Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [rsyslog]

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

It consists of an open source project with commercial addons such as the ability to log Windows events, as well as available support contracts.

681 questions
8
votes
3 answers

Syslog forwarding loses original hostname

I have DMZ hosts forwarding to a DMZ syslog which in turn forwards all the syslog messages to an internal syslog server. It's working fine for the most part but the internal syslog host messages appear to all be coming from the DMZ syslog ie it…
garg
  • 635
  • 1
  • 7
  • 17
7
votes
1 answer

Proper way to reload rsyslog with a config file for a custom application

I want to log my app so that it writes its log into its own log file. I create the log file and save it under /etc/rsyslog.dbut my app doesn't create/write to the designated file. However, once I reload rsyslog, there are log entries the next time…
sdot257
  • 3,059
  • 5
  • 30
  • 39
7
votes
1 answer

How do I configure rsyslog on Ubuntu 14.04 to use ISO8601 timestamps?

In a file in /etc/rsyslog.d/ I have the following: local3.* /var/log/mylog.log When I log to this facility, records have timestamps which look like this: Apr 27 21:12:20 hostname msg How do I set things up so that they look like this…
jl6
  • 2,575
  • 2
  • 18
  • 19
7
votes
1 answer

rsyslog udp forwarding truncates at 2048 characters

Rsyslog on a RHEL 6 server is receiving messages locally on port 514 UDP. These messages are sometimes much larger than normal syslog message sizes. I am seeing rsyslog handle all of the messages just fine, it writes to the local files without…
nictrix
  • 173
  • 1
  • 7
7
votes
3 answers

Using Rsyslog to send application logs to syslog server

I'm trying to setup my rsyslog to send logs generated by an application under /opt/appname/logs to a remote syslog server. I have already configured rsyslog to send OS level logs but wanted to see if it can also send logs of an application. I'm…
Lego
  • 465
  • 4
  • 7
  • 12
7
votes
2 answers

rsyslogd: Any way to get around the number of local facilities?

We have about 9-10 appliances we want to direct the logging to our rsyslog server for. However, there's only 8 local facilities (0-7). How can we get around this limitation?
Belmin Fernandez
  • 10,799
  • 27
  • 84
  • 148
7
votes
1 answer

rsyslog filters on message contents and facility

I have found examples of how to filter based on the contents of a log entry with rsyslog. But is there a way to do this so it is only filtering on the contents of a certain facility? For example something like: if local0.* msg contains "foo" But…
Kyle Brandt
  • 83,619
  • 74
  • 305
  • 448
6
votes
1 answer

Create separated syslog file for each host with rsyslog

I have a syslog server (running rsyslog on RHEL 7.4) that consolidates all the syslogs from my network devices. It's listening on port TCP/514. I want to redirect the logs of each device to a different file in a dedicated directory (based on their…
eden881
  • 215
  • 1
  • 2
  • 10
6
votes
3 answers

Logstash with journald instead of rsyslog

I'm used to sending my logs from a server to a remote Logstash using rsyslog, with a configuration file roughly as follows (usually more specific to prevent too many logs from being sent): *.* @192.168.5.5:5000 I'm now starting work on a server…
Loic Duros
  • 163
  • 1
  • 4
6
votes
2 answers

rsyslog does not discard messages

I have the following rsyslog.conf: $PreserveFQDN on # rsyslog v5 configuration file # For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html # If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html #### MODULES…
Iokanaan Iokan
  • 185
  • 1
  • 1
  • 8
6
votes
1 answer

Ubuntu + Postfix: Mail Log Missing

I've just installed postfix on my ubuntu server and am trying to debug why outgoing mails are not being sent. This led me to notice that the /var/log/mail.log file is missing. For that matter, there's nothing named mail* in my /var/log. I've tried…
ystan-
  • 367
  • 1
  • 2
  • 10
6
votes
2 answers

Apache errorlog piping fail

Trying to log to a central syslog server, either direct using Apache's ErrorLog to pipe to logger, or getting syslog to forward, but nothing is working and the errors are not making sense to me. I can get the Custom log to work, but not ErrorLog.…
SysadminB
  • 71
  • 1
  • 6
6
votes
3 answers

kernel.log stays empty: “rsyslogd: imklog: cannot open kernel log (/proc/kmsg): Operation not permitted.”

I'm on a VPS (Ubuntu 14.04.2 LTS, Kernel 3.13.0-042stab094.8, rsyslog 7.4.4-1ubuntu2.5) and kernel.log stays empty with only this line: rsyslogd: imklog: cannot open kernel log (/proc/kmsg): Operation not permitted. The server was preconfigured…
Felix
  • 71
  • 1
  • 1
  • 3
6
votes
2 answers

rsyslog - configuration help - logrotate and compression

I am a newbie to Linux and rsyslog. I have used the logfiles for many years, but I have never had to set one up. At this point I have some Proof of Concept devices pointing to my Debain Linux server. I have the syslog messages coming in and being…
Security_Pete
  • 99
  • 1
  • 1
  • 11
6
votes
1 answer

Configuring JBoss AS 7.2 to log to syslog

In my standalone.xml, I have the syslog-handler configured like so:
cemerick
  • 283
  • 2
  • 6
1 2
3
45 46