Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [rsyslog]

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

It consists of an open source project with commercial addons such as the ability to log Windows events, as well as available support contracts.

681 questions
2
votes
0 answers

Tomcat 8.5 Log To Syslog

I have found a tutorial for logging from tomcat to syslog using log4j: https://www.badllama.com/content/tomcat-7-logging-syslog-log4j Sadly this doesn't work anymore in tomcat 8.5. As stated in the comments of the documentation. Support for log4j…
BenjaminH
  • 121
  • 2
2
votes
2 answers

Missed kernel messages

On a CentOS 7.2 server I am trying to dump the kernel stack trace using echo t> /proc/sysrq-trigger. Some of the stack traces are not getting logged. I see the following error in /var/log/messages. Jul 5 13:54:51 glusterfs1 journal: Missed 14295…
Ramachandra Reddy Ankireddypal
  • 21
  • 1
  • 2
2
votes
1 answer

Can rsyslogd use /etc/hosts file instead of DNS?

I have a problem with rsyslogd using DNS to PTR-resolve each remote host's name. Is there a way to use the '/etc/hosts' to do same job and disable resolution using DNS?
dzhivkov
  • 21
  • 3
2
votes
2 answers

auth, user and other logs are empty

I've a problem since the ssh logins and other info are not logged under /var/log/* (especially auth.log) I've been reading all the questions here and there, but the configuration seems to be fine, the permission is set correctly, and I'm cross…
EsseTi
  • 255
  • 3
  • 13
2
votes
3 answers

Forwarding logs from rsyslog to graylog over tls

I'm trying to forward logs from rsyslog to graylog over tls. rsyslog configuration: # make gtls driver the default $DefaultNetstreamDriver gtls # # # certificate files $DefaultNetstreamDriverCAFile…
Zombaya
  • 123
  • 1
  • 5
2
votes
1 answer

How to call template so rsyslog 8 creates one log file per client

I'm using rsyslog 8.22 to receive syslog data sent from client hosts. My goal is to have one log file created per client. I've found a lot of data on older versions of rsyslog, but the change in configuration syntax has thrown me. This…
StandardEyre
  • 303
  • 1
  • 3
  • 17
2
votes
1 answer

Rsyslog 8 hangs upon exit

On Ubuntu 16.04.1 running: rsyslogd 8.16.0, compiled with: PLATFORM: x86_64-pc-linux-gnu PLATFORM (lsb_release -d): FEATURE_REGEXP: Yes GSSAPI Kerberos 5 support: …
Gaia
  • 1,855
  • 5
  • 34
  • 60
2
votes
0 answers

Rsyslog hangs after memory usage 456 MB

I am using rsyslog server to keep log of various server. Recently I have added 20 servers in rsyslog, after that rsyslog is frequently hangs the service (not receiving log until service restart). I observed the memory usage and when memory reaches…
Bluechip
  • 21
  • 3
2
votes
3 answers

What is the syslog facility for auditd logs?

Trying to forward only my auditd events by syslog, but I don't know which facility to use. I don't want to send everything to my syslog server as it would create redundancy in logging. I've set the audispd syslog plugin to active and from what I…
ThunderJack
  • 31
  • 1
  • 1
  • 5
2
votes
1 answer

Rsyslog not logging events

I'm trying to stand up a syslog server to receive events from a piece of network equipment, but I can't seem to get it to actually log the events to disk. I can confirm that the connection is being made successfully, and that rsyslogd is getting the…
Sammitch
  • 2,111
  • 1
  • 21
  • 35
2
votes
0 answers

How can I pull data from journald and outputing it to logz via rsyslog

I have a number of servers that use CoreOS. CoreOS natively uses journald for all it's log files. The latest stable release incorporates docker 1.9 so it doesn't yet support docker log drivers. After exploring multiple avenues, I think rsyslog…
hookenz
  • 14,472
  • 23
  • 88
  • 143
2
votes
0 answers

Upstart job logs not being forwarded by rsyslog - Ubuntu 14.04 LTS

I've got rsyslog set up correctly forwarding all logs on a set of clients to a central server. Things like ssh auth logs etc all work fine and appear in the remote server properly. The issue is that I have custom upstart jobs for my applications…
Chilly
  • 121
  • 2
2
votes
1 answer

Is it possible for rsyslog to create a directory?

The Setup I have this in my /etc/rsyslog.conf: $template local1DynFile,"/path/to/my/log/%programname%.log.%NOW% $template local1LogFormat,"%msg:2:$:%\n" *,*;auth,authpriv,local0,local1.none ~/var/log/syslog local1.* …
Wayne Werner
  • 739
  • 4
  • 15
  • 27
2
votes
0 answers

How does one separate log data sent to a remote rsyslog server?

I have messages from multiple apache2 web servers logging to a rsyslog server. I've used a template to separate each /var/log/syslog file into its own folder based off of the ip address of the server From my rsyslog…
Slimmons
  • 58
  • 4
2
votes
2 answers

Alternative way to disable cron writing to /var/log/syslog

There are answers that suggest changing this: *.*;auth,authpriv.none -/var/log/syslog #cron.* -/var/log/cron.log Into this: *.*;cron,auth,authpriv.none -/var/log/syslog cron.* …
Vincas Dargis
  • 141
  • 5
1 2 3
45 46