Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [rsyslog]

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

It consists of an open source project with commercial addons such as the ability to log Windows events, as well as available support contracts.

681 questions
3
votes
2 answers

named stopped logging to rsyslog after logs rotate

CentOS 6.2, bind 9.7.3, rsyslog 4.6.2 I recently set up a server, and I noticed that named had stopped logging to /var/log/messages after the logs had rotated. I thought that was odd, since all logging happens through rsyslog and named doesn't…
tomlogic
  • 330
  • 3
  • 13
3
votes
2 answers

RSyslog does not work with a log file located outside of /var/log

I am unable to get rsyslog to write to a log file located in a directory other than /var/log. The server is RHELS 5.6 and for the most part with a default configuration. Other than the rsyslog specific changes (rules added to iptables, etc.) It…
MikeCompSciGeek
  • 33
  • 1
  • 1
  • 4
3
votes
2 answers

pptpd on Debian doesn't write any logs

I'm trying to set up PPTP server with Debian Squeeze. The problem is nothing is being written in the logs (neither in messages nor in debug nor in daemon.log) though debug and dump options are set. The only line I get after pptpd restart is: # tail…
HUB
  • 6,630
  • 3
  • 23
  • 22
3
votes
1 answer

Most functional log analysis tools?

I am curious as to what others find to be the most useful log analysis tools for *nix. Presently I am simply tailing output and grepping through things, however I'd like to use something that would be more feature full. In this case I'm watching…
ylluminate
  • 1,155
  • 2
  • 17
  • 35
3
votes
4 answers

rsyslog or a similar distributed logging standard, for Windows?

I have a bunch of Windows Servers that run a bunch of apps, that log into local text files. I want to aggregate these text files into a centralized log server, where I can search them. Building something like that is trivial, but before reinventing…
Michael Stum
  • 4,050
  • 4
  • 36
  • 50
3
votes
3 answers

Filtering bad requests from Apache -> logger -> rsyslog to syslog-ng on a remote logging server possible?

EDIT: Thanks for the help Here is a quick idea of the setup: webserver X In apache httpd.conf: LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vcombined CustomLog "|/usr/bin/logger -p local6.info -t access " vcombined In…
zeyus
  • 33
  • 1
  • 7
3
votes
1 answer

rsyslog server - Can you split up and organize logs?

I recently setup one of our servers as an rsyslog server. I now have our firewall setup to log everything to that rsyslog server. But there doesn't seem to be an organization of the logs. All the firewall logs are just being dumped into the…
Jake Wilson
  • 8,814
  • 29
  • 97
  • 125
3
votes
1 answer

SELinux is preventing in:imjournal from unlink accesses on the file imjournal.state

I have a problem on Fedora 36 with rsyslog, selinux and /var/log/messages components. As you can see: AVC avc: denied { unlink } for pid=XXX comm="in:imjournal" name="imjournal.state" dev="XXX" ino=654207 scontext=system_u:system_r:syslogd_t:s0…
bugmeu
  • 31
  • 2
3
votes
2 answers

Sending remaining network traffic with RSYSLOG to specific file

I'm trying to concentrate logs from multiple equipments from multiple clients on my RSYSLOG server. My server runs on Debian 11 with RSYSLOG v8.2102 The configuration is quite simple at the moment: I've simply allowed UDP and TCP connections in…
Cool34
  • 53
  • 4
3
votes
1 answer

rsyslog filter not working

I am on debian 10 and I'm trying to do a very simple thing with rsyslog : I would like to redirect all logs from a particuliar docker container into a log file. I set a tag to my docker container, and the log driver to "syslog" so now, in my…
Flyerjet
  • 73
  • 5
3
votes
1 answer

pam_unix generates a lot of open/close sessions for my domain user

I setup a new VPS with ubuntu 18.04, including virtualmin/usermin. In auth.log I see a lot of su[12936]: Successful su for domain by root su[12936]: + ??? root:domain systemd-logind[148]: New session c315 of user domain . su[12936]:…
Amos
  • 257
  • 3
  • 4
  • 10
2
votes
1 answer

rsyslog template stop ignored

I try to configure get my template for remote logging working but the stop statement is ignored and everiting is logged duplicate in the syslog and in my generated file %programname%.log. I want the incoming messages only logged in…
Jarne
  • 25
  • 1
  • 9
2
votes
0 answers

Logstash to aggregate logs into ElasticSearch

I am trying to aggregate linux logs using rsyslog into Logstash/ElasticSearch running in EKS. filebeat is already running in EKS to aggregate Kubernetes container logs. I have configured rsyslog client with…
roy
  • 119
  • 1
  • 2
  • 15
2
votes
1 answer

Writing MongoDB logs to a remote logging server

I am trying to forward MongoDB logs from several remote servers to a central logging server. To do this, I changed my mongod.conf files to use syslog like so: systemLog: destination: syslog syslogFacility: local3 I then configured rsyslog to…
Charlie B.
  • 23
  • 4
2
votes
1 answer

rsyslog ommail to localhost postfix

Is it possible to use the ommail module that comes with rsyslog to send email through a local postfix install. I use gmail as my smtp and ommail doesn't do authentication. Will using something like the following in an rsyslog .conf file…
steveH
  • 148
  • 2
  • 6
1 2 3
45 46