Hello community,
I tried to replace the default logging daemon (I think it is logd?) from OpenWRT with rsyslog, which I am way more familiar configuring with.
However, I have the strong feeling, that not all messages are processed from rsyslogd - for whatever reason that is.
Quick example:
- I configured rsyslogd to log all auth and authpriv messages to /var/log/auth/auth.log
-> This looks like this: auth,authpriv.* /var/log/auth/auth.log - When I login using SSH, this naturally generates some authpriv messages, which should correctly be logged into /var/log/auth/auth.log
-> These look like so: Fri Feb 15 18:30:01 2019 authpriv.info dropbear[1668]: Child connection from IP:61068
So far so good, but I am unable to find these messages anywhere (not in auth.log nor in the configured syslog (/var/log/sys/syslog)) - but for some strange reason I can see them via logread ..
Why is it like that? Am I totally missing something?!
What I try to achieve is a replacement of the default logging mechanism with rsyslogd.
Isn't it that simple as installing and configuring rsyslogd or am I missing some important steps here?
BTW: rsyslogd claims everything is configured properly (run it with -N1 -d [configuration check with debugging enabled]), so I doubt the reason is rsyslogd somehow
Thanks alot!
Regards,
Steffen