Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [rsyslog]

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

It consists of an open source project with commercial addons such as the ability to log Windows events, as well as available support contracts.

681 questions
2
votes
3 answers

Logging doesn't work after rsyslog upgrade

I have several different django applications under apache on a Red Hat server. These applications use SysLogHandler for sending log messages to the local rsyslog service. In order to pipe log messages from different django applications to different…
alecxe
  • 81
  • 1
  • 2
  • 16
2
votes
1 answer

Pure-ftpd with mutiple domains separate xfer log files on CentOS 6.4

Using the Pure-ftpd daemon to serve ftp service. I've modified the init script to run multiple domains with different IPs, with separate DBs and separate WELCOME MSGs. daemon "$pure_launch_script /etc/pure-ftpd/dom1.conf --daemonize > /dev/null -F…
Stavry
  • 31
  • 3
2
votes
1 answer

How to send NAGIOS alerts to OSSIM server

I've installed an OSSIM server and I wanto to retrieve the alerts generated by a remote Nagios server in order to analyze them and perform correlation of security events. Before putting hands on it, I would like to know what the right approach…
pAkY88
  • 201
  • 4
  • 10
2
votes
0 answers

Rsyslog : copy with changing the facility

I have saslauthd with save the logs in LOG_AUTH in our rsyslogd server. It can't be changed without recompiling, and I don't want to do that. I would like to see all the LOG_AUTH in LOG_MAIL, because I do an export to an external machine, and I…
Dom
  • 6,743
  • 1
  • 20
  • 24
2
votes
1 answer

How do the slapd logging levels work?

I can't seem to find an example of how each of the log levels in slapd work. I want slapd to log the users who are logging in, and the server that they are trying to log into, as well as any authentication errors. I've tried using this LDIF to…
zymhan
  • 1,371
  • 1
  • 17
  • 30
2
votes
1 answer

Write out bind/named log messages to a different file using rsyslog

Right now, the contents of /etc/rsyslog.conf which control disposition of the named log messages looks like: # Log anything (except mail) of level info or higher. # Don't log private authentication…
tgharold
  • 609
  • 8
  • 19
2
votes
2 answers

rsyslog filtering based on message content

I have an application which is writing to syslog. The messages written to the syslog are for various buckets which need to be filtered out. Every message starts with a bucket number, so the messages are written as: 1: Message for bucket 1 14:…
Lazylabs
  • 143
  • 1
  • 2
  • 5
2
votes
4 answers

Rsyslog not logging from remote server

I am trying to set up a centralized log server. I have central server (A) receiving logs via a remote server (B) on port 514. I know it is receiving these. Here are a few entries from a tcpdump on port 514 # tcpdump port 514 tcpdump: verbose output…
KStensland
  • 119
  • 1
  • 1
  • 5
2
votes
1 answer

Rsyslog unix timestamps on RHEL6

I'm trying to get rsyslog on RHEL 6 to render the time the message was logged at as a unix timestamp. I started by read the documentation at http://www.rsyslog.com/doc/property_replacer.html. Since there are are old-style and new-style property…
Bart B
  • 3,457
  • 6
  • 31
  • 42
2
votes
3 answers

rsyslog - regex trouble

I'm trying to setup the logentries service. If a log entry has a token in it then I would like to send it to api.logentries.com:10000. The token is a guid in the format aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee. Right now I'm doing: # If there's a…
benmccann
  • 598
  • 2
  • 8
  • 21
2
votes
1 answer

Restarting rsyslog re-sends logs again

I am running Ubuntu 12.04.1 LTS on EC2. I have a bunch of application servers which are configured to forward their logs to a central server via rsyslog. Since putting in Nagios monitoring on the log files on the central server, I've been getting…
Jay Taylor
  • 138
  • 8
2
votes
4 answers

Rsyslogd not listening on port

I installed rsyslogd on ubuntu server, started it and everything looks fine, but the port the server should listen on is not opened. ubuntu@node7:~$ sudo service rsyslog restart rsyslog stop/waiting rsyslog start/running, process 14114 Netstat…
amorfis
  • 737
  • 2
  • 14
  • 31
2
votes
1 answer

How to configure syslogd name/identifier?

I'm forwarding all syslog events to papertrailapp.com, and they are identified as sent by localhost. It's not convenient, since I have a few servers and all of them are localhost-s. How can I configure syslog on every machine to have their own…
yegor256
  • 1,836
  • 3
  • 16
  • 30
2
votes
1 answer

Why don't cfn-init logs get sent by rsyslog?

I just signed up for Papertrail to aggregate logs from some AWS instances I'm setting up with CloudFormation::Init. I've followed the instructions and added *.* @logs.papertrailapp.com to the end of '/etc/rsyslog.conf'. Some logs are showing up on…
Jon M
  • 246
  • 2
  • 8
2
votes
2 answers

Forward Windows Events Logs to Rsyslog

I would like to forward Windows Events Logs from all my desktop clients to a Linux box with rsyslog on. Rsyslog provide a Windows agent to do just that but its 40 euros per license and when you have x amount of machines that cost adds up. I was…
SamCulley
  • 105
  • 4
  • 14
1 2 3
45 46