With Analytics installed the gateway server's /etc/rsyslog.d/nam.conf contains
Thats using 3 of the 7 local facilities and breaks the basic functionality of syslog
- The '& ~' lines .. have been noted a deprecated for years now in preference to '& STOP'
- user.* then the & ~ ..This breaks the basic function of syslog .. /usr/bin/logger no longer logs to /var/log/messages
- The fact that you are using 3 Local Facilities and then deleting the messages for any further processing. implies that NAM is the sole application on the box .. My companies enterprise monitoring runs on local6, therefore its breaks that too
These aren't hard problems
- https://httpd.apache.org/docs/trunk/mod/mod_syslog.html Apache can easily be configured to use something other than user
- https://www.rsyslog.com/doc/v8-stable/configuration/filters.html You could prefix your messages (i.e. NAMAGW-HEADER .. then configure rsyslog to filter out ONLY the specific messages that are generated by NAM. And you could do thing and use only a single LOCAL facility, not 4.
- Update & ~ to & stop .. rsyslog have been threatening to remove support for & ~ for years
Every few months, the unix team engage me because NAM has broken syslog - It's very frustrating