Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [rsyslog]

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

It consists of an open source project with commercial addons such as the ability to log Windows events, as well as available support contracts.

681 questions
2
votes
1 answer

Remote logging to specific directory structure with rsyslog

I'm currently in the process of having all of our various servers send their syslog messages to a central server. I'd like to have the following directory structure on the central server that logs are sent…
deekthesqueak
  • 21
  • 1
2
votes
1 answer

Rsyslog: discarding specific messages, rate limiting

I've got netatalk installed on the server and afpd is spamming system logs with the following error: Jun 24 15:38:16 TEST afpd[21532]: sys_getextattr_size: error: Operation not supported I'm not sure what's the actual root cause for this so I tried…
HTF
  • 3,148
  • 14
  • 52
  • 82
2
votes
1 answer

Sending logs to remote server with rsyslog

I'm trying to setup centralized logging with Logstash, Elasticsearch and Kibana and am having trouble getting logs to my log server. Logstash is listening on TCP 5000 and is successfully receiving logs from one of my servers but not the rest. I can…
Merch
  • 31
  • 1
  • 5
2
votes
1 answer

How to forward arbitrary files to graylog2 with rsyslog

I have some random files that I would like to collect and forward to my logging server. These are applications that don't really support GELF, so I am trying to forward these files with rsyslog: # Apache access log input(type="imfile"…
Goro
  • 664
  • 3
  • 9
  • 18
2
votes
0 answers

Can TLS-enabled rsyslog use a certificate revocation list?

When using the gtls driver, is it possible to configure rsyslog to use a certificate revocation list? We are running rsyslogd 5.8.10 (standard in CentOS 6.5).
opsmason
  • 121
  • 1
2
votes
1 answer

Redirecting app log to rsyslog in upstart script

I have an upstart script that does the following start on runlevel [2345] stop on runlevel [06] respawn pre-start script exec >/dev/kmsg 2>&1 REPO=git@github.com:blabla/bli mkdir -p /var/log mkdir -p /var/www echo "Fetching app…
Michael
  • 263
  • 2
  • 4
  • 9
2
votes
3 answers

Rsyslog through TLS

I have been trying to get rsyslog to transmit through TLS with no luck so far. There seems to be something wrong with my configuration, but I cannot pinpoint it. this is my server conf file: # rsyslog v5 configuration file # For more information…
Bruno9779
  • 182
  • 1
  • 1
  • 13
2
votes
2 answers

Using OSSEC HIPS alongside rsyslog, overkill?

I have been tasked to harden our company linux servers. One of the problems that was outlined was the fact that logs are stored on the server which poses two problems: Difficult to aggregate and diagnose problems Not very secure, if a server is…
Rijndael
  • 173
  • 1
  • 5
2
votes
1 answer

Forwarding from rsyslog to syslog-ng over TCP not working (although packets are reaching server)

We use syslog-ng on our central syslog server (syslog-ng-2.1.4-9.el5 on CentOS 5.9). We were happily sending logs using syslogd and rsyslog from a mixture of Linux and Solaris hosts over UDP until yesterday when it finally became clear to me that…
Paul Haldane
  • 4,517
  • 1
  • 21
  • 32
2
votes
1 answer

%HOSTNAME% value is "unknown" in rsyslog template

The Gist Where does rsyslog get the value of %HOSTNAME% and under what conditions would "unknown" be the expected value? We're using rsyslog on an EC2 instance and we're trying to send our logs out to loggly. If I tail -f the log messages, I can…
D. Patrick
  • 131
  • 5
2
votes
0 answers

rsyslog logging same data to multiple files

I'm new to configuring rsyslog for centralized logging and was wondering if one of you experts could help me with the following problem. I am trying to store logs for each remote host to a per host directory. This is working just fine with the…
user203913
  • 43
  • 4
2
votes
2 answers

Log ssh sessions to rsyslog

How can I setup rsyslog to log commands typed in a ssh session? Just in case someone unauthorized ever accesses the system, I'd like to know what he did.
user22711
2
votes
1 answer

Pipe program output to rsyslog

I have a process running that writes it's output to a file, like this. processx > /var/log/processx.log 2>&1 How would I write/pipe/forward this to rsyslog instead (including the 2>&1 redirect)?
user22711
2
votes
2 answers

Remove Iptables log from kern.log syslog messages

I'm having trouble with Iptables logs, i'm not able to get them out from kern.log, syslog and message files. I added two rules in rsyslog.conf which redirect my messages to an "iptables.log" file but logs are also present in kern logs. Here is my…
user200790
  • 23
  • 1
  • 1
  • 3
2
votes
1 answer

rsyslog forward all except ldap

I have Centos 6 servers running openLDAP. In the rsyslog.conf, I forward the logs to my central server with this line: *.* @10.10.10.10:514 openldap seems incredibly chatty. I have 3 servers in a multi-master cluster. Those 3 servers generate…
Brian
  • 1,233
  • 2
  • 14
  • 25
1 2 3
45 46