Oi Armando,
Posta uma linha que está logando.
Eu acho que é por causa do *.emerg que está mandando mensagem pra todo mundo.
# Everybody gets emergency messages
*.emerg *
Valeu,
--
Emerson Takahashi
Unix System Administrator at HP Enterprise Services
E-mail: emerson(a)setaoffice.com
2010/1/26 Armando Barsotini Neto <a.barsotini(a)gmail.com>:
Olá Iuri...
Meu rsyslog está rodando sim !!!!
Uma curiosidade: Mesmo parando o serviço do rsyslog, a tela continua sendo
entupida de LOGS do iptables(firewall)... achei isso muito estranho !!!!
Caso eu baixe o Firewall (iptables) as mensagens/logs param.... Meu Deus,
nunca vi isso antes....
Será que algum ser mortal poderia me dar uma LUZ ??? Se é que existe uma
LUZ para isso !!!!
--
Att,
Armando Barsotini Neto
Linux User # 503670
Ubuntu User # 30175
2010/1/26 Iuri Diniz <iuridiniz(a)gmail.com>
>
> o rsyslogd está rodando???
>
> seu arquivo parece certo...
>
> 2010/1/26 Armando Barsotini Neto <a.barsotini(a)gmail.com>
>>
>> Ok IURI.. agradeço !!!
>>
>> Porém, no meu RSYSLOG.CONF, a única linha contendo /dev/console esta
>> comentada:
>>
>> Segue meu RSYSLOG.CONF
>>
>> [root@armando FIREWALLS]# cat /etc/rsyslog.conf
>> #rsyslog v3 config file
>>
>> # if you experience problems, check
>> #
http://www.rsyslog.com/troubleshoot for assistance
>>
>> #### MODULES ####
>>
>> $ModLoad imuxsock.so # provides support for local system logging (e.g.
>> via logger command)
>> $ModLoad imklog.so # provides kernel logging support (previously
>> done by rklogd)
>> #$ModLoad immark.so # provides --MARK-- message capability
>>
>> # Provides UDP syslog reception
>> #$ModLoad imudp.so
>> #$UDPServerRun 514
>>
>> # Provides TCP syslog reception
>> #$ModLoad imtcp.so
>> #$InputTCPServerRun 514
>>
>>
>> #### GLOBAL DIRECTIVES ####
>>
>> # Use default timestamp format
>> $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
>>
>> # File syncing capability is disabled by default. This feature is usually
>> not required,
>> # not useful and an extreme performance hit
>> #$ActionFileEnableSync on
>>
>>
>> #### RULES ####
>>
>> # Log all kernel messages to the console.
>> # Logging much else clutters up the screen.
>> #kern.* /dev/console
>>
>> # Log anything (except mail) of level info or higher.
>> # Don't log private authentication messages!
>> *.info;mail.none;authpriv.none;cron.none /var/log/messages
>>
>> # The authpriv file has restricted access.
>> authpriv.* /var/log/secure
>>
>> # Log all the mail messages in one place.
>> mail.* -/var/log/maillog
>>
>>
>> # Log cron stuff
>> cron.* /var/log/cron
>>
>> # Everybody gets emergency messages
>> *.emerg *
>>
>> # Save news errors of level crit and higher in a special file.
>> uucp,news.crit /var/log/spooler
>>
>> # Save boot messages also to boot.log
>> local7.* /var/log/boot.log
>>
>>
>>
>> # ### begin forwarding rule ###
>> # The statement between the begin ... end define a SINGLE forwarding
>> # rule. They belong together, do NOT split them. If you create multiple
>> # forwarding rules, duplicate the whole block!
>> # Remote Logging (we use TCP for reliable delivery)
>> #
>> # An on-disk queue is created for this action. If the remote host is
>> # down, messages are spooled to disk and sent when it is up again.
