服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Ubuntu 14.04.2 LTS – RSysLog 8.8.0 – omusrmsg无法正常工作
Intereting Posts
显示urlencoded字符的apache错误文件错误 IIS7上的性能不佳,只能在Windows Server 2008上,在Windows 7上很好? DKIM在Postfix服务器,但不是Exchange服务器? xenserver 6.5上的Kali linux不显示在VM控制台中 Postfix无法创buildlocking文件,权限被拒绝 nginx和Mysql服务器负载限制(取决于服务器configuration) 思科asa5505不起来的“某些types的IP地址” 如何在server.password中创buildKeyStorePass在jboss中 Nginx – 扩展variables内的variables(string) TLS 1.0和1.1被禁用时,Windows 2008 R2上的SQL 2008无法正常工作 如何覆盖Powershell中的默认目录别名? 任何替代proftpd和vsftpd更容易configuration? pipe理交换机控制台电缆? Nginx + Pfsense + IIS + NLB:上游超时(110:连接超时) 如何通过Telnet命令从Windows连接到其他Linux机器操作系统

Ubuntu 14.04.2 LTS – RSysLog 8.8.0 – omusrmsg无法正常工作

我已经尝试了两天,让RSysLog提醒某些设备/优先级的所有[或特定]用户进入RSysLog。

rsyslog.d / 50-default.conf: 

... *.emerg :omusrmsg:* ...

命令 

 # logger -p emerg "Test Broadcast"

不会消息任何login用户,但确实在/ var / log / syslog中创build条目我试过这个股票Digital Ocean 14LTS Droplet,然后我安装了syslog-ng,它在那里工作得很好。 如果一切都失败了,我将不得不切换到syslog-ng。

我试着debugging它,但没有发现任何确凿的结果,只是应该调用它的内部omusrmsg插件。 

 6570.499968822:imuxsock.c : --------imuxsock calling select, active file descriptors (max 4): 0 4 6570.500000498:main Q:Reg/w0 : wti 0x1e55a80: worker awoke from idle processing 6570.500011205:main Q:Reg/w0 : DeleteProcessedBatch: we deleted 0 objects and enqueued 0 objects 6570.500018262:main Q:Reg/w0 : doDeleteBatch: delete batch from store, new sizes: log 1, phys 1 6570.500028026:main Q:Reg/w0 : processBATCH: batch of 1 elements must be processed 6570.500035307:main Q:Reg/w0 : processBATCH: next msg 0: <8>Mar 18 11:02:50 root: Test Broadcast 6570.500043692:main Q:Reg/w0 : PRIFILT 'auth,authpriv.*' 6570.500060156:main Q:Reg/w0 : pmask: XXXX FF XXXXX FF XXXXXXXXXXXXXXX 6570.500212848:main Q:Reg/w0 : PRIFILT condition result is 0 6570.500219084:main Q:Reg/w0 : PRIFILT '*.*;auth,authpriv.none' 6570.500234875:main Q:Reg/w0 : pmask: FF FF FF FF X FF FF FF FF FF X FF FF FF FF FF FF FF F F FF FF FF FF FF FF FF 6570.500376739:main Q:Reg/w0 : PRIFILT condition result is 1 6570.500383229:main Q:Reg/w0 : ACTION 1 [builtin:omfile:/var/log/syslog] 6570.500399749:main Q:Reg/w0 : executing action 1 6570.500406423:main Q:Reg/w0 : Called action, logging to builtin:omfile 6570.500434197:main Q:Reg/w0 : action 1 is transactional - executing in commit phase 6570.500442730:main Q:Reg/w0 : Action 1 transitioned to state: itx 6570.500449556:main Q:Reg/w0 : PRIFILT 'syslog.*' 6570.500464841:main Q:Reg/w0 : pmask: XXXXX FF XXXXXXXXXXXXXXXXXXXX 6570.500600153:main Q:Reg/w0 : PRIFILT condition result is 0 6570.500606337:main Q:Reg/w0 : PRIFILT 'kern.*' 6570.500621174:main Q:Reg/w0 : pmask: FF XXXXXXXXXXXXXXXXXXXXX XXXX 6570.500756319:main Q:Reg/w0 : PRIFILT condition result is 0 6570.500762583:main Q:Reg/w0 : PRIFILT 'mail.*' 6570.500779355:main Q:Reg/w0 : pmask: XX FF XXXXXXXXXXXXXXXXXXXXX XX 6570.500917348:main Q:Reg/w0 : PRIFILT condition result is 0 6570.500922727:main Q:Reg/w0 : PRIFILT 'mail.err' 6570.500936390:main Q:Reg/w0 : pmask: XXFXXXXXXXXXXXXXXXXXX XXXXX 6570.501051126:main Q:Reg/w0 : PRIFILT condition result is 0 6570.501056236:main Q:Reg/w0 : PRIFILT 'news.crit' 6570.501069057:main Q:Reg/w0 : pmask: XXXXXXX 7 XXXXXXXXXXXXXXXXXX 6570.501190023:main Q:Reg/w0 : PRIFILT condition result is 0 6570.501195270:main Q:Reg/w0 : PRIFILT 'news.err' 6570.501208511:main Q:Reg/w0 : pmask: XXXXXXXFXXXXXXXXXXXXX XXXXX 6570.501322879:main Q:Reg/w0 : PRIFILT condition result is 0 6570.501328029:main Q:Reg/w0 : PRIFILT 'news.notice' 6570.501341145:main Q:Reg/w0 : pmask: XXXXXXX 3F XXXXXXXXXXXXXXXXXX 6570.501456323:main Q:Reg/w0 : PRIFILT condition result is 0 6570.501461494:main Q:Reg/w0 : PRIFILT '*.emerg' 6570.501474573:main Q:Reg/w0 : pmask: 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 6570.501596778:main Q:Reg/w0 : PRIFILT condition result is 1 6570.501602014:main Q:Reg/w0 : ACTION 9 [builtin:omusrmsg::omusrmsg:*] 6570.501616285:main Q:Reg/w0 : executing action 9 6570.501621661:main Q:Reg/w0 : Called action, logging to builtin:omusrmsg 6570.501638200:main Q:Reg/w0 : wti 0x1e55a80: we need to create a new action worker instance for action 9 6570.501647455:main Q:Reg/w0 : Action 9 transitioned to state: itx 6570.501653556:main Q:Reg/w0 : entering actionCalldoAction(), state: itx, actionNbr 9 6570.501658963:main Q:Reg/w0 : 6570.501794730:main Q:Reg/w0 : Action 9 transitioned to state: rdy 6570.501804424:main Q:Reg/w0 : END batch execution phase, entering to commit phase 6570.501811294:main Q:Reg/w0 : actionCommitAll: action 1, state 1, nbr to commit 0 isTransactiona l 1 6570.501817299:main Q:Reg/w0 : doTransaction: have commitTransaction IF, using that, pWrkrInfo 0x 1e55bc0 6570.501823086:main Q:Reg/w0 : entering actionCallCommitTransaction(), state: itx, actionNbr 1, n Msgs 1 6570.501830453:main Q:Reg/w0 : omfile: write to stream, pData->pStrm 0x7fdf78002500, lenBuf 45, s trt data Mar 18 11:02:50 phoenix root: Test Broadcast 6570.501838364:main Q:Reg/w0 : strm 0x7fdf78002500: file 5(syslog) flush, buflen 45 6570.501845555:main Q:Reg/w0 : strmPhysWrite, stream 0x7fdf78002500, len 45 6570.501861894:main Q:Reg/w0 : strm 0x7fdf78002500: file 5 write wrote 45 bytes 6570.501868452:main Q:Reg/w0 : Action 1 transitioned to state: rdy 6570.501874835:main Q:Reg/w0 : Action 1 transitioned to state: itx 6570.501880751:main Q:Reg/w0 : Action 1 transitioned to state: rdy 6570.501886462:main Q:Reg/w0 : actionCommit, in retry loop, iRet 0 6570.501892786:main Q:Reg/w0 : actionCommitAll: action 2, state 0, nbr to commit 0 isTransactiona l 1 6570.501899897:main Q:Reg/w0 : actionCommitAll: action 3, state 0, nbr to commit 0 isTransactiona l 1 6570.501906392:main Q:Reg/w0 : actionCommitAll: action 9, state 0, nbr to commit 0 isTransactiona l 0 6570.501912074:main Q:Reg/w0 : processBATCH: batch of 1 elements has been processed 6570.501918697:main Q:Reg/w0 : regular consumer finished, iret=0, szlog 0 sz phys 1 6570.501925448:main Q:Reg/w0 : DeleteProcessedBatch: we deleted 1 objects and enqueued 0 objects 6570.501931248:main Q:Reg/w0 : doDeleteBatch: delete batch from store, new sizes: log 0, phys 0 6570.501937522:main Q:Reg/w0 : regular consumer finished, iret=4, szlog 0 sz phys 0 6570.501943253:main Q:Reg/w0 : main Q:Reg/w0: worker IDLE, waiting for work. root@phoenix:~#

