Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [rsyslog]

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

It consists of an open source project with commercial addons such as the ability to log Windows events, as well as available support contracts.

681 questions
0
votes
1 answer

Rsyslog keeps writing to /var/log/messages and subfolders

I have a rsyslog on CentOS 8 where I configured several systems to subfolders with this part of config $template RemoteLogs,"/var/log/hosts/%HOSTNAME%/%$YEAR%/%$MONTH%/%$DAY%/syslog.log" *.* ?RemoteLogs This works fine but all logs from remote…
wojcieh
  • 158
  • 1
  • 8
0
votes
1 answer

apache2 not sending logs to remote server via rsyslog

both apache access & apache error logs not arriving on central server. some logs are successfully arriving tho including: auth, authpriv, cron, daemon, kern, syslog logs. what else do i need to get apache logs centralized? heres my testing lab setup…
lfinkj
  • 3
  • 1
  • 3
0
votes
1 answer

How to sort incoming log messages by their hostname & timestamp with Rsyslog?

I was curious if anyone has sorted incoming logs captured by Rsyslog by hostname and time stamp in the log. Right now I have Rsyslog sort messages by the hostname moving them to appropriate folders and then Logrotate set to daily. My concern is if…
cabotek
  • 1
  • 1
0
votes
0 answers

Rsyslog extract data

Am searching this for 3 days nothing worked, can somebody help to get this regex for rsyslog string expected is ***Aug 19 08:42:07 ip-10-5-1-18 sshd[12300]: Invalid user ubunt from 111.92.25.118 tried with…
Jithin Kumar S
  • 101
0
votes
1 answer

rsyslog, is there a way to see the facility codes of messages recieved?

I have a cisco ftd sending logs tagged with local3(19) however I am still seeing some messages ending up in my users.log instead of where i have them configured to be sent. Is that where they would end up if untagged? or is there was way to verify…
Security_Pete
  • 99
  • 1
  • 1
  • 11
0
votes
1 answer

Unable to log with HAProxy

I've been following the instructions found here, https://www.haproxy.com/blog/introduction-to-haproxy-logging/, to setup our logging. As documented, I made an rsyslog config file, haprorxy_log.conf, and restarted rsyslog: # Collect log with…
SVill
  • 77
  • 3
  • 13
0
votes
1 answer

CentOS 8 remote logging logs on both custom log and /var/log/messages

I'm trying to configure a remote log host for my servers (all CentOS 8). I added this on my central server if $fromhost-ip == '123.123.123.123' then /var/log/{{hostname}}.log Also I changed my client config to *.*…
Gwynn
  • 13
  • 6
0
votes
0 answers

Multiple SFTP Servers sharing common chroot path logging issue

I am setting up an SFTP service with multiple EC2 instances for High Availability on AWS with a common EFS Share (mounted at /efs/sftp). ,--------, | | | SFTP |-------, ----- |________| | …
Ranjandas
  • 73
  • 7
0
votes
1 answer

How to stream some logs over TCP from rsyslog in Docker?

I need a very simple thing (for an integration test of a larger system, orchestrated by docker-compose): to setup a Debian based Docker image with rsyslog inside, so that when it is run, rsyslog will emit some syslog messages over TCP to another…
stf
  • 123
  • 1
  • 5
0
votes
1 answer

Rsyslog / CentOS 8 / no write logs|no catch?

I use rsyslog (8.37.0-13) on CentOS 8 (CentOS Linux release 8.1.1911) and I've type error with my configuration. My rsyslog.conf is…
celine
  • 13
  • 5
0
votes
1 answer

Seperate PROCID from SYSLOGTAG using $template

Im setting up a centralized rsyslog server using a Raspberry Pi with LogAnalyzer web frontend to view the logs. Everything is setup and working except the parsing of fields into the MySQL database. As you can see in the attached image, the ProcessID…
jsb.tech
  • 1
0
votes
1 answer

Rsyslog "typo error" CentOS 8

I use rsyslog (8.37.0-13) on CentOS 8 (CentOS Linux release 8.1.1911) and I've type error with my configuration. My configuration is : template(name="template1" type="string" string="/data/%HOSTNAME%-%FROMHOST-IP%.log") ruleset(name="ruleset1"){ …
celine
  • 13
  • 5
0
votes
0 answers

/var/log/messages not sending to the rsyslog central logging server

Everything else is being logged to the central rsyslog server but not the /var/log/messages of the rsyslog client. server: learn -> 192.168.1.100 client: server101 -> 192.168.1.200 From the rsyslog server: [root@learn ~]# ls -l…
vjwilson
  • 129
  • 1
  • 6
0
votes
0 answers

CentOS 6 rsyslog continuous stream of entries filling up /var/log/messages

After running yum update on one of my boxes, I am receiving a continuous stream of entries in /var/log/messages and fill up the disk. I could not make out where the events are coming from Linux host1 2.6.32-754.28.1.el6.x86_64 #1 SMP Wed Mar 11…
pablo808
  • 113
  • 6
0
votes
1 answer

rsyslog with avro encoded log decoding fails

I am using rsyslog, I have my devices send custom logs to rsyslog encoded in avro. When i receive this log in rsyslog via udp port, I am able t decode. But when it get stored in rsyslog and I try to parse the file and decode the log it fails. Some…
Yogesh BG
  • 1
1 2 3
45 46