Questions tagged [centralized-logging]
37 questions
1
vote
0 answers
Event Viewer works but logparser fails?
So, my Log Parser Query fails and states that the remote procedure call failed.
However, I am able to connect using the Event Viewer (which I hate); what does the event viewer use to connect that the log parser does not?
C:\Program Files (x86)\Log…
leeand00
- 4,869
- 15
- 69
- 110
1
vote
1 answer
How to make systemd journal remote use hostname instead of IP address?
I do have one log server which runs systemd journal remote software to receive journal entries from remote hosts via systemd journal upload. This works fine. The only trouble that I have is that the journal names in /var/log/journal/remote are named…
antonio amaddio
- 11
- 3
1
vote
1 answer
Auditd not sending logs to centralized auditd log server
We have set up centralized logging of auditd messages for two machines:
machine (www22.domain.com) is the source (centos8)
machine (cls.domain.com) is the centralized log server (centos7)
This was done in the standard way using auditd+audisp…
Ján Lalinský
- 282
- 1
- 11
1
vote
0 answers
Rsyslog Filter in Ruleset
I want to create a central rsyslog server, and I want to create a file per type of log received. I need a filter that will look for specific strings in the incoming messages and then place them in the seperate log files.
So if I see a log from a…
GrowlerJohnson
- 11
- 2
1
vote
2 answers
Why is a labels stage in my Promtail's ingestion pipeline without effect?
This is a part of my Promtail scrape configuration on various hosts to collect journald log entries to a Loki instance:
- job_name: journald
journal:
labels:
job: journald
relabel_configs:
- source_labels:
-…
funky-future
- 197
- 1
- 11
1
vote
1 answer
Auditd not sending to remote central server
I'm setting up a central server using rsyslog and auditd on CentOS 8. I was following this guide on how to send remote audit logs to my central server.
Note: instead of going to /etc/audisp/, these
files can be found on /etc/audit/ instead.
So I…
Gwynn
- 13
- 6
1
vote
0 answers
Disable Microsoft Office Telemetry not working properly. Data Logging Locations very confusing
Due to the Data Privacy regulations in our Country we have been asked by management to disable Microsoft Office Pro Plus, 365, 2016 from sending Telemetry Data to Microsoft so i did the following as stated on the official website…
john zuh
- 51
- 1
- 6
1
vote
1 answer
Rsyslog not sending buffered messages
My requirement is to log all messages on the remote machine. In order to achieve the goal I have two identical versions of rsyslog (rsyslogd 8.1901.0 (aka 2019.01)) on both machines (server: 192.168.122.12 and client: 192.168.122.13).
Besides, if…
Michael
- 61
- 1
- 3
0
votes
1 answer
Kubernetes + CRI-O + Fluent-Bit
We like to use the EFK stack for centralised logging of containers running in Kubernetes with CRI-O.
The recommended DaemonSet looks like this:
kind: DaemonSet
metadata:
namespace: logging
name: fluent-bit
labels:
component:…
chrstnwhlrt
- 325
- 6
- 15
0
votes
0 answers
Can I use netcat for centralized logging?
I have multiple Apache servers and I want to centralize their access logs. I wonder if I can use named pipes and netcat for that, however I am afraid that 2 things may happen:
The central log will be unreadable because if 2 servers happen to write…
raxbg
- 1
0
votes
1 answer
Logrotate with `copytruncate` "data loss" - is it serious?
Manpage of logrotate claims that using copytruncate option leads to "a very small time slice between copying the file and truncating it, so some logging data might be lost". Is it actually relevant in real world scenarios?
I'm using logrotate…
Lapsio
- 363
- 1
- 5
- 15
0
votes
1 answer
Can't get Freeradius2 to send logs to syslog-ng version 3.5
I have a Syslog-ng 3.5 and freeradius2 Ubuntu server 16.04 both running as virtual machines in a vmware esxi 5.5 HYpervisor.
Well from a previous post I got sylog-ng to send logs from /var/log/fereradius/radius.log directory to a remote syslog-ng…
Eddy
- 7
- 2
- 10
0
votes
1 answer
Sending sssd.log to syslog
How do I configure SSSD to send sssd.log logs to syslog? I would like to include the DEBUB SSSD logs as well. We would like to feed the sssd logs to Splunk. Our systems are already configured to send syslog to Splunk Security Module. So we would…
Saqib Ali
- 428
- 2
- 7
- 21
0
votes
1 answer
Searching Lync Centralized Logging Using Time
This is my first attempt to use the Centralized Logging Service to try to generate some logs for a problem a user is having, so perhaps I'm not doing something right. I'm using the commands below to start, stop and search the CLS, but every time I…
Martin
- 133
- 2
- 9
0
votes
1 answer
syslog clipping for particular applications
I have a few particular applications that are causing a LOT of logs in my syslog server. I would like to keep all of their logging in /var/log/messages or somewhere on the server, but I am trying to find a way to only send syslog messages to the…
JustNobody30
- 21
- 1
- 1
- 4