rsyslog duplicit configuration
I'm switched from Debian to Mint (Ubuntu based) with my workstation. I have a lot of remote syslog custom definitons files in /etc/rsyslog.d/, so I simply copy them into a linux mint, and check using "rsyslogd -N1", all was OK
Couple days later I found a serious amount of logs in my /var/log/syslog, which should be (and are) parsed and stored by my custom definitions, but then message processing should be stopped, and it is not for some reason.
After short investigation, I found an extra file /etc/rsyslog.
This extra file is NOT MENTIONED in package rsyslog anyway - see "dpkg -L rsyslog" output, and also "dpkg -S /etc/rsyslog.
A bit unexpected behaviour IMHO
Normally, rsyslog.d/*.conf custom definition are parsed before rest of default definitions at the end of rsyslog.conf, but this file change the rule order (to make them duplicit by some unknown reason)
So, I suggest You to repair package descriptions to mention this file existence, better to remove this useless 50-default.conf, or at least mention his existence somewhere in rsyslog.conf before conf.d/*.conf file inclusion, or maybe rename this file to zzz-useless-
Could You, please, spare user's time and frustration from this strange and odd Ubuntu specific rsyslog behaviour ?
Debian and Redhat distributions not crippling rsyslog confioguration that way.
Question information
- Language:
- English Edit question
- Status:
- Answered
- For:
- Ubuntu Edit question
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
Can you help with this problem?
Provide an answer of your own, or ask Mad Loki for more information if necessary.