the restart as root, which logged this: > Aug 25 13:34:45 coyote rsyslogd: [origin software="rsyslogd" > swVersion="7.6.3" x-pid="3079" x-info="http://www.rsyslog.com";] exiting > on signal 15. > Aug 25 13:34:45 coyote rsyslogd: [origin software="rsyslogd" > swVersion="7.6.3" x-pid="23099" x-info="http://www.rsyslog.com";] start These two are you usual rsyslogd restart. Nothing to see here. > Aug 25 13:34:45 coyote rsyslogd-3000: unknown priority name "" > > No clue what that error might be, you? But this one is sure cryptic. Even if one takes [1] into the account. It's been awhile since I've tinkered with wheezy's rsyslogd, try replacing "stop" with "~". I.e. replace: :syslogtag, startswith, "spamd" stop with: :syslogtag, startswith, "spamd" ~ > Thanks Reco. You're welcome. > > Consider adding logrotate configuration file for the new > > /var/log/spamd.log. > > > > And, before you ask, documentation for rsyslogd lives in "rsyslog-doc" > > package. > > Synaptic says its installed, but its not on /usr/share? It should be /usr/share/doc/rsyslogd-doc. I made a habit doing 'dpkg -L …' on newly installed packages. > Ahh, found it but no mention of that exact syntax of :syslogtag To put it simply, it's that thing that follows hostname in your typical syslog entry. Usually comes in format "process_name[process_pid]". In this case it's "spamd[4707]". [1] https://www.rsyslog.com/?s=error+3000 Reco
