- Annoyance
This is in fact applicable to all 6.x versions including stable, just thought it'd be nice if it could be fixed in 6.9 (small effort).
Issue: Any filter (or other rsyslog script) you deposit in /etc/rsyslog.d/ does not affect the local syslog files. It does affect remote syslog streams, if configured(*).
Reason: /etc/rsyslog.conf, as configured by the webGui scripts, looks like this (excerpt):
(...) $Umask 0022 # # Include all config files in /etc/rsyslog.d/ # limetech - ok # $IncludeConfig /etc/rsyslog.d/*.conf ############### #### RULES #### ############### # limetech - everything goes to syslog. $RuleSet local *.debug -/var/log/syslog (...)
Note that the "$IncludeConfig" directive precedes the "$RuleSet local" directive.
This means that when files from /etc/rsyslog.d/ are included, they are applied within the applicable default RuleSet at that moment - "RSYSLOG_DefaultRuleset". The net result is that under the "local" ruleset, the filters are not applied.
If the user configures a remote syslog facility, then another section is added to rsyslog.conf, with "$RuleSet remote", within which the content of /etc/rsyslog.d/ is read again(!), so the filters are applied on remote syslog, but not local.
Solution: Place the "$RuleSet local" directive above the "$IncludeConfig /etc/rsyslog.d/*.conf" directive.
This needs to be fixed in the Dynamix script (syslog setting UI), since the vanilla Unraid /etc/rsyslog.conf seems to not contain $RuleSet directives at all.
Sample patch to /etc/local/emhttp/webGui/scripts/rsyslog_config:
--- rsyslog_config 2021-01-09 19:02:20.528996624 +0200 +++ rsyslog_config-n 2021-01-09 19:58:06.434929884 +0200 @@ -14,7 +14,7 @@ # create local ruleset if ! grep -q '^\$RuleSet local$' $ETC; then - sed -ri '/^# limetech - everything goes to syslog.$/a$RuleSet local' $ETC + sed -ri '/^# Include all config files/a$RuleSet local' $ETC sed -ri '/^#?\*\.\* @@?.*:[0-9]+$/a$DefaultRuleset local' $ETC fi
(*) Actually, the instantiation is a bit more complex: This issue is created only if the user has, at any time, used the Settings/Syslog Server dialog. As distributed, the Unraid /etc/rsyslog.conf does not have a RuleSet configured, so does not have the issue.