Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [rsyslog]

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

It consists of an open source project with commercial addons such as the ability to log Windows events, as well as available support contracts.

681 questions
0
votes
1 answer

Remote logs from rsyslog appear in general logfiles

I've set up rsyslog (according to guides like this) to ingest remote logs via the following general configuration: module(load="imudp") input(type="imudp" port="514") module(load="imtcp") input(type="imtcp" port="514") module(load="imklog"…
slhck
  • 317
  • 2
  • 17
0
votes
0 answers

systemd journal - delete logs belonging to a specified unit?

Like there is a way to show all logs belonging to a unit: journalctl -xu , Is there a way to clear the logs belonging to a specified unit with journalctl ? Actually, my problem is, one of the service which is imported (from Sys-V /etc/init.d…
Ani
  • 32
  • 2
  • 13
0
votes
0 answers

rsyslog is running, but nothing is output

nice to meet you. Suddenly nothing is being output in /var/log/messages, cron, secure, etc... I have not restarted rsyslog or modified /etc/rsyslog.conf, so I do not know why. Even after rebooting, the output is still not output. There are also…
rihm
  • 1
  • 1
0
votes
0 answers

Unable to get kernel log messages written to a specific log file on syslog server

I have a working rsyslog setup with CentOS as my server and I am using Kali as the client. I am able to use logger on Kali to send test log messages and see the log messages appear in the CentOS messages file and in the facility specific files I…
Chris Lewis
  • 1
  • 2
0
votes
1 answer

rsyslog change timestamp format for specifix filter

I wish to change my rsyslog timestamp format to RFC-3339 of specific log file (msg). I have the following file /etc/rsyslog.d/10-zn.conf with the following content: :msg, contains, "my_prefix" /var/log/zn.log which means that save to…
Or Yaacov
  • 73
  • 8
0
votes
1 answer

does remote logging stops local logging

I'm using a Graylog server to centralize logs from network equipment and servers and I'm wondering if the Syslog service on the switches, windows machines, and other equipment, that service still going to save logs locally or just send them remotely…
Retro_0
  • 5
  • 3
0
votes
1 answer

rsyslog: regex extract between 2 strings

I want to extract a substring of msg field between 2 strings. Example of the log: Test local logging: db=testdb,message What I want is "testdb", so, the string between "db=" and "," This is my configuration: template(name="jsonTemplate" …
dcop7
  • 1
0
votes
2 answers

How to disable crontab list entries in cron log?

I have a script on server that runs every few min, and among other things checks if some malicious crontab entries have been injected. In order to do this I check crontabs of all users, which works all good, but my /var/log/cron file gets filled up…
DenisZ
  • 38
  • 7
0
votes
0 answers

rsyslog - Lower throughput when using omfwd with TCP vs UDP

TLDR; I'm getting significantly lower throughput when forwarding syslog messages with rsyslog on a Redhat server with 32 cores and 128Gi RAM to a remote server using TCP instead of UDP syslog in the omfwd action. How can I use TCP for forwarding…
Wood Techie
  • 1
0
votes
1 answer

Rsyslog expression with $programname is not working

got this in my rsysconf: $template TemplateLog,"%msg%\n" $template DynamicLog,"%msg%\n" $template…
ragulin
  • 101
  • 2
0
votes
1 answer

logs are not going into log file even after having rsyslog config

I am facing problem. I have two different harpxoy linux servers (in diff network range). In one server, i can see logs are getting generated in log file but on other server, the logs are not getting generated in log file. I have compared almost all…
abc
  • 11
  • 4
0
votes
1 answer

Issue with rsyslog creating mutliple log files from a remote cisco switch

So here is our setup Server: rsyslog server - CentOS 7 Client: Cisco Catalyst C6880-X-LE /etc/rsyslog.conf from the CentOS 7 server: $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $ModLoad imjournal #…
Richie086
  • 238
  • 2
  • 10
0
votes
1 answer

Can I have specify TLS configurations in a template?

I am trying to set this up for SIEM ingestion on RHEL 8. I have this configuration below, however, the normal non-tls TCP doesn't work. I know the problem is because I have gtls globally and in my imtcp module - that is obvious, but what I cannot…
Joe
  • 1
0
votes
1 answer

Limit number of available archives in syslog rotation

I have the following configuration for my /etc/logrotate.d/rsyslog file. In it, i explicitly declared the number of days it will rotate to 4 and the size of the rotation archive file as 100k for /var/log/syslog. What I want to know is when the…
justanotheruser1019
  • 25
  • 3
0
votes
0 answers

rsyslog seems to be triggering sdhci dumps when writing in external storage

Acording what I read, rsyslog is usually used to process logs and send them to another locations, either local (external storage, specific partition, etc.) or remote (logging server, for example). However I'm trying to configure rsyslog to store the…
jfernandz
  • 3
  • 5
1 2 3
45 46