Idea ID: 2831979

Fix the syslog implementation for access manager

Status : New Idea
9 months ago

With Analytics installed the gateway server's /etc/rsyslog.d/nam.conf contains

local0.* @@10.1.2.3:1468;ForwardFormat
& ~
user.* -/var/log/novell-apache2/error_log
& ~
local6.* -/var/log/novell-apache2/httpheaders
& ~
local5.* -/var/log/novell-apache2/soapmessages
& ~

Thats using 3 of the 7 local facilities and breaks the basic functionality of syslog

  • The '& ~' lines .. have been noted a deprecated for years now in preference to '& STOP'
  • user.* then the & ~ ..This breaks the basic function of syslog .. /usr/bin/logger no longer logs to /var/log/messages
  • The fact that you are using 3 Local Facilities and then deleting the messages for any further processing. implies that NAM is the sole application on the box .. My companies enterprise monitoring runs on local6, therefore its breaks that too

These aren't hard problems

  1. https://httpd.apache.org/docs/trunk/mod/mod_syslog.html Apache can easily be configured to use something other than user
  2. https://www.rsyslog.com/doc/v8-stable/configuration/filters.html You could prefix your messages (i.e. NAMAGW-HEADER .. then configure rsyslog to filter out ONLY the specific messages that are generated by NAM. And you could do thing and use only a single LOCAL facility, not 4.
  3. Update & ~ to & stop .. rsyslog have been threatening to remove support for & ~ for years

Every few months, the unix team engage me because NAM has broken syslog - It's very frustrating

 

 

 

 

Labels:

Supported Platforms
Installation-Deployment
Configuration