Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [rsyslog]

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

It consists of an open source project with commercial addons such as the ability to log Windows events, as well as available support contracts.

681 questions
2
votes
0 answers

having trouble with rsyslog forward and include origin IP or iptables mirror while using ufw

How do i get rsyslog to mirror traffic unmodified (including origin IP) to another port? I have many devices sending data into port 514 but i need two different applications on the server to receive that data. I tried adding the following to the…
jtlindsey
  • 323
  • 1
  • 6
  • 16
2
votes
1 answer

can the log.file of rsyslog impstats module be limited by size?

I am using rsyslog 8.2.0, and logging rsyslog's own impstats output to a file. I could not find reference to it - is it possible to limit its size? It could get quite large in a system that runs for a long time...
Neomi
  • 23
  • 3
2
votes
1 answer

Logrotate: glob finding old rotated logs failed

I am having problems with logrotate. The configuration is the following /var/log/cron /var/log/maillog /var/log/messages /var/log/secure /var/log/spooler /var/log/unused.log /var/log/kern.log /var/log/daemon.log { #Modified by CGSL! …
AndresM
  • 39
  • 1
  • 1
  • 5
2
votes
1 answer

logrotate doesn't seems to work as expected

Below is my log rotation configuration for /var/log/messages. /var/log/messages { rotate 4 size 100M missingok notifempty compress delaycompress sharedscripts postrotate ifconfig eth0 | grep 'Device not found'…
codingfreak
  • 591
  • 1
  • 7
  • 15
2
votes
1 answer

Rsyslog, exclude logs

i have a custom daemon that gives logs to rsyslog facility "local1" with two security levels - "info" and "debug". I need to write "info" logs to /var/log/info and "debug" logs to /var/log/debug. I edited rsyslog.conf local1.*;local1.debug …
user511890
  • 23
  • 1
  • 4
2
votes
1 answer

rsyslog - separate local and remote logs

I want to use rsyslog to capture events from SANs, routers and such. (This will be forwarded to kafka and ultimately elasticsearch) So far - this is working fine. I have this configured in a config file in /etc/rsyslog.d What's not working is that…
ethrbunny
  • 2,369
  • 4
  • 41
  • 75
2
votes
1 answer

What is the meaning of these HAProxy configuration lines?

I've seen several examples (see below) of HAProxy logging configuration that all look like this: /etc/haproxy/haproxy.cfg global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy ... If I…
augurar
  • 267
  • 2
  • 12
2
votes
1 answer

IPVS (keepalived) doesn't balance UDP connections

I have two load balancer with Debian 8 and three Graylog server with Debian 9. Every server in my network sends logs via rsyslog to a virtual server configured on the LB. The connection is UDP. The problem is that the packets are not balanced. (all…
mirobertod
  • 131
  • 1
  • 3
2
votes
1 answer

How to use "global variables" in rsyslogd v8?

The documentation for the "mmsequence" plugin for rsyslog 8.16.0 says: This module is deprecated in v8 and solely provided for backward compatibility reasons. It was written as a work-around for missing global variable support in v7. Global…
the.jxc
  • 173
  • 1
  • 1
  • 7
2
votes
1 answer

Rsyslog - forward via HTTP post

I am trying to setup log forwarding to log management service. Service is accepting log messages via HTTP calls. Using debian 8 and rsyslog 8.4.2 URL of the endpoint is http://relay.errlog.io/api/v1/log I have added the following to…
stkxchng
  • 131
  • 2
2
votes
1 answer

How to debug the Rsyslog error "NO state file (/path/to/statefile) exists for /path/to/log"?

A brief description of my set-up: I have 11 Docker containers in a Docker Compose single-server configuration. Some of these containers produce logs, which I write to (mostly individual) on-host volumes. This results in eight log files, which are…
halfer
  • 161
  • 1
  • 5
  • 25
2
votes
1 answer

How to edit sending messages with Rsyslog?

I have a rsyslog server that sends messages. I wonder, is it possible that I can edit any of the data I forward? In other words, one of the logs I send includes the following information: <13>Nov 29 08:00:00 localhost CEF: 0|212|656|1|1|Bot Access…
xav
  • 153
  • 2
  • 5
2
votes
0 answers

Rsyslog : Setting a log field using Rainerscript

There are logs coming from a program (namely supervisord) entering rsyslog. Their message starts with " real-program-name rest of the message", and I'm trying to: Set the programname to real-program-name instead of supervisord Remove the…
Joachim Jablon
  • 131
  • 3
2
votes
0 answers

Rsyslog doesn't process log queue from disk

We're running rsyslogd on CentOS 6. We have log forwarding to a central server but the connection was broken due to missing certificates. Now we have processing working again but we have almost 1G of fwdLog1.00000xxx files. Even after restarting…
Kristofer
  • 301
  • 1
  • 3
  • 12
2
votes
1 answer

Is it possible to flush rsyslog?

I'm using the unix logger command to send a log to syslog. But it takes way too long on some machines to get to file. Is it possible to flush rsyslog so that it writes to disk faster.
devinov
  • 153
  • 1
  • 6
1 2 3
45 46