Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [rsyslog]

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

It consists of an open source project with commercial addons such as the ability to log Windows events, as well as available support contracts.

681 questions
0
votes
1 answer

rsyslog limit log size

Is this even possible to do in rsyslog? http://www.rsyslog.com/doc/rsyslog_conf_output.html This syntax is not working: mail.* -/var/log/mail.log:300M I need to set this limitation in rsyslog instead of logrotate because the log can…
defiler
  • 11
  • 1
  • 2
0
votes
1 answer

rsyslog server listen only on tcp 514

I'm trying to set rsyslog client- server to listen to tcp messages with port other then 514, however it doesn't work. Only when using 514 it receives messages. I'm using EC2 vms. input(type="imtcp" port="20514" ruleset="test") ruleset(name="test")…
Gidi Kern
  • 11
  • 1
  • 4
0
votes
1 answer

only send rsyslog's $msg to file?

I'm using a rsyslog rule to send syslog output from one program elsewhere: :programname, isequal, "myprogram" /var/log/myprogram.log I don't want the rsyslog "header" information (date, hostname, app, pid) to go into the log, I only want the log…
tedder42
  • 853
  • 1
  • 9
  • 20
0
votes
2 answers

rsyslog upgrade fails: Sub-process /usr/bin/dpkg returned an error code (1)

I'm having trouble upgrading rsyslog on a Debian server. root@trip:/home# apt-get upgrade Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done 0 upgraded, 0 newly installed, 0 to remove…
RonaldPK
  • 135
  • 1
  • 5
0
votes
1 answer

graylog not getting cents 7.1 syslog messages using the rsyslogd service

Good morning! I'm playing with Graylog today and everything is working well on Ubuntu, but the two CentOS 7.1 servers I've attempted to attach to it are acting strange. I've been keeping notes as I've gone along and have pasted them below. Thank…
Keith
  • 1
0
votes
1 answer

How can I make rsyslog send the logfiles to a location outside of /var/log?

I have a central syslog server (ubuntu 14.04 server), that I've set up to take in logs from many servers. This server has a storage hard drive that is very large, mounted at /home/username/logs I'd like to send the rsyslog logs to that location,…
trueCamelType
  • 1,086
  • 5
  • 20
  • 42
0
votes
1 answer

rsyslog not starting up: not found

When starting rsyslog I get the following: /etc/init.d/rsyslog: 1: /etc/default/rsyslog: imudp: not found /etc/init.d/rsyslog: 2: /etc/default/rsyslog: 127.0.0.1: not found /etc/init.d/rsyslog: 3: /etc/default/rsyslog: 514: not found My…
Karl Morrison
  • 1,621
  • 4
  • 29
  • 43
0
votes
0 answers

RSYSLOG v3 vs v5 config for property base filtering

I'm trying to set up a property base filtering for audispd log, this is what I have currently SLES11 RSYSLOG v5 RHEL6 RSYSLOG v5 RHEL5 RSYSLOG v3 rsyslogd: [origin software="rsyslogd" swVersion="3.22.1" x-pid="15913"…
skelator
  • 31
  • 2
0
votes
1 answer

rsyslogd template stopped working

Really perplexed at what happened. I've had rsyslogd running on a Centos 6.5 server for a while now logging for remote hosts to a special folder /data/rsyslog. Yesterday I setup our firewall to start logging and it was working fine except the logs…
rwfitzy
  • 233
  • 5
  • 16
0
votes
1 answer

Logging in separates files in rsyslog

I am configuring rsyslog in order it logs in separate files, identified by the port through which the log event arrives. In order to avoid opening too much ports, I was trying to see if there is any way of making that differed loging but based on…
bassco_dp
  • 25
  • 2
  • 6
0
votes
1 answer

Send all logs of a system to one specific syslog local facility (local1-7)

I want to assign the syslog local facilities to specific OS, so I can sort the incoming logs on the logserver (e.g. local1 for Windows logs, local2 for RedHat logs, etc). It worked perfectly on Windows, but I'm stuck at my RedHat Systems. Can I…
Tem
  • 3
  • 3
0
votes
0 answers

Is it possible to make samba (smbd,nmbd,winbindd) stop write log to disk and write it only to syslog(rsyslog)?

I have samba instance, and I don't need samba write log to disk, but I want write it to rsyslog. And not full_audit, just general log, how to do it? Options syslog only and syslog from http://www.sloop.net/smb.conf.html has no effect. Samba still…
Raf
  • 173
  • 7
0
votes
2 answers

syslog-ng "log_msg_size" maximum possible value

I read from syslog-ng doc and forums that log_msg_size to defaults to 8192. What is the possible maximum limit of this parameter? My application supports either syslog-ng or rsyslog depending upon situation and need. I wanted to set "log_msg_size"…
Suman S
  • 3
  • 2
0
votes
0 answers

maillog files not in chronological date order

I am running centos 7 LAMP server with webmin and recently disabled mailman from the bootup and shutdown module of webmin and then rebooted the system. I am positive my log files(such as maillog, cron, secure) were correct and in date order before i…
Peter
  • 1
  • 1
0
votes
1 answer

Rsyslog doesn't create log files on CentOS7

I have the following configuration file in "/etc/rsyslog.d/10-my.conf" # This file is managed by Puppet, changes may be overwritten if $programname == 'hello' then -/var/log/test/test.log & ~ On CentOS6.5 (rsyslog 5.8.10 ) this creates an empty…
iddqd
  • 193
  • 1
  • 8
1 2 3
45 46