Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [rsyslog]

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

It consists of an open source project with commercial addons such as the ability to log Windows events, as well as available support contracts.

681 questions
5
votes
2 answers

Using rsyslog with TLS without generating a self signed cert

Just about every guide I have seen for using TLS with rsyslog involves generating a self signed cert and using that. If the boxes are already set up with a legit signed cert how do you set up the client and server to simply use that?
placeybordeaux
  • 153
  • 1
  • 1
  • 5
5
votes
1 answer

nginx logs to syslog - connection refused

I'm trying to setup nginx 1.7.3 to send logs to syslog, but when I this configuration: server { access_log syslog:server=localhost; } this shows up in nginx's error log: 2015/01/15 21:42:47 [error] 16776#0: send() failed (111: Connection…
Jan Langer
  • 161
  • 1
  • 1
  • 5
5
votes
1 answer

Random SSH entries in Auth.log out of date order

Running an Ubuntu Trusty 14.04.1 LTS server at Rackspace but recently after running updates for bash, then with the reboots for the xen host vulnerability, I have the following weird issue. Some random auth.log entries are popping up out of date…
Ray A
  • 153
  • 5
5
votes
1 answer

Difference between /dev/udp and netcat

I have a syslog server listening on localhost:514 as UDP and would like to write messages to it on that port. (Using Ubuntu 14.04) If I run either of these commands from bash it prints the date every 2 seconds to syslog # Using netcat while true;…
user779159
  • 395
  • 1
  • 5
  • 10
5
votes
4 answers

rsyslog does not write remote messsages to log file from specific host

I have setup an rsyslog server (based on CentOS 6) that works fine with some remote hosts. But, when I added a Cisco ASA firewall, it does log its messages! The rsyslog.conf is the following: # rsyslog v5 configuration file # For more information…
Peter
  • 822
  • 2
  • 10
  • 23
5
votes
1 answer

Forwarding rsyslog to syslog-ng, with FQDN and facility separation

I'm attempting to configure my rsyslog clients to forward messages to my syslog-ng log repository systems. Forwarding messages works "out of the box", but my clients are logging short names, not FQDNs. As a result the messages on the syslog repo…
Joshua Miller
  • 1,378
  • 2
  • 11
  • 14
5
votes
2 answers

Best place in network to put syslog server for DMZ hosts?

I have a firewalled router that connects to two virtual Lans. The first lan is an administration network and the second a DMZ. My virtual machines in the DMZ need to send syslog messages to a syslog vm in the admin vlan. In order to do this i must…
user2284355
  • 455
  • 2
  • 10
  • 24
5
votes
2 answers

How can you filter mail.info from syslog?

How do I filter mail.info from /var/log/syslog (rsyslog.conf/Debian) while keeping messages greater than or equal to mail.warn? I've tried just about every different variation of appending and prepending different combinations of mail, mail.info,…
Jeff
  • 1,416
  • 3
  • 28
  • 50
5
votes
2 answers

Is there a way to make TLS work with rsyslog in Ubuntu 12.04?

I configure rsyslog to load the TLS module (to talk to loggly) and I'm getting this error: Jun 20 13:14:00 feynman rsyslogd-2068: could not load module '/usr/lib/rsyslog/lmnsd_gtls.so', rsyslog error -2078 [try http://www.rsyslog.com/e/2068 ] that…
Pablo Fernandez
  • 7,438
  • 25
  • 71
  • 83
5
votes
4 answers

Wildcard support for InputFileName in rsyslog?

We have log files with names that match a certain pattern but frequently change. Is there a way to specify a wildcard or pattern for rsyslog to include via InputFileName? Example: InputFileName: /path/to/logs/*_error.log Using the above example…
Dan
  • 657
  • 2
  • 9
  • 13
5
votes
1 answer

haproxy not logging

I have configured rsyslog (CentOS 6.3) adding the -c 0 -r options and the line local2.* /var/log/haproxy.log and restarted rsyslog but all that happens is an haproxy.log gets created. It is never written to. Not quite sure how to troubleshoot…
user160910
5
votes
1 answer

rsyslog update on Amazon Linux suddenly treats INFO level messages as EMERG

I'm having strange issue with rsyslog on some of my EC2 instances running Amazon Linux 2012.3. Upon yum upgrading rsyslog 4.6 to 5.8.10, it seems like every INFO level log message is suddenly treated as an EMERG level issue and they are getting…
slucidi
  • 53
  • 5
5
votes
2 answers

rsyslog: How do I direct messages from all remote machines to one file?

We have a syslog server and we have all our servers logging to it. We want a sort of "catch-all" drippan rule for all remote messages that we have not configured a rule for. Anyone know how to accomplish this?
Belmin Fernandez
  • 10,799
  • 27
  • 84
  • 148
5
votes
1 answer

How to maintain the log source host using logstash

I am following the steps in this blog to set up rsyslog + logstash + graylog2 and I can't figure out how to replace the @source_host attribute in logstash using the mutate -> replace filter. In the exmaple the author replaces his @source_host with a…
Ray Rodriguez
  • 51
  • 1
  • 2
5
votes
3 answers

Chained Syslog forwarding

Is there a way to chain syslog forwarding? For example, how can a clienthost forward its syslogs to ServerA and ServerA forward everything to CentralSyslogServer? I'm using rsyslog. The reason is that Server A is a dual homed machine which gets…
garg
  • 635
  • 1
  • 7
  • 17
1 2 3
45 46