Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [rsyslog]

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

It consists of an open source project with commercial addons such as the ability to log Windows events, as well as available support contracts.

681 questions
6
votes
1 answer

How to configure rsyslog to log into PostgreSQL without too much latency?

I'm trying to configure RSyslog on a Debian machine to log everythingo into PostgreSQL, while also logging as usual on disk. I'm using a pretty stock Debian configuration and I activated the related configuration directives after reading the…
Jonathan Ballet
  • 161
  • 1
  • 1
  • 4
6
votes
3 answers

rsyslogd not monitoring all files

So.. I've installed Logstash, and instead of using the logstash shipper (because it needs the JVM and is generally massive), I'm using rsyslogd with the following configuration. # Use traditional timestamp format $ActionFileDefaultTemplate…
Tom O'Connor
  • 27,480
  • 10
  • 73
  • 148
6
votes
4 answers

imuxsock messages in syslog and system becomes unresponsive

I am getting such messages in syslog. rsyslogd-2177: imuxsock lost 21869 messages from pid 3418 due to rate-limiting rsyslogd-2177: imuxsock begins to drop messages from pid 3427 due to rate-limiting My server is becoming unresponsive for last few…
shashuec
  • 277
  • 2
  • 3
  • 6
6
votes
1 answer

Ubuntu syslog: After log rotation nothing is written on /var/log/syslog

I've been running a Ubuntu VPS for a few weeks now, so a couple of monthly log rotations took place yestarday. For things like /var/log/wtmp things look as expected: logfile has recent entries, while logfile.1 older entries. However, /var/log/syslog…
ezequiel-garzon
  • 577
  • 2
  • 7
  • 16
6
votes
1 answer

rsyslog not logging messages

i'm attempting to set up my ec2 instance (running amazon linux which as i understand is built on RHEL 5) to forward log messages to loggentries.com but nothing is getting forwarded. as a sanity check i followed the instructions in this article to…
hackerhasid
  • 309
  • 1
  • 4
  • 9
6
votes
3 answers

Increase rsyslog/syslog precision to include fractional seconds?

I use syslog and rsyslog to handle logging on my Linux & FreeBSD systems. The timestamp is currently in seconds but I would like to increase the precision of these timestamps to include milliseconds. Is this possible using the syslog variants such…
Stefan Lasiewski
  • 23,667
  • 41
  • 132
  • 186
6
votes
3 answers

Syslog severity levels when to use Alert vs Critical

Short overview: Is Alert more severe than Critical. RFC 5424 briefly defines syslog severity levels and gives a short description. Each syslog level is given a code 0 - 7. It was my understanding that 0 (Emergency) was most severe and 7 (Debug) was…
Sean Bannister
  • 751
  • 8
  • 19
6
votes
2 answers

Filter log messages by program name and log level at the same time in rsyslogd

I want to save log messages from program foobar with log level err into file /var/log/foobar.log in rsyslogd. How can I do that? This is how I can filter messages by program name: :programname,contains,"foobar" /var/log/foobar.log This is how I can…
Marko Kevac
  • 255
  • 1
  • 3
  • 6
6
votes
1 answer

How can I log iptables in Ubuntu just in /var/log/firewall with rsyslogd

I am using ubuntu 10.10. with iptables! I want to log my firewall drops in the file /var/log/firewall and NOT in any other logfile. So I added the following line to my file: /etc/rsyslog.d/50-default.conf: #iptables Log kern.warning …
Fake4d
  • 603
  • 7
  • 10
  • 16
6
votes
3 answers

Log Locally and Remotely with rsyslogd

How can I make it so log file is stored both remotely and locally using rsyslog?
Kyle Brandt
  • 83,619
  • 74
  • 305
  • 448
5
votes
1 answer

RSYSLOG not creating tcp port

At a certain point this was working and I do not know what could have changed. No logs are going to the TFTP folder and instead I just see the error message posted below. I tried rebooting the server. I can change the port number and it will start…
James
  • 51
  • 1
  • 2
5
votes
1 answer

Using linux environment variable in rsyslog template

I'm trying to add an environment variable to my rsyslog template. I tried using 'getenv()' function without any luck, I always get an empty string in return. I'm attaching an example of my rsyslog config file, I'm using 'HOME' env variable as an…
Hanoch Giner
  • 153
  • 1
  • 4
5
votes
3 answers

System logs are empty (/var/log/messages; /var/log/secure; etc)

I found that rsyslog stopped writing on logs (messages; secure; cron;etc) System information: NAME="Red Hat Enterprise Linux Server" VERSION="7.4 (Maipo)" ID="rhel" ID_LIKE="fedora" VARIANT="Server" VARIANT_ID="server" VERSION_ID="7.4" already…
BANJOSA
  • 370
  • 1
  • 3
  • 15
5
votes
2 answers

rsyslog: peer name not authorized - not permitted to talk to it

Trying to configure an rsyslog central server with TLS turned on. It's been a struggle so far, but I'm almost there. Currently getting this error: rsyslogd: error: peer name not authorized - not permitted to talk to it. Names: [v8.27.0 try…
rajat banerjee
  • 191
  • 1
  • 7
5
votes
4 answers

I accidentally deleted /var/log/syslog, Now rsyslog Won't Log anything

I accidentally deleted /var/log/syslog, thinking that the system would automatically recreated it (it doesn't). I used touch /var/log/syslog and restarted rsyslog, but the system still isn't logging anything. I also restarted the entire server to…
Native Coder
  • 234
  • 3
  • 13
1 2 3
45 46