Am 13.11.23 um 10:13 schrieb Bhasker C V:
> I forgot to answer the question on why I am doing this
> I am experimenting on a no-log system where there is no writes
> what-so-ever to /var/log (except for mails) or systemd journal
> (currently kept volatile)
> /tmp/ is tmpfs mounted
> Attached is the rsyslog config as-it-is being used now.
>
With the attached rsyslog.conf, disabling PrivateTmp makes rsyslog log
to /run/server.log correctly (verified locally).
I can only assume you didn't follow my instructions properly.
Please make sure after following my instruction that you have afterwards
# systemctl show -P PrivateTmp rsyslog.service
no
Btw, for your use case, a subdirectory in /run would be more suitable,
like say /run/syslog/.
Also, you currently have
*.* -/tmp/server.log
*and*
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,audit,news.none -/tmp/server.log
This doesn't make any sense.
This will basically duplicate the log messages in /tmp/server.log and
interleave them.
Either you split up the logs facilities and log them to separate files
or you only keep a single log rule like
*.* -/tmp/server.log
which simply logs everything to /tmp/server.log