Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [rsyslog]

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

It consists of an open source project with commercial addons such as the ability to log Windows events, as well as available support contracts.

681 questions
0
votes
0 answers

Rsyslog and UDP

Quick question, as I just want to ensure - For rsyslog, will below option work as intended if sending logs to remote syslog is configured through UDP? - $ActionResumeRetryCount -1 # prevents rsyslog from dropping messages when retrying to connect if…
MrBuzz73663
  • 11
  • 1
0
votes
0 answers

log events are dumped in var/log/messages and var/log/mse/mediaquality.log file, but i want those events only in var/log/mse/mediaquality.log

to stop those events I used & ~ at the end of the script. This fixed my bug, but my functional tests are not able to capture these events. I am using Logstash for this. So my fix is to stop the Rsyslog to push the events to Logstash, And my tests…
divakar reddy
  • 1
  • 1
0
votes
0 answers

Rsyslog server logging different subnets to different locations

I wonder if you can help me to configure rsyslog to write logs from different subnets to different locations, ie: Log everything coming from subnet 192.168.1 to dir. /log/subnet1, from subnet 192.168.2 to /log/subnet2. Problem is that i have already…
MrBuzz73663
  • 11
  • 1
0
votes
0 answers

How can I translate my old rsyslog rules?

I had this rule in previous rsyslog versions: if $fromhost-ip == 'xxx.yyy.zzz.www' then /var/log/name_of_the_server.log & stop And I translate it as: template (name="dinamico" type="string" string="/var/log/%HOSTNAME%.log") if $inputname == 'imudp'…
Sacha Yunusic
  • 1
0
votes
0 answers

Rsyslog logs not getting forwarded

rsyslog audit logs are not getting forwarded from Amazon Linux 2 (koji linux) what are the known rsyslog issues related to this amazon linux 2 system? Also, what is the significance of below two line #FileCreateMode $FileCreateMode 0640 #Configure…
Amito
  • 1
0
votes
1 answer

syslog access beginning of log line

I would like to filter the content of my logs generated by Syslog, I'm applying a filter based on $msg but it is not containing the beggining of the line: 2022-09-29T16:39:39Z SYS_SERVER_2 - - - - - A Web interface has been accessed when I try to…
tiamat
  • 103
  • 1
  • 4
0
votes
0 answers

rsyslog include $msg variable while using omprog

I would like to include the variable $msg into a omprog while calling a shell script but I cannot retrieve the real value: if ($msg contains 'dummy') then {action(type="omprog" binary="/usr/bin/sh /home/test/myScript.sh $msg")} is there a way to…
tiamat
  • 103
  • 1
  • 4
0
votes
1 answer

Combining multiple Property-Based Filters for Rsyslog

I was trying to set up a specific Rsyslog configuration file to catch all incoming kernel messages of a few types. For example, I want to dump all logs containing "example message 1" and "example message 2" into a custom log. For example, this rule…
jeff
  • 1
0
votes
1 answer

rsyslog: action suspended, next retry is

I'm trying to configure rsyslog to receive logs sent from other devices on port 3100 (my manager chose that port and I will get him to change it to 514 later), and save (append) those logs in local files. So I created /etc/rsyslog.d/remote.conf…
Michael NGV
  • 1
  • 3
0
votes
0 answers

Redirect systemd service logs to /dev/kmsg for all running services

Currently systemd service files will redirect the logs to journal buffer by default. But I need to get all the userspace services logs as part of /dev/kmsg buffer. I was able to add StandardOutput=file:/dev/kmsg to a service file and that works only…
Rckzz
  • 1
0
votes
1 answer

rsyslog forward with ;RSYSLOG_SyslogProtocol23Format

I am trying to forward rsyslog with ;RSYSLOG_SyslogProtocol23Format It works fine for an all log forward: *.* @@syslogserver.com:6789;RSYSLOG_SyslogProtocol23Format But does anyone know how it can be implemented on specific rules? if ($msg…
Henric Carlsson
  • 1
0
votes
1 answer

Rsyslog server - conditionally forward logs

The idea is to receive the logs on the Rsyslog server and then send them to a specific Kafka server depending on the log contents. For example, Logs are being received on a single port, 514 Forwarding received logs to Kafka topic #1 and lines…
Iggy
  • 15
  • 1
  • 4
0
votes
1 answer

Reliable rsyslog logging to a remote server

Is there any way to configure rsyslog to send logs to a remote instance so that it does not loose several minutes of messages? I am finding this difficult in following scenario: Yank the ethernet cable away from a logging device(client) Wait 5…
fastfox
  • 101
  • 1
0
votes
1 answer

rsyslog ruleset for encrypted logging

I've setup managed to setup rsyslog to accept TLS traffic from a clients server. When I configured the certificate and the port originally, it all worked fine. The problem is it is dumping the logs into the same log file, /var/log/messages, as other…
itinneed2022_1
  • 1
  • 1
0
votes
1 answer

Sending rsyslog messages to remote file system

I have an Ubuntu server that will be running rsyslog and many "client" devices and applications sending logs to it (via various syslog clients). I know that rsyslog logs everything to /var/log, but ideally I could "pump" these logs to a file on…
hotmeatballsoup
  • 143
  • 7
1 2 3
45 46