rsyslog not working when started from systemctl
Hi all,
I configured rsyslog to write facilities local1 to 7 to custom files. When I run rsyslogd manually, it works great. When I run it using systemctl start rsyslog, nothing gets logged.
I'm sure it's a permission/environment problem, but I haven't been able to crack it. Any ideas?
Thank you,
Dan
Responses
When started through systemctl, rsyslog is most likely started in a more restricted SELinux context, so if your custom files don't have appropriate SELinux labels, it will fail. When you run it manually, it runs in an unrestricted context similar to your regular processes, so you won't see the problem then.
Use ls -Z /var/log to see the SELinux labels on the standard log files, and apply similar labels to your custom logfile. Depending to where your log files are located, you may also have to label the directory the files are located in.
Remember to use "semanage fcontext" to make the new labels persistent across SELinux relabelings; "chcon" may be easier for changing the labels right now, but omitting the "semanage fcontext" will bite you in the back when "restorecon" is run for any reason.
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html
Yes, SElinux would strike me in the first look as Matti mentioned earlier. Better if you could replicate the same on non-production setup and test. Please post details about your rsyslog.conf file, may be good if you could paste the complete rsyslog.conf file along with "ls-Zl " run on those custom log files that you had created under /var.. Also, tell us more about how/what steps you had tried to test in manual mode. So that the community would help you.....
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
