问题描述

为了将"myapp"的日志消息写入/var/log/local5.log，我使用 SysLogHandler .

In order to write log messages of "myapp" into /var/log/local5.log, I use SysLogHandler.

"myapp"运行良好，没有错误，但未记录任何内容，/var/log/local5.log仍然为空.

"myapp" runs well, no error, but nothing gets logged, /var/log/local5.log remains empty.

日志记录配置文件的相关部分:

Relevant parts of the logging configuration file:

handlers:
    mainHandler:
        class: logging.handlers.SysLogHandler
        level: INFO
        formatter: defaultFormatter
        address: '/dev/log'
        facility: 'local5'

loggers:
    __main__:
        level: INFO
        handlers: [mainHandler]

记录测试

这是我尝试在"myapp"主脚本中编写日志的方法:

logging test

Here is how I try to write a log in the main script of "myapp":

with open('myconfig.yml') as f:
    logging.config.dictConfig(yaml.load(f))

log = logging.getLogger(__name__)
log.info("Starting")

我在/usr/lib/python3.4/logging/handlers.py中添加了一些sys.stderr.write()以查看发生了什么，然后我得到了:

I have added some sys.stderr.write() to /usr/lib/python3.4/logging/handlers.py to see what's happening and I get:

$ myapp
[SysLogHandler._connect_unixsocket()] Sucessfully connected to socket: /dev/log
[SysLogHandler.emit()] called
[SysLogHandler.emit()] msg=b'<174>2016/04/23 07:17:00.453 myapp: main: Starting\x00'
[SysLogHandler.emit()] msg sent to unix socket (no OSError)

rsyslog配置

• /etc/rsyslog.conf(相关部分；已禁用TCP和UDP系统日志接收):

  rsyslog configuration

  • /etc/rsyslog.conf (relevant parts; TCP and UDP syslog receptions are disabled):

    $ModLoad imuxsock # provides support for local system logging
    $ModLoad imklog   # provides kernel logging support
    
    [...]
    
    $IncludeConfig /etc/rsyslog.d/*.conf
    

  • /etc/rsyslog.d/40-local.conf:

    local5.*                        /var/log/local5.log
    

  根据lsof输出，看起来rsyslogd正在监听/dev/log(或者我错了吗?):

  According to lsof output, it looks like rsyslogd is listening to /dev/log (or am I wrong?):

  # lsof | grep "/dev/log"
  lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs
        Output information may be incomplete.
  rsyslogd  28044           syslog    0u     unix 0xffff8800b4b9b100       0t0    3088160 /dev/log
  in:imuxso 28044 28045     syslog    0u     unix 0xffff8800b4b9b100       0t0    3088160 /dev/log
  in:imklog 28044 28046     syslog    0u     unix 0xffff8800b4b9b100       0t0    3088160 /dev/log
  rs:main   28044 28047     syslog    0u     unix 0xffff8800b4b9b100       0t0    3088160 /dev/log
  

  由于它有点长，所以我不放置整个rsyslogd -N1输出，但是提到了本地"行:

  I don't put the whole rsyslogd -N1 output since it's a bit long, but the mentionning"local" lines:

  # rsyslogd -N1 | grep local
  rsyslogd: version 7.4.4, config validation run (level 1), master config /etc/rsyslog.conf
  3119.943361369:7f39080fc780: cnf:global:cfsysline: $ModLoad imuxsock # provides support for local system logging
  3119.944034769:7f39080fc780: rsyslog/glbl: using '127.0.0.1' as localhost IP
  3119.946084095:7f39080fc780: requested to include config file '/etc/rsyslog.d/40-local.conf'
  3119.946135638:7f39080fc780: config parser: pushed file /etc/rsyslog.d/40-local.conf on top of stack
  3119.946432390:7f39080fc780: config parser: resume parsing of file /etc/rsyslog.d/40-local.conf at line 1
  3119.946678298:7f39080fc780: config parser: reached end of file /etc/rsyslog.d/40-local.conf
  3119.946697644:7f39080fc780: Decoding traditional PRI filter 'local5.*'
  3119.946723904:7f39080fc780: symbolic name: local5 ==> 168
  3119.949560475:7f39080fc780: PRIFILT 'local5.*'
  3119.949675782:7f39080fc780:   ACTION 0x224cda0 [builtin:omfile:/var/log/local5.log]
  3119.953397587:7f39080fc780: PRIFILT 'local5.*'
  3119.953806713:7f39080fc780:   ACTION 0x224cda0 [builtin:omfile:/var/log/local5.log]
  rsyslogd: End of config validation run. Bye.
  

