Project

General

Profile

Actions

Bug #13175

closed

rudder agent log files content in user facility

Added by tim c over 6 years ago. Updated over 2 years ago.

Status:
Released
Priority:
N/A
Category:
Generic methods
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
Fix check:
Regression:

Description

Information about environement:

  • OS: Debian 9.5 and 8.11
  • syslog-ng version: 3.8 and 3.5
  • Rudder agent version: 4.3.3

When a « File content » directive run on a node, file content is logged in syslog-ng.

For example (syslog-ng trace) :

Aug  8 10:49:06 hostname syslog-ng[2552]: Incoming log entry; line='dummy line in a configuration file'

Aug  8 10:49:06 hostame syslog-ng[2552]: Filter rule evaluation begins; rule='f_syslog3', location='/etc/syslog-ng/syslog-ng.conf:131:19'
Aug  8 10:49:06 hostame syslog-ng[2552]: Filter node evaluation result; result='match', type='facility'
Aug  8 10:49:06 hostame syslog-ng[2552]: Filter node evaluation result; result='not-match', type='level'
Aug  8 10:49:06 hostame syslog-ng[2552]: Filter node evaluation result; result='not-match', type='AND'
Aug  8 10:49:06 hostame syslog-ng[2552]: Filter node evaluation result; result='match', type='filter(f_debug)'
Aug  8 10:49:06 hostame syslog-ng[2552]: Filter node evaluation result; result='match', type='AND'
Aug  8 10:49:06 hostame syslog-ng[2552]: Filter rule evaluation result; result='match', rule='f_syslog3', location='/etc/syslog-ng/syslog-ng.conf:131:19'

Aug  8 10:49:06 hostame syslog-ng[2552]: Filter rule evaluation begins; rule='f_user', location='/etc/syslog-ng/syslog-ng.conf:132:16'
Aug  8 10:49:06 hostame syslog-ng[2552]: Filter node evaluation result; result='match', type='facility'
Aug  8 10:49:06 hostame syslog-ng[2552]: Filter node evaluation result; result='not-match', type='level'
Aug  8 10:49:06 hostame syslog-ng[2552]: Filter node evaluation result; result='not-match', type='AND'
Aug  8 10:49:06 hostame syslog-ng[2552]: Filter node evaluation result; result='match', type='filter(f_debug)'
Aug  8 10:49:06 hostame syslog-ng[2552]: Filter node evaluation result; result='match', type='AND'
Aug  8 10:49:06 hostame syslog-ng[2552]: Filter rule evaluation result; result='match', rule='f_user', location='/etc/syslog-ng/syslog-ng.conf:132:16'

Aug  8 10:49:06 hostame syslog-ng[2552]: Filter rule evaluation begins; rule='f_messages', location='/etc/syslog-ng/syslog-ng.conf:119:20'
Aug  8 10:49:06 hostame syslog-ng[2552]: Filter node evaluation result; result='match', type='level'
Aug  8 10:49:06 hostame syslog-ng[2552]: Filter node evaluation result; result='match', type='facility'
Aug  8 10:49:06 hostame syslog-ng[2552]: Filter node evaluation result; result='match', type='AND'
Aug  8 10:49:06 hostame syslog-ng[2552]: Filter rule evaluation result; result='match', rule='f_messages', location='/etc/syslog-ng/syslog-ng.conf:119:20'

At the moment we have created a syslog-ng rule to redirect every lines coming from user facility to /dev/null but is not convenient because some applications use this facility too.

If you need our syslog-ng configuration tell us.


Related issues 1 (0 open1 closed)

Related to Rudder - Bug #13608: file enforce content log file content which can have private infoReleasedVincent MEMBRÉActions
Actions

Also available in: Atom PDF