Am 13.11.23 um 10:13 schrieb Bhasker C V:
I forgot to answer the question on why I am doing thisI am experimenting on a no-log system where there is no writes what-so-ever to /var/log (except for mails) or systemd journal (currently kept volatile)/tmp/ is tmpfs mounted Attached is the rsyslog config as-it-is being used now.
With the attached rsyslog.conf, disabling PrivateTmp makes rsyslog log to /run/server.log correctly (verified locally).
I can only assume you didn't follow my instructions properly. Please make sure after following my instruction that you have afterwards # systemctl show -P PrivateTmp rsyslog.service noBtw, for your use case, a subdirectory in /run would be more suitable, like say /run/syslog/.
Also, you currently have *.* -/tmp/server.log *and* *.=info;*.=notice;*.=warn;\ auth,authpriv.none;\ cron,daemon.none;\ mail,audit,news.none -/tmp/server.log This doesn't make any sense.This will basically duplicate the log messages in /tmp/server.log and interleave them.
Either you split up the logs facilities and log them to separate files or you only keep a single log rule like
*.* -/tmp/server.log which simply logs everything to /tmp/server.log
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature