On Saturday 25 August 2018 14:15:38 Reco wrote: > Hi. > > On Sat, Aug 25, 2018 at 01:49:53PM -0400, Gene Heskett wrote: > > > > Aug 25 12:11:35 coyote spamd[4707]: prefork: child states: II > > > > > > > > Several hundred a day... > > > > > > Try this: > > > > > > cat > /etc/rsyslog.d/spamd.conf << EOF > > > > > > :syslogtag, startswith, "spamd" /var/log/spamd.log > > > :syslogtag, startswith, "spamd" stop > > > > > > EOF > > > > > > service rsyslogd restart > > > > no permission > > I assumed that I could skip obligatory 'please assume root privileges > before making systemwide changes'. Apparently I was wrong, but … > > > so I cd to e/rs.d sudo -i and made this file > > > > :syslogtag, startswith, "spamd" /var/log/spamd.log > > :syslogtag, startswith, "spamd" stop > > … since things worked out themselves, we now have this: > > And had to do the restart as root, which logged this: > > Aug 25 13:34:45 coyote rsyslogd: [origin software="rsyslogd" > > swVersion="7.6.3" x-pid="3079" x-info="http://www.rsyslog.com";] > > exiting on signal 15. > > Aug 25 13:34:45 coyote rsyslogd: [origin software="rsyslogd" > > swVersion="7.6.3" x-pid="23099" x-info="http://www.rsyslog.com";] > > start > > These two are you usual rsyslogd restart. Nothing to see here. > > > Aug 25 13:34:45 coyote rsyslogd-3000: unknown priority name "" > > > > No clue what that error might be, you? > > But this one is sure cryptic. Even if one takes [1] into the account. > It's been awhile since I've tinkered with wheezy's rsyslogd, try > > replacing "stop" with "~". I.e. replace: > :syslogtag, startswith, "spamd" stop > > with: > :syslogtag, startswith, "spamd" ~ > : > > Thanks Reco. > > You're welcome. > > > > Consider adding logrotate configuration file for the new > > > /var/log/spamd.log. > > > > > > And, before you ask, documentation for rsyslogd lives in > > > "rsyslog-doc" package. > > > > Synaptic says its installed, but its not on /usr/share? > > It should be /usr/share/doc/rsyslogd-doc. > I made a habit doing 'dpkg -L …' on newly installed packages. > > > Ahh, found it but no mention of that exact syntax of :syslogtag > > To put it simply, it's that thing that follows hostname in your > typical syslog entry. Usually comes in format > "process_name[process_pid]". In this case it's "spamd[4707]". > Ahh, so. Thanks. > [1] https://www.rsyslog.com/?s=error+3000 > Generic error, a placeholder IOW. Might be the stop at that because its running as a daemon and never shuts down except while rebooting.
> Reco Back from the radio station now. Gawd I hate intermittants that fix themselves 15 minutes after I've taken the obvious failure apart, cleaned all the contacts and it works when I put it back together, then drops out 30 minutes later for 20 minutes, and then comes back for the rest of the day. But I am a bit smarter for the next time it dies. I'll know where to put a couple scope probes next time, just as soon as I can get my scope out of the truck and get it powered up. Thanks Reco. -- Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene>
