Problem

I am unable to write to a different log than the default one using syslog. I am unsure if maybe my app name is wrong in my configuration. Do "program name" and "process name" not mean the same thing? If not, how can I find my program name in Python 3.6?

Attempted

I have written a small application in Python 3.6. I am already successfully writing to a common syslog file in CentOS 7 at /var/log/messages with it. If I open that file, I can see my entries.

If I run ps aux | grep myappname, the process name is listed as python myappname.py.

I have created a file at /etc/rsyslog.d/00-myconfig.conf which contents are:

if $programname contains 'myappname' then /home/user/test_log.log
& ~

I have restarted the process with sudo systemctl restart rsyslog.

I have run rsyslogd -N1 which gives me a deprecation warning about my use of ~ in my config, proving that the config is being recognized. I have tried removing that line as I am not sure what it does, but that does not help either.

I can confirm that the entries are still being written to /var/log/messages. The entries are not going up in smoke.

As syslog does not include the appname in a log naturally, you need to add it yourself when creating a log message. Here an example using the Linux logger command with --tag.

logger --tag="myappname" "Some message"

So before adjusting anything, check if yourrsyslog.conf includes your files from /etc/rsyslog.d/ (because they get checked even if you do not include them in your rsyslog.conf.

# Include all config files in /etc/rsyslog.d/
include(file="/etc/rsyslog.d/*.conf")

If the error persists, then your query has to be adjusted. The easiest way to do this, is using property-based filters.

:syslogtag, isequal, "myappname" /var/log/test_log.log&~*.* /var/log/messages

The config checks if myappname equals the hostname in the log. If so, it is written to test_log.log. The next line (&~) then discards all messages that have been written. Thus, no additional rules will be applied to these messages. As such, they will not be written to /var/log/messages.

Important Note: When using the compare operation isequal, the two values that are compared must be exactly equal (case-sensitive) to match. See the rsyslog documentation for more information on property-based filters.

P.S. Checkout this post for further explanation on what &~ means in rsyslog.