Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [rsyslog]

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

It consists of an open source project with commercial addons such as the ability to log Windows events, as well as available support contracts.

681 questions
0
votes
1 answer

rsyslog tag based forwarding

I'm looking to do a tag based forwarding instead of using local1. local1 is used for other things so I don't want it to get mixed up. How can I do this? Here's my config forwarding nginx logs under /etc/rsyslog.d/nginx.conf module(load="imfile"…
coffeemate090
  • 1
0
votes
1 answer

Exclude remote syslog client logs from /var/log/syslog on host machine

Background: I have a lil Raspberry Pi server running the latest Raspbian OS running a number of network appliances to help manage a complex IOT LAN for a client. I have been using rsyslog to write logs from the network hardware and servers to an…
kennnnnnnnneth
  • 3
  • 4
0
votes
1 answer

Rsyslog rotates, but still logging to old log

Server: Ubuntu Server 14.04 I have a Watchguard Firebox logging to a server. It is supposed to rotate daily, however, when the rotate occurs, it doesn't write to the new log. It keeps writing to the previous one. The config in…
DevOpsSauce
  • 348
  • 1
  • 5
  • 22
0
votes
1 answer

rsyslog single filter conditional syntax

I'm looking for a way to write a single rule with multiple match values, don't write those rows to logfile if the message contain first word or second word. This works but isn't DRY: if $msg contains "WARNING:" then { Action (type="omfile"…
user2239318
  • 131
  • 7
0
votes
1 answer

rsyslog conf file syntax multiple filters

I'm setting up rsyslog on a Red Hat 8 system. I have the the first part working, that filters based on source IP, and writes logs in a specific file, like this: if $fromhost-ip startswith '10.1.2.45' then /var/log/test_all.log & ~ What I'd like to…
user3271408
  • 175
  • 1
  • 5
  • 17
0
votes
1 answer

Rsyslog using more memory on CentOS 7

I see rsyslog is using more memory on my EC2 instance. Is there a way we can fix it? I tried cat /proc//limits and tried changing the limit value but no luck. Max stack size 8388608 unlimited bytes.
Digumurthy
  • 1
0
votes
0 answers

Messages appears with delayed in /var/log/messages

I'm using rsyslog to collect logs from multiple servers which are all being sent to a single server. I've noticed that logs sometime appears with delay of 2-5 minutes in /var/log/messages of the destination server. By using tcpdump on both source…
Omri
  • 81
  • 1
  • 5
0
votes
1 answer

rsyslog on CentOS 8.2

I just configured rsyslog 8.1911 on CentOS 8.2. The server rsyslog.conf has these lines $template RemoteLogs,"/logs/serverlogs/%$YEAR%-%$MONTH%-$DAY%/%HOSTNAME%/%PROGRAMNAME%.log" *.* ?RemoteLogs This works - i.e. new directories get created…
Jayadevan
  • 148
  • 8
0
votes
0 answers

send logs of flask through rsyslog on remote server

I have flask running in my environment which creates logs in /var/log/api/api.log. i have configured rsyslog service to send all logs to my remote server but rsyslog sending api.logs to syslog file on remote server. i have also tried by creating…
Wajahat from Integrity
  • 1
  • 1
0
votes
0 answers

rsyslog: Filter and Consolidate

I've got a very simple setup with logs being collected from three servers: 10.0.4.1, 10.0.4.2, and 10.0.4.3 Config files, in /etc/rsyslog.d/syslogconfig.conf, follow this pattern [with changed IP addresses]: # Remote devices config for…
Lorccan
  • 101
  • 1
0
votes
0 answers

Rsyslog custom imfile, multiline sending as separate messages on remote server

I am having a custom log file which i need to send to remote server with start and end tags. My log file:
Bhanu Praveen
  • 1
0
votes
1 answer

sshd doesn't show failed login attempts in syslog on CentOS 7

after some tinkering with rsyslog, sshd no longer logs information about failed login attempts to syslog for some reason. I've returned both sshd and rsyslog configs back to where it was: rpm -V $(rpm -qf /etc/ssh/sshd_config) rpm -V $(rpm -qf…
Wasil W. Siargiejczyk
  • 101
0
votes
0 answers

automatically retrieve some fields from log file

My fortigate firewall send log message to my syslog server (CentOS 7). The syslog server store them to *.log file with rsyslog. Like this: Sep 24 00:00:00 192.168.20.20 date=2020-09-24 time=01:00:00 devname="FGT-G1" devid="FGTXXXX"…
user13877317
  • 1
0
votes
1 answer

duplicate packet to another local host(SIEM)

We have a Central Syslog server that we use to collect all logs from our hosts and recently got a SIEM that we also want to collect the logs. We would like the Central Syslog server to duplicate the logs to the SIEM without changing the source…
Swannie
  • 3
  • 1
0
votes
0 answers

how to forward log file or filtered message contents using rsyslog

I am trying to filter out logs from journalctl so that matched logs can be forwarded to remote rsys server. /var/log/custom log is getting constructed properly from the filer but not able to forward it to the remote server. I have referred below…
Kedar
  • 11
  • 1
  • 2
1 2 3
45 46