rsyslog is not logging for local and remote messages

Solution Verified - Updated -

Issue

  • It doesn't generate any logs when using the following configuration in /etc/rsyslog.conf
$ModLoad imuxsock.so
$ModLoad imklog.so
$ActionFileDefaultTemplate      RSYSLOG_TraditionalFileFormat

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
#*.info;mail.none;authpriv.none;cron.none                /var/log/messages
if \
        $source == 'localhost' \
        and \
               $syslogseverity <= '6' \
        and ( \
                        $syslogfacility-text != 'mail' \
                and \
                        $syslogfacility-text != 'authpriv' \
                and \
                        $syslogfacility-text != 'cron' \
        ) \
then    /var/log/messages

# The authpriv file has restricted access.
#authpriv.*                                              /var/log/secure
if \
        $source == 'localhost' \
                and \
        $syslogfacility-text == 'authpriv' \
then    /var/log/secure
  • By checking tcpdump, it confirms that the messages coming in

Environment

  • Red Hat Enterprise Linux 6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content