你在configuration文件中使用$PrivDropToGroup$PrivDropToGroupID ? 这个组是否有写权限到用户的terminal(默认情况下是组tty )? 请注意(根据我的阅读http://www.rsyslog.com/doc/droppriv.html )如果这些指定任何二级组被删除。

用户的terminal是否可以被这个组写? 你的用户是否运行mesg n来closures它? 要检查这个尝试以下… 

 -bash-4.1$ tty /dev/pts/0 -bash-4.1$ ls -l /dev/pts/0 crw--w----. 1 sph9 tty 136, 0 Mar 23 22:59 /dev/pts/0

为了rsyslog能够写入用户的terminal,它需要以root (你说你想避免的)运行,或者用具有写入权限的组运行。 上面的例子是从一个CentOS机器,你可能会发现其他一些发行版本拥有更多的开放权限(我刚刚看到的一个Arch Linux机器对组和其他人都有写权限)。

因此,如果每个terminal只能由login用户写入,并且组tty rsyslogd的成员以用户syslogsyslog身份运行,则无法写入terminal。 你可以(我认为)通过临时改变你的ttys上的组来validation这个理论(适当地replacepts / 0)… 

 chgrp rsyslog /dev/pts/0

如果这样的话,你可以尝试设置rsyslog以组tty方式运行(尽pipe如果你依赖特定组所拥有的日志文件,这可能会破坏其他的东西)。

请注意,这一切都基于rsyslog文档的快速阅读,以及如何在一般情况下运行的经验,而不是rsyslog最新版本的具体体验。

用户的login会话是否正确logging在utmp中? (即他们出现在w的输出?)。 刚刚遇到https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1366261这表明存在与AppArmor,rsyslogd和utmp的问题,但这是一个较早的版本&#x3002;

我尝试添加syslog到tty组: 

 sudo adduser syslog tty

它似乎工作后service rsyslog restart并重新login。

只是为了好玩,难以阅读,但更通用的版本: 

 adduser $(awk '/^\$PrivDropToUser/ {print $2}' /etc/rsyslog.conf) $(stat -c "%G" $(tty))