  我不明白我在想什么.与我使用的版本(7.4.4)匹配的 rsyslog的文档似乎已过时，我找不到我的方式.不知道这是找到解决问题方法的地方.

  I don't understand what I am missing. rsyslog's documentation matching the version I use (7.4.4) seems outdated and I can't find my way in it. Not sure that's the place to find how to fix my problem.

  • 无法定义"myapp"之类的个人"功能(即使它是在rsyslog.conf中定义的，因此我改为使用"local5".
  • It's not possible to define a "personal" facility, like "myapp" (even if it's defined in rsyslog.conf, so I changed to use the 'local5' one.

  推荐答案

  问题原因

  我终于发现我以前创建的/var/log/local5.log具有不适当的所有者和组(root:root).它们是不合适的，因为/etc/rsyslog.conf明确告诉所有者和组应该为syslog:syslog:

  Cause of the problem

  I finally found out that I previously created /var/log/local5.log with inappropriate owner and group (root:root). They were inappropriate because /etc/rsyslog.conf tells explicitely owner and group should be syslog:syslog:

  #
  # Set the default permissions for all log files.
  #
  $FileOwner syslog
  $FileGroup adm
  $FileCreateMode 0640
  $DirCreateMode 0755
  $Umask 0022
  $PrivDropToUser syslog
  $PrivDropToGroup syslog
  

  不幸的是，其他的日志文件rsyslog应该也要照顾(例如auth.log)也是root:root，因此，从ls -lah来看，我的日志文件与其他文件没有什么不同……(什么也为空) ，我想知道为什么默认情况下会安装这样的非功能性配置.

  Unfortunately, the other log files rsyslog should take care of (like auth.log) were also root:root, so, seen from ls -lah, mine was not different from others... (what are also empty, I wonder why such a non-functional configuration is installed by default).

  不幸的是，rsyslog不会记录任何错误(或者至少我没有在哪里找到).

  Unfortunately, rsyslog does not log any error (or at least I haven't found where).

  作为旁注，rsyslog希望收到的消息采用特殊格式，如果没有，则默认情况下会添加一些信息(时间戳主机名).可以修改它们.无论如何，从我的python脚本中，我决定只将消息发送到日志，并让rsyslog格式化输出.因此，最后，我的日志记录配置文件的相关部分是:

  As a side note, rsyslog expects a special format for the messages it gets, and if it doesn't, it adds some informations, by default (timestamp hostname). It's possible to modify them. Anyway, from my python script, I decided to only send the message to log and let rsyslog format the output. So finally, the relevant parts of my logging configuration file are:

  formatters:
      rsyslogdFormatter:
          format: '%(filename)s: %(funcName)s: %(message)s'
  
  handlers:
      mainHandler:
          class: logging.handlers.SysLogHandler
          level: INFO
          formatter: rsyslogdFormatter
          address: '/dev/log'
          facility: 'local5'
  
  loggers:
      __main__:
          level: INFO
          handlers: [mainHandler]
  

  然后我在/etc/rsyslog.conf中添加了自定义模板:

  And I added a customized template in /etc/rsyslog.conf:

  $template MyappTpl,"%$now% %timegenerated:12:23:date-rfc3339% %syslogtag%%msg%\n"
  

  ，并相应地修改了/etc/rsyslog.d/40-local.conf:

  local5.*                        /var/log/local5.log;MyappTpl
  

  我还想提到匹配软件包(对于ubuntu是rsyslog-doc)提供的文档，当然与安装的版本匹配，并且提供了我在在线文档中找不到的提示.

  I also want to mention that the documentation provided by the matching package (rsyslog-doc for ubuntu) matches the installed version, of course, and provides hints I hadn't found in the online documentation.

  这篇关于如何配置rsyslog与SysLogHandler日志记录类一起使用?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！