#5 Database logging problem
I have installed Msyslogd using rpms, so I did not
compile it on my own. I am running into an odd problem
that I have not seen documented anywhere though. All of
the log entries are going to /var/log/messages but they
are not being duplicated in my database as needed
except when I resart msyslog. Please note the following
paste from mysql
+----------+----------+------------+----------+----------+------------------------------------------------------------------------------------+-----+
| facility | priority | date | time | host
| message
| seq |
+----------+----------+------------+----------+----------+------------------------------------------------------------------------------------+-----+
| syslog | info | 2003-11-13 | 20:15:42 |
sentinel | syslogd: restart
| 1 |
| syslog | err | 2003-11-13 | 20:16:45 |
sentinel | syslogd: exiting on signal 1
| 2 |
| syslog | info | 2003-11-13 | 20:16:45 |
sentinel | syslogd: restart
| 3 |
| syslog | err | 2003-11-13 | 20:22:28 |
sentinel | syslogd: exiting on signal 1
| 4 |
| syslog | info | 2003-11-13 | 20:22:28 |
sentinel | syslogd: restart
| 5 |
| kern | warn | 2003-11-14 | 05:11:40 |
sentinel | kernel: <>afs: setting clock ahead 2 seconds
(via 152.1.1.92 in cell bp.ncsu.edu). | 6 |
| kern | warn | 2003-11-14 | 05:11:40 |
sentinel | kernel: afs: setting clock ahead 2 seconds
(via 152.1.1.92 in cell bp.ncsu.edu). | 7 |
| syslog | err | 2003-11-14 | 11:59:08 |
sentinel | syslogd: exiting on signal 1
| 8 |
| syslog | info | 2003-11-14 | 11:59:09 |
sentinel | syslogd: restart
| 9 |
+----------+----------+------------+----------+----------+------------------------------------------------------------------------------------+-----+
I have many entries in the messages file, here is a
tail of it:
[root@sentinel root]# tail /var/log/messages
Nov 18 05:43:55 lugh xfs[4063]: re-reading config file
Nov 18 05:43:55 lugh xfs: xfs -USR1 succeeded
Nov 18 05:43:55 lugh xfs[4063]: ignoring font path
element /usr/X11R6/lib/X11/fonts/cyrillic (unreadable)
Nov 18 07:42:04 sentinel kernel: afs: setting clock
ahead 2 seconds (via 152.1.1.92 in cell bp.ncsu.edu).
Nov 18 07:42:04 sentinel kernel: afs: setting clock
ahead 2 seconds (via 152.1.1.92 in cell bp.ncsu.edu).
Nov 18 09:03:22 sentinel sshd(pam_unix)[26747]: session
opened for user root by (uid=0)
Nov 18 09:06:27 sentinel msyslog: msyslogd shutdown
succeeded
Nov 18 09:06:27 sentinel msyslogd: syslogd: WARNING
error on input module, ignoring udp
Nov 18 09:06:27 sentinel msyslog: msyslogd startup
succeeded
Nov 18 09:07:58 sentinel root: logtest test
Here is my msyslog entry in /etc/sysconfig
[root@sentinel root]# cat /etc/sysconfig/msyslog
CONFIG="-f /etc/syslog.conf" # example: "-f
/etc/syslog.conf"
DEBUG="" # example: "-d 20"
MARK="-m 20" # example: "-m 20"
IM_BSD="" # example: "-i bsd"
IM_DOORS="" # example: "-i doors"
IM_LINUX="-i linux" # example: "-i linux"
IM_STREAMS="" # example: "-i streams"
IM_TCP="" # example: "-i tcp
accepted.host.com 514"
IM_UDP="" # example: "-i udp:514"
IM_UNIX="" # example: "-i unix"
The following is my syslog.conf file, it is pretty
standard.
[root@sentinel root]# cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*
/dev/console
# Log anything (except mail) of level info or higher.
*.* %mysql -D -s localhost -u mysql -p <password>
-d syslog -t syslogTB -F -P
*.* /var/log/messages
*.info;mail.none;authpriv.none;cron.none
/var/log/messages
# The authpriv file has restricted access.
authpriv.*
/var/log/secure
# Log all the mail messages in one place.
mail.*
/var/log/maillog
# Log cron stuff
cron.*
/var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a
special file.
uucp,news.crit
/var/log/spooler
# Save boot messages also to boot.log
local7.*
/var/log/boot.log
Anyone with feedback on this problem, I would very much
appreciate it.
Cheers,
Adam
