Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [rsyslog]

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

It consists of an open source project with commercial addons such as the ability to log Windows events, as well as available support contracts.

681 questions
0
votes
1 answer

rsyslogd not storing remote logging information

I have a rsyslogd on Ubuntu 14.0.1: $ModLoad imtcp $InputTCPServerRun 514 $template FILENAME,"/var/log/%fromhost%/syslog.log" *.* ?FILENAME If if run logger -p local0.crit -n 10.240.157.116 -u /dev/null test On a remote machine, I can see the…
user1737246
  • 29
  • 5
0
votes
1 answer

Suppressing rsyslog tls error messages

When configuring rsyslog with tls and using PermittedPeer or streamdriver.authmode name, if an unauthorized peer connects, rsyslog logs error messages like below. Jan 22 08:56:38 test rsyslogd-2089: netstream session 0x7f177401b740 from 10.0.0.7…
Mehmet
  • 396
  • 1
  • 6
0
votes
3 answers

Can I prevent some of the UFW messages from being logged?

My router broadcasts (sends to 224.0.0.1) something every forty seconds. This is caught by UFW which stores a log entry in syslog: Jan 5 03:49:02 log kernel: [ 1184.788900] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:40:5a:9b:5c:9c:fd:08:00…
Arseni Mourzenko
  • 2,275
  • 5
  • 28
  • 41
0
votes
1 answer

Need to upgrade only rsyslog on Debian system

Just received a notice from apticron: apticron has detected that some packages need upgrading on: The following packages are currently pending an upgrade: rsyslog 5.8.11-3+deb7u1 ... Package Details: Reading changelogs... --- Changes for…
tfegc
  • 221
  • 1
  • 5
  • 10
0
votes
1 answer

RSyslog sends logs to logstash with host as IP not FQDN

I am having a issue. I am trying to send apache/nginx logs to logstash server. The problem is that rsyslog sends host as IP not the servers FQDN. Solutions that I have tried: PreserveFQDN on (did not help) Add FQDN to hosts file and enable…
cr0c
  • 958
  • 4
  • 16
  • 35
0
votes
2 answers

Find syslog priortiy/ severity of a message

Is there a way to find the syslog priority or severity of log entries using a standard unix tool? For example I could grep for the word error in a log. But not all logs will state the word "error" should an error occur. It would be nice to find all…
user92227
0
votes
1 answer

rsyslog dynamic file filter

I'm trying to get my local /var/log/syslog file under control. My current structure is to log remote files to /var/log/juniper/syslog/%fromhost-ip%/syslog.log. Below are my configurations. rsyslog.conf /etc# cat rsyslog.conf # /etc/rsyslog.conf …
Ryan Foley
  • 190
  • 3
  • 11
0
votes
1 answer

rsyslog logging path with custom property

I have an rsyslog server running v7.4.3 receiving a stream with the format: Date hostname app: name=VALUE message What I need to do is pull the VALUE out of the message, and log it in a file such as /var/log/VALUE/syslog.log I can get…
Michael Hart
  • 113
  • 1
  • 1
  • 8
0
votes
4 answers

remote server log viewer/analyzer

I have an rsyslog server running Ubuntu 12.04 which stores logs from different clients also running Ubuntu 12.04. Now I want to view those logs from my machine which also runs Ubuntu 12.04. One way is to ssh to the server and view the logs using…
Tarun
  • 127
  • 1
  • 7
0
votes
0 answers

software to view logs on remote server

I have configured syslog server on my linux machine like this Linux Machine (syslog client) -- > Linux Machine (syslog server) I have configured it and its working properly. Now, the problem is I want to look at the logs located on remote server in…
Tarun
  • 127
  • 1
  • 7
0
votes
1 answer

Rsyslog configuration for changing source interface

I'm working on rsyslog.conf upon CentOS 6.2. Is there any configuration in rsyslog.conf to change the source interface (eg - eth0, eth1), so that the messages being sent to syslog server contains the same source IP address (which is obtained from…
Revathy
  • 11
  • 2
0
votes
2 answers

Use RPM to add rsyslog rule

I'm using an RPM to install a binary and some config files to CentOS. My issue is that I need to find a way to set up the rsyslog rules during the RPM install. Up until now I've just been adding the lines manually myself near the top of the file.…
Luke
  • 203
  • 1
  • 7
0
votes
1 answer

intercept, evaluate, change syslog messages

is it possible to intercept syslog messages and evaluate (in special cases change) them before they are written into /var/log/? At the moment i m using inotify to monitor the log file and write the evaluated log into a new file.
inselberg
  • 165
  • 4
0
votes
1 answer

Rsyslog not discarding lines

I'm trying to discard lines like this: httpd: - - - - [03/Jun/2013:23:04:10 +0000] "-" 408 - "-" "-" 32 - Based on the docs, I would think this would suffice: :msg, contains, "408 -" ~ I know that that is not a good pattern because it could match…
jsd
  • 219
  • 1
  • 2
  • 8
0
votes
3 answers

Remote Apache Logging

I have been researching remote logging of apache logs, and everything I have found involves piping to logger. Two questions: Is there any other way to remotely log apache logs? Is piping to logger stable? Thank you! Jeff
Jeffrey L. Roberts
  • 269
  • 4
  • 13
1 2 3
45 46