Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [rsyslog]

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

It consists of an open source project with commercial addons such as the ability to log Windows events, as well as available support contracts.

681 questions
0
votes
1 answer

how to send log from post-auth with Freeradius?

I want to send message to remote syslog in post-auth section. Simple string with "'%{User-Name}', '%{reply:Packet-Type}', '%{Calling-Station-Id}'" How do it with FreeRADIUS 3 ? Or.. How to split loggs by facility or priority?
eri
  • 294
  • 2
  • 5
  • 17
0
votes
1 answer

rsyslog sending custom log to remote sever

I have found an answer on stackoverflow, but using same exact config, apart changing the mine to minecraft_server, returns: Mar 25 05:21:29 gameserver rsyslogd[7027]: invalid or yet-unknown config file command 'InputFileStateFile Mar 25 05:21:29…
whatamidoingwithmylife
  • 1
  • 1
0
votes
1 answer

Log a message from Windows to a Syslog server (Wireguard)

I would like to know when a Wireguard client set a tunnel up. So is it possible to do something like : PostUp=command_which_creates_a_syslog_event Because I don't see any other way to log when a client set his tunnel up.
amrbcl
  • 53
  • 5
-1
votes
1 answer

(Linux) /var/log organisation using logrotate and rsyslog without breaking important systems

This is likely to elicit calls to close as it's asking for opinions, but I don't know how or where to ask in a more appropriate manner. Apologies in advance if this offends - it's not intended that way, and there is an actual question, which is…
Graham Nicholls
  • 291
  • 2
  • 5
  • 13
-1
votes
1 answer

Does rsyslog configuration support case statement?

Does rsyslog support case statement similar to C? switch ($programname) ​{ case "nginx": // code to be executed if n is equal to constant2; break; case "java": // code to be executed if n is equal to constant2; …
foxtrot9
  • 103
  • 1
-1
votes
1 answer

syslog for netstat to get no. of connection from each IP range

I have a server which keeps on receiving request from two other servers from different IP ranges. I need to know how can I setup a cronjob which keeps on checking number of connection made by each server every second and keep on updating the result…
manish sharma
  • 1
-1
votes
1 answer

rsyslog with elasticsearch and forwarding custom logs

I have configured rsyslogd Log Server With Elasticsearch and Kibana. I am able to forward the /var/log/messages from the client Linux servers (CentOS 7, RHEL 6) to the central Linux Log server (CentOS 7). However, I have a custom log file…
Arun Krishnan
  • 379
  • 2
  • 3
  • 13
-1
votes
1 answer

Syslog messages not being received at central server

I have a central Syslog server (Windows Server 2012 R2) running Kiwi Syslog server that isn't receiving logs from a client (Centos 7). The client's rsyslog.conf configuration looks like this: *.info;mail.none;authpriv.none;cron.none …
willbo
  • 1
-1
votes
1 answer

Matching end of file with ansible lineinfile

I'm trying to replicate the following sed snippet in ansible's lineinfile module. sed -i '/# The named pipe \/dev\/xconsole/,$d' /etc/rsyslog.conf I know that I can template the file or brute force match the lines but I'd like to learn how to do…
Tim Fletcher
  • 410
  • 2
  • 6
-1
votes
2 answers

rsyslog execute action on multiple events

I would like to have an application to be executed when an event reaches multiple times in a row in the log, eg: Oct 17 13:09:24 mail clamav-milter[30942]: x x x Happens 4 times but also this counter should be reset like in every hour. Is this…
froggy
  • 1
-1
votes
1 answer

How can I send non-default log files to remote rsyslog server?

Yes, I see that you want to mark this as a duplicate, and I appreciate that, but please read to the end. I've found this question several places, and the answers are either too vague for a noob to rsyslog to understand...like this Waaay too…
trueCamelType
  • 1,086
  • 5
  • 20
  • 42
-1
votes
1 answer

IPtables log only some drop connections

I have these rules: -A INPUT -m limit --limit 2/min -j LOG --log-prefix "IPTables Packet Dropped: " --log-level 7 -A INPUT -j DROP But this logs every DROP that occurs like IPTables Packet Dropped: IN=eth0 OUT= MAC=XXXXXXXX SRC=192.168.100.11…
Christopher
  • 143
  • 4
-1
votes
0 answers

Stop crontab from filling syslog Ubuntu 15.04

How can I prevent (certain cronjobs) from filling my syslog in Ubuntu 15.04? I have some jobs that run 4 times a minute and quickly fill up my syslog files. I've tried adding: cron.* /var/log/cron to…
gijs007
  • 117
  • 1
  • 4
  • 18
-1
votes
2 answers

rsyslog (local) and remote logging

I have several linux servers that I want to monitor the log files. I thought it would be great to setup a central log server that can capture incoming rsyslog packets. Each hostname would have its own folder and set of logs. However, is it possible…
mavrex77177
  • 1
  • 1
  • 1
-1
votes
1 answer

what is wrong with this rsyslog configuration?

I am trying to get rsyslog to log to the following custom log file /var/log/iptables.conf instead of syslog. Iptables has got logging enabled, here is an example log line outputted from iptables (taken from /var/log/syslog) Apr 19 04:47:41…
the_velour_fog
  • 497
  • 2
  • 4
  • 14
1 2 3
45
46