rsyslog not working when started from systemctl

Latest response

Hi all,

I configured rsyslog to write facilities local1 to 7 to custom files. When I run rsyslogd manually, it works great. When I run it using systemctl start rsyslog, nothing gets logged.

I'm sure it's a permission/environment problem, but I haven't been able to crack it. Any ideas?

Thank you,
Dan

Responses

When started through systemctl, rsyslog is most likely started in a more restricted SELinux context, so if your custom files don't have appropriate SELinux labels, it will fail. When you run it manually, it runs in an unrestricted context similar to your regular processes, so you won't see the problem then.

Use ls -Z /var/log to see the SELinux labels on the standard log files, and apply similar labels to your custom logfile. Depending to where your log files are located, you may also have to label the directory the files are located in.

Remember to use "semanage fcontext" to make the new labels persistent across SELinux relabelings; "chcon" may be easier for changing the labels right now, but omitting the "semanage fcontext" will bite you in the back when "restorecon" is run for any reason.

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html

I agree here.

It may be worth to switch SELinux to permissive mode to see if rsyslog works and and catch the audit messages to alter the settings later.

//Zdenek

Yes, SElinux would strike me in the first look as Matti mentioned earlier. Better if you could replicate the same on non-production setup and test. Please post details about your rsyslog.conf file, may be good if you could paste the complete rsyslog.conf file along with "ls-Zl " run on those custom log files that you had created under /var.. Also, tell us more about how/what steps you had tried to test in manual mode. So that the community would help you.....

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.