>> #$WorkDirectory /var/spppl/rsyslog # where to place spool files
>> #$ActionQueueFileName fwdRule1 # unique name prefix for spool files
>> #$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as
>> possible)
>> #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
>> #$ActionQueueType LinkedList # run asynchronously
>> #$ActionResumeRetryCount -1 # infinite retries if host is down
>> # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
>> #*.* @@remote-host:514
>> # ### end of the forwarding rule ###
>>
>> Grato !!!!
>>
>> --
>> Att,
>>
>> Armando Barsotini Neto
>>
>> Linux User # 503670
>> Ubuntu User # 30175
>>
>>
>> --------------------
>>
>> 2010/1/26 Iuri Diniz <iuridiniz(a)gmail.com>
>>>
>>> Este arquivo controla para onde vão os logs que usam a facilidade de
>>> sistema syslog (apache, por exemplo, geralmente usa o sistema de log
>>> próprio, ssh, por exemplo, geralmente usa o syslog)
>>>
>>> Vai no arquivo rsyslog.conf e procura quais os logs estão indo para
>>> /dev/console e desabilita ou muda para um tty qualquer (man rsyslog.conf
>>> para como fazer isto)
>>>
>>> DICA RÁPIDA: se achar melhor use a seguinte linha de comando (NÃO
>>> TESTADA NO SEU FEDORA) em perl para trocar /dev/console para o tty8 (ALT+F8)
>>>
>>> perl -i.BAK -pe 's/\/dev\/console/\/dev\/tty8/g' /etc/rsyslog.conf
>>>
>>> assim os logs agora só vão para o tty8 e não no console que está online,
>>> não incomodando vc...
>>>
>>> 2010/1/25 Armando Barsotini Neto <a.barsotini(a)gmail.com>
>>>>
>>>> Opa.. agora encontrei o arquivo, era realmente RSYSLOG.CONF... porém,
>>>> pintou uma dúvida:
>>>>
>>>> Caso eu apague esse arquivo, vou continuar a poder ver os LOGS DO
>>>> FIREWALL quando eu quiser através do TAIL ?
>>>>
>>>> Pois meu serviço de LOGs é o RSYSLOG (dentro do NTSYSV)
>>>>
>>>> Se eu apagar esse arquivo meu rsyslog vai parar de funcionar, correto
>>>> ? Desculpem a ignorância, mas não entendi muito bem isso !!!!
>>>>
>>>> --
>>>> Att,
>>>>
>>>> Armando Barsotini Neto
>>>>
>>>> Linux User # 503670
>>>> Ubuntu User # 30175
>>>>
>>>>
>>>> 2010/1/25 iarly selbir | ski0s <iarlyy(a)gmail.com>
>>>>>
>>>>> possivelmente esse /etc/rsyslog.conf
>>>>>
>>>>> Regards,
>>>>>
>>>>> - -
>>>>> iarly selbir | ski0s
>>>>>
>>>>> :wq!
>>>>>
>>>>>
>>>>> 2010/1/25 Armando Barsotini Neto <a.barsotini(a)gmail.com>
>>>>>>
>>>>>> Olá..
>>>>>>
>>>>>> Pessoal, no meu fedora 12, através do comando:
>>>>>>
>>>>>> [root@armando /]# find . -name syslog.conf
>>>>>>
>>>>>> o único arquivo que ele encontra é esse:
>>>>>>
>>>>>> ./etc/audisp/plugins.d/syslog.conf
>>>>>>
>>>>>> Seria esse ??? Pois não existe o arquivo indicado
(/etc/syslog.conf)
>>>>>>
>>>>>> E dentro dele segue o conteúdo:
>>>>>>
>>>>>> [root@armando plugins.d]# cat syslog.conf
>>>>>> # This file controls the configuration of the
>>>>>> # syslog plugin. It simply takes events and writes
>>>>>> # them to syslog.
