Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [rsyslog]

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

It consists of an open source project with commercial addons such as the ability to log Windows events, as well as available support contracts.

681 questions
0
votes
0 answers

RSyslogd is sending multiples CEF messages in the same Syslog message

There is a Python script sending multiple events to a remote host with Rsyslogd: CEF:0|Test|SIEMintegration|1|1|Normal|0| fileId=767000670128771115 CEF:0|Test|SIEMintegration|1|1|Normal|0| fileId=766000430136104144 But when they reach to that…
Cod1ngFree
  • 174
  • 1
  • 2
  • 11
0
votes
0 answers

How to reduce repeat log in debian 10?

In similar quesiton,I know echo 'if $programname == "systemd" and ($msg contains "Starting Session" or $msg contains "Started Session" or $msg contains "Created slice" or $msg contains "Starting user-" or $msg contains "Starting User Slice of" or…
kittygirl
  • 945
  • 5
  • 13
  • 33
0
votes
0 answers

how to send log file using rsyslog

I am using Centos 7.6 and have configured rsyslog server and able to send logs(syslog) from client to server, but I need to transfer the file /var/log/wtmp to rsyslog server and I have tried below configuration configuration but not working at…
Ashish
  • 1
  • 1
0
votes
0 answers

Rsyslog unable to receive syslogs from two or more switches , error in rsyslog configuration file

I am trying to send syslogs from routers/switches in a production environment to a linux server which has Rsyslog installed on it. Its working fine as long as rsyslog config file is set to receive logs from one switch, as soon as I am making…
Zius_123
  • 1
  • 1
0
votes
1 answer

How to secure rsyslog logging into MySQL

I'm looking for a way to encrypt the traffic between our hosts and the logging host in our Debian universe. rsyslog uses the ommysql module and the server is already configured to accept the users' requests only by SSL (GRANT USAGE ON *.* TO…
VerboEse
  • 11
  • 2
0
votes
1 answer

Why are cron jobs not being logged by rsyslog on Debian 10 buster?

(I figured this out, it was multiple problems...I'm leaving this as is and explain the process I took to resolve in my answer to this question) I'm working on a simple Ruby script that runs as a cron job. I'm using Visual Studio Code and the…
David Mackey
  • 697
  • 2
  • 15
  • 30
0
votes
1 answer

Configure rsyslog to fallback to local logging

I have rsyslog setup to log to a central server over TCP. I'd prefer for it to log locally if the network or remote server is not available, but otherwise omit local logs. It's straight forward to log to both but I haven't seen a way to log to…
brianegge
  • 1,064
  • 2
  • 14
  • 23
0
votes
1 answer

rsyslog - combining multiple property-based filters

I'm trying to write rsyslog messages received from a specific host to a log file based on the message content. Let's say I'd like to send messages received from "myserver" that contains the pattern "supertext\d{1,4}" to…
Toyjo123
  • 1
0
votes
0 answers

Rsyslogd module Error

I want to use capture packets by rsyslog with impcap but when I use it on configuration file I get this error: rsyslogd: version 8.2102.0, config validation run (level 1), master config /etc/rsyslog.conf rsyslogd: could not load module…
Milad Rezaei
  • 1
0
votes
1 answer

How to configure log rotate to compress and archive logs weekly

We have rsyslog that save logs based on requirement to various…
sarvesh.lad
  • 137
  • 6
0
votes
1 answer

Save rsyslog messages to dynafile that extracts text from rawmsg

We have a few appliances that are sending syslog, unfortunately their hostname are not the same as the actual name configured on the service I'm running the latest rsyslog version. Currently I have this saved as a seperate conf file: template…
sarvesh.lad
  • 137
  • 6
0
votes
1 answer

Log systemd service stderr to different file using rsyslog

I have the following config in a systemd service: StandardOutput=syslog StandardError=syslog SyslogIdentifier=udocit And this rsyslog conf file: if $programname == 'udocit' and $syslogseverity > 5 then { action( type="omfile" …
HomeIsWhereThePcIs
  • 144
  • 1
  • 2
  • 9
0
votes
1 answer

rsyslog is putting log entries into an included file

I have an include directive in my rsyslog.conf file and rsyslog is appending data to it! I don't know why. I am running rsyslog 8.24 on RHEL7.7: rsyslog-8.24.0-38.el7.x86_64, kernel 3.10.0-1062.el7.x86_64 These are the only lines I have in my…
Mike S
  • 1,145
  • 5
  • 22
  • 42
0
votes
1 answer

rsyslog- what's the difference between $ModLoad and module(load)?

I'm on an RHEL 7.7 machine: Linux myhost 3.10.0-1062.el7.x86_64 #1 SMP Thu Jul 18 20:25:13 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux Running rsyslog-8.24.0-38.el7.x86_64 According to the rsyslog docs (currently in 2021 located at …
Mike S
  • 1,145
  • 5
  • 22
  • 42
0
votes
0 answers

RSyslog v5 embedded system - template support for environment variables

I am trying to manipulate how Rsyslog sends data to a syslog server on an embedded system that runs Rsyslog version 5. As it is an embedded system there is no option to upgrade to a later version without vendor involvement. I have the following…
fileinsert
  • 136
  • 1
  • 6
1 2 3
45 46