1

I'm trying to redirect the output of a service program to a file, which i will later use for processing. Below are the contents of my .service file. I also tried the rsyslog approach but the syslog file (output.txt) is not created.

Description=Traffic_Analyzer

Wants=network.target
After=syslog.target network-online.target

[Service]
Type=simple
ExecStart=cmd
StandardOutput=file:abs_path/output.txt
StandardError=file:abs_path/error.txt
Restart=on-failure
RestartSec=10
KillMode=process

[Install]
WantedBy=multi-user.target

rsyslog approach

Description=Traffic_Analyzer

Wants=network.target
After=syslog.target network-online.target

[Service]
Type=simple
ExecStart=cmd
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=traffic_analyzer
Restart=on-failure
RestartSec=10
KillMode=process

[Install]
WantedBy=multi-user.target

rsyslog config

if $programname == 'traffic_analyzer' then /abs_path/output.txt

modified .service file

Description=Traffic_Analyzer

Wants=network.target
After=syslog.target network-online.target

[Service]
Type=simple
ExecStart=/home/akash/Traffic-Analyzer/sniffer
StandardOutput=file:/abs_path
StandardError=file:/abs_path
#StandardOutput=syslog
#StandardError=syslog
SyslogIdentifier=traffic_analyzer
Restart=on-failure
RestartSec=10
KillMode=process

[Install]
WantedBy=multi-user.target

Please let me know if i'm using it incorrectly.

Akash
  • 71
  • 1
  • 1
  • 8
  • What distro? Red Hat-based distros run rsyslog as root, which gives it the ability to create files anywhere that you specify (provided SELinux doesn't get in the way). Debian-based distros on the other hand drop root privileges after starting up, so you either have to pre-create files (and adjust ownership/permissions) or specify a location where the rsyslog service account (usually `syslog`) can create a new file. – deoren Jun 24 '18 at 16:35
  • hi deoren, created the file in the path and tried setting 777 as read write access, but still the logs are not created – Akash Jun 24 '18 at 17:09
  • i'm running Ubuntu 16.04.4 LTS – Akash Jun 24 '18 at 17:28
  • Are you using the version of rsyslog provided by Ubuntu or the latest from the official rsyslog PPA? – deoren Jun 25 '18 at 07:38
  • not sure, never did any explicit update of rsyslog, below is the version details rsyslogd 8.16.0, compiled with: PLATFORM: x86_64-pc-linux-gnu PLATFORM (lsb_release -d): FEATURE_REGEXP: Yes GSSAPI Kerberos 5 support: Yes FEATURE_DEBUG (debug build, slow code): No 32bit Atomic operations supported: Yes 64bit Atomic operations supported: Yes memory allocator: system default Runtime Instrumentation (slow code): No uuid support: Yes Number of Bits in RainerScript integers: 64 – Akash Jun 25 '18 at 14:19
  • Alright, so Ubuntu 16.04, stock rsyslog and presumably mostly stock rsyslog configuration. I suspect that I'm overlooking something, but searching for more information on the systemd unit options you mentioned brought me to this existing SO question: https://stackoverflow.com/questions/37585758/how-to-redirect-output-of-systemd-service-to-a-file The answer there closely mirrors what you've already attempted. Have you already checked `/var/log/syslog` and other log files? Do you see results for `sudo journalctl -u traffic_analyzer`? – deoren Jun 26 '18 at 02:21
  • Above command is working. journalctl -u traffic_analyzer -- Logs begin at Tue 2018-06-26 20:51:47 IST, end at Tue 2018-06-26 20:51:48 IST. -- Jun 27 02:20:15 xxx systemd[1]: Started traffic_analyzer.service. – Akash Jun 26 '18 at 15:23
  • i see that logs are stored in /var/log/syslog, but it even contains other process logs. I was trying to use the solutions provided in above SO question, but seems that my systemd version is older hence the new approach of specifying the log file for both standard and error output is not working.I'll use the above /var/log/syslog to filter my output. Thanks @deoren for the help – Akash Jun 26 '18 at 15:34
  • My earlier remarks were intended to figure out the baseline. It sounds like we're at a point where you can confirm that systemd is seeing the messages and passing them on to rsyslog. For the rsyslog snippet you provided, I recommend that you run `sudo rsyslogd -N2` to first make sure there are no configuration errors. Then, perhaps modify your OP to provide more context: the name of your conf fragment, whether you included the snippet you provided in the OP directly in `/etc/rsyslog.conf`, etc. – deoren Jun 26 '18 at 19:20
  • Configuration is fine i guess >> rsyslogd: version 8.16.0, config validation run (level 2), master config /etc/rsyslog.conf rsyslogd: End of config validation run. Bye. , i have modified the path in the rsyslog approach but still the logs are not directed to the required file – Akash Jun 27 '18 at 15:21
  • Do you have find any solution @Akash? – Cirelli94 Mar 18 '20 at 13:38

0 Answers0