This is in fact applicable to all 6.x versions including stable, just thought it'd be nice if it could be fixed in 6.9 (small effort).
Issue: Any filter (or other rsyslog script) you deposit in /etc/rsyslog.d/ does not affect the local syslog files. It does affect remote syslog streams, if configured(*).
Reason: /etc/rsyslog.conf, as configured by the webGui scripts, looks like this (excerpt):
(...) $Umask 0022 # # Include all config files in /etc/rsyslog.d/ # limetech - ok # $IncludeConfig /etc/rsyslog.d/*.conf ############### #### RULES #### ############### # limetech - everything goes to syslog. $RuleSet local *.debug -/var/log/syslog (...)
Note that the "$IncludeConfig" directive precedes the "$RuleSet local" directive.
This means that when files from /etc/rsyslog.d/ are included, they are applied within the applicable default RuleSet at that moment - "RSYSLOG_DefaultRuleset". The net result is that under the "local" ruleset, the filters are not applied.
If the user configures a remote syslog facility, then another section is added to rsyslog.conf, with "$RuleSet remote", within which the content of /etc/rsyslog.d/ is read again(!), so the filters are applied on remote syslog, but not local.
Solution: Place the "$RuleSet local" directive above the "$IncludeConfig /etc/rsyslog.d/*.conf" directive.
This needs to be fixed in the Dynamix script (syslog setting UI), since the vanilla Unraid /etc/rsyslog.conf seems to not contain $RuleSet directives at all.
Sample patch to /etc/local/emhttp/webGui/scripts/rsyslog_config:
--- rsyslog_config 2021-01-09 19:02:20.528996624 +0200 +++ rsyslog_config-n 2021-01-09 19:58:06.434929884 +0200 @@ -14,7 +14,7 @@ # create local ruleset if ! grep -q '^\$RuleSet local$' $ETC; then - sed -ri '/^# limetech - everything goes to syslog.$/a$RuleSet local' $ETC + sed -ri '/^# Include all config files/a$RuleSet local' $ETC sed -ri '/^#?\*\.\* @@?.*:[0-9]+$/a$DefaultRuleset local' $ETC fi
(*) Actually, the instantiation is a bit more complex: This issue is created only if the user has, at any time, used the Settings/Syslog Server dialog. As distributed, the Unraid /etc/rsyslog.conf does not have a RuleSet configured, so does not have the issue.
Recommended Comments
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.