search

winstonjs / winston-syslog

A syslog transport for winston
http://github.com/winstonjs/winston-syslog
MIT License
138 stars 119 forks source link

Unable to change Destination via Syslog Configuration #172

Open linus-komnick opened 2 years ago

linus-komnick commented 2 years ago

I'm trying to write all logs of my broker.js node application to /var/log/broker.log. In my syslog config file (/etc/rsyslog.conf), I do as stated in the documentation:

source tcp_s {
  tcp(ip(127.0.0.1) port(514) max-connections(256));
};
destination broker {
  file("/var/log/broker.log");
};
log { source(tcp_s); destination(broker); };

However, when I restart syslog I get the following error:

Feb 10 19:50:27 v2202012135155134936 systemd[1]: Starting System Logging Service...
Feb 10 19:50:27 v2202012135155134936 rsyslogd[4756]: action 'source' treated as ':omusrmsg:source' - please use ':omusrmsg:source' syntax instead
Feb 10 19:50:27 v2202012135155134936 rsyslogd[4756]: error during parsing file /etc/rsyslog.conf, on or before line 73: warnings occured in file 
Feb 10 19:50:27 v2202012135155134936 systemd[1]: Started System Logging Service.
Feb 10 19:50:27 v2202012135155134936 rsyslogd[4756]: action 'tcp_s' treated as ':omusrmsg:tcp_s' - please use ':omusrmsg:tcp_s' syntax instead, '
Feb 10 19:50:27 v2202012135155134936 rsyslogd[4756]: error during parsing file /etc/rsyslog.conf, on or before line 73: warnings occured in file 
Feb 10 19:50:27 v2202012135155134936 rsyslogd[4756]: error during parsing file /etc/rsyslog.conf, on or before line 73: syntax error on token '{'
Feb 10 19:50:27 v2202012135155134936 rsyslogd[4756]: could not interpret master config file '/etc/rsyslog.conf'. [v8.1901.0 try https://www.rsysl
Feb 10 19:50:27 v2202012135155134936 rsyslogd[4756]: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd.  [v8.1901.
Feb 10 19:50:27 v2202012135155134936 rsyslogd[4756]:  [origin software="rsyslogd" swVersion="8.1901.0" x-pid="4756" x-info="https://www.rsyslog.c

It looks like something is wrong with the syntax, but I don't know where I can find the correct syntax. Does anybody know how to fix this? Thx in advance!

linus-komnick commented 2 years ago

I'd still be interested in the correct syntax! Though for now, I ended up using the following in /etc/rsyslog.conf: 

local0.*                        -/var/log/broker.log

And since I'm using docker, I had to make sure to add the following to the run command:

--log-opt syslog-facility=local0

Or alternatively update /etc/docker/daemon.json with the desired facility:

{
  "log-driver": "syslog",
  "log-opts": {
    "syslog-address": "tcp://127.0.0.1:514",
    "syslog-facility": "local0"
  }
}

This will require you to restart docker:

systemctl restart docker