You are using the wrong syntax, you have to use ";" as a delimiter.
This worked for me:
*.*;mail.none;mail.error;auth,authpriv.none -/var/log/syslog
You need to restart rsyslog after the changes. Reloading isn't enough.
SELinux will prevent processes that are labeled syslogd_t
to write to files that are (probably) labeled default_t
. You need to label the file with something syslogd_t
can write to. Files in /var/log
are mostly labeled var_log_t
, a type syslogd_t
can surely write to.
You should not just relabel the files in /Testing
to var_log_t
, because that's bound to break at some point, when somebody executes an autorelabel at the next boot or runs restorecon -FvR /
.
Instead, write a little policy that automatically and consistently labels your files in /Testing
. Something to get your started. Your policy file could look similar to this:
/Testing(/.*)? -- gen_context(system_u:object_r:var_log_t)
SELinux policy writing however, is a tad tricky. Which is why you should put stuff at the default location for that stuff.
However, I personally feel that logging should really go into /var/log
. It's there for a reason. No matter how good you think your reason is for writing to /Testing
, it's probably better to write to something like /var/log/testing
.
Edit: no, no, no, no, no. That won't do. That was silly. You do not want to write a policy to allow syslogd_t
to write to var_log_t
, because that is already allowed by the default policy. You need to write filecontext rules (a .fc file), like my new snippet above, to label /Testing
as var_log_t
if you must...
Best Answer
There is no such option for querying rsyslog config, see the rsyslogd(8) man page and that's why you can't find anything.
If you want to check rsyslog config, you may use the following command:
See deatils here: http://www.rsyslog.com/doc/v8-stable/troubleshooting/troubleshoot.html#configuration-problems
Or you can use debugging, here is How to use debug on demand