>>>>>>
>>>>>> active = no
>>>>>> direction = out
>>>>>> path = builtin_syslog
>>>>>> type = builtin
>>>>>> args = LOG_INFO
>>>>>> format = string
>>>>>>
>>>>>> E agora ????
>>>>>>
>>>>>> Grato !!
>>>>>>
>>>>>> Att,
>>>>>>
>>>>>> Armando!
>>>>>>
>>>>>>
>>>>>>
>>>>>> 2010/1/25 Armando Barsotini Neto <a.barsotini(a)gmail.com>
>>>>>>>
>>>>>>> Olá pessoal !!!
>>>>>>>
>>>>>>> Grato.. vou testar e retorno os resultados....
>>>>>>>
>>>>>>> --
>>>>>>> Att,
>>>>>>>
>>>>>>> Armando Barsotini
>>>>>>>
>>>>>>>
>>>>>>> 2010/1/24 Iuri Diniz <iuridiniz(a)gmail.com>
>>>>>>>>
>>>>>>>>
>>>>>>>> 2010/1/24 Armando Barsotini Neto
<a.barsotini(a)gmail.com>
>>>>>>>>>
>>>>>>>>> OBS: Mesmo quando o terminal fica na tela de login,
os logs ficam
>>>>>>>>> correndo na tela.. muito estranho, pois em outras
versões eu sempre utilizo
>>>>>>>>> o comando: tail -f /var/log/messages para ver estes
logs, e agora, do nada,
>>>>>>>>> esses logs ficam correndo na TELA mesmo com o serviço
parado, e sem rodar
>>>>>>>>> comando algum !!!
>>>>>>>>
>>>>>>>> remove syslog.conf
>>>>>>>>
>>>>>>>> kern.* /dev/console
>>>>>>>>
>>>>>>>> --
>>>>>>>> Iuri Diniz
>>>>>>>>
http://iuridiniz.com [Sou um agitador, não um advogado]
>>>>>>>>
http://blog.igdium.com [Linux on Limbo]
>>>>>>>>
>>>>>>>> --
>>>>>>>> br-users mailing list
>>>>>>>> br-users(a)lists.fedoraproject.org
>>>>>>>>
https://admin.fedoraproject.org/mailman/listinfo/br-users
>>>>>>
>>>>>> --
>>>>>> br-users mailing list
>>>>>> br-users(a)lists.fedoraproject.org
>>>>>>
https://admin.fedoraproject.org/mailman/listinfo/br-users
>>>>>
>>>>>
>>>>> --
>>>>> br-users mailing list
>>>>> br-users(a)lists.fedoraproject.org
>>>>>
https://admin.fedoraproject.org/mailman/listinfo/br-users
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> br-users mailing list
>>>> br-users(a)lists.fedoraproject.org
>>>>
https://admin.fedoraproject.org/mailman/listinfo/br-users
>>>
>>>
>>>
>>> --
>>> Iuri Diniz
>>>
http://iuridiniz.com [Sou um agitador, não um advogado]
>>>
http://blog.igdium.com [Linux on Limbo]
>>>
>>> --
>>> br-users mailing list
>>> br-users(a)lists.fedoraproject.org
>>>
https://admin.fedoraproject.org/mailman/listinfo/br-users
>>
>>
>>
>> --
>> Att,
>>
>> Armando Barsotini Neto
>>
>> Linux User # 503670
>> Ubuntu User # 30175
>>
>> --
>> br-users mailing list
>> br-users(a)lists.fedoraproject.org
>>
https://admin.fedoraproject.org/mailman/listinfo/br-users
>
>
>
> --
> Iuri Diniz
>
http://iuridiniz.com [Sou um agitador, não um advogado]
>
http://blog.igdium.com [Linux on Limbo]
>
> --
> br-users mailing list
> br-users(a)lists.fedoraproject.org
>
https://admin.fedoraproject.org/mailman/listinfo/br-users
--
br-users mailing list
br-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/br-users