Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [rsyslog]

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

It consists of an open source project with commercial addons such as the ability to log Windows events, as well as available support contracts.

681 questions
5
votes
2 answers

How to escape or remove double quotes in rsyslog template

I want rsyslog to write log messages in JSON format, which requires to use double-quotes (") around strings. Problem is that values sometime include double-quotes themselves, and those need to be escaped - but I can't figure out how to do…
Evgeny
  • 599
  • 5
  • 10
5
votes
1 answer

how to troubleshoot using rsyslog to output to a mysql database

Using FreeBSD 8.0 32 bit. I have installed rsyslogd 5.5.5 with ommysql. (installed ports /usr/ports/sysutils/rsyslog55 and /usr/ports/sysutils/rsyslog55-mysql) My rsyslog.conf file looks like: $ModLoad imudp $ModLoad imtcp $ModLoad ommysql $ModLoad…
ChrisNZ
  • 606
  • 2
  • 9
  • 25
5
votes
1 answer

Is it safe to disable rsyslog if I have journald?

I am using Debian 10. It seems to me, that both journald and (r)syslogd watch for messages independently from sources such as kmesg() or syslog(). Is there any advantage to running both? Why does Debian ship with both? For comfort? I guess syslog…
markson edwardson
  • 189
  • 9
4
votes
1 answer

rsyslogd not listening udp 514

I have Debian 3.2.65-1+deb7u2 with rsyslog 5.8.11 udp 514 $UDPServerRun 514 and $InputTCPServerRun 514 are uncommented. Why it is not listening to that udp port?
user354663
  • 41
  • 1
  • 2
4
votes
6 answers

Logging not working on Centos 7

Long story short - somehow I managed to screw up rsyslogd service on Centos 7 server. Now only thing that appears in /var/log/messages is: Dec 14 22:13:27 {myhostname} rsyslogd: [origin software="rsyslogd" swVersion="7.4.7" x-pid="1286"…
joshas
  • 191
  • 1
  • 1
  • 5
4
votes
1 answer

Amazon Linux rsyslog config override

I am using Amazon Linux AMI release 2015.03, I am trying to configure rsyslog to redirect logs to a remote logging server (in this case, logstash) by dropping a conf file in /etc/rsyslog.d. The remote logging configuration seems to work fine, but…
habelson
  • 43
  • 3
4
votes
1 answer

Forwarding structured data with rsyslog

We have a Java application logging structured data (MDC with log4j) via syslog to rsyslog (7.6.3) on localhost. localhost should then forward these log messages to a central logging host (also running rsyslog (7.4.4)) which will format the log…
Martin Schröder
  • 315
  • 1
  • 5
  • 24
4
votes
0 answers

rsyslog: Logs on local0 only on restart of rsyslogd

I have configured rsyslog.conf such that my program's log get logged in local0 facility. I have prevented logging in messages as well. *.info;mail.none;authpriv.none;cron.none;local0.none /var/log/messages local0.* …
Prabhu
  • 205
  • 1
  • 2
  • 7
4
votes
2 answers

Can I automate emailing of critical errors with systemd journal?

Fedora OS introduces journalctl as the new way to log error messages. I learn about this recently when I performed an upgrade. var/log/messages and many other log files are now combined into a .journal file within the var/log/journal directory. I…
Question Overflow
  • 2,103
  • 7
  • 30
  • 45
4
votes
1 answer

How to prevent logging of duplicated error messages in rsyslog?

After performing a software update, I got hundreds of errors that read like this: 2013-11-11 19:00:00 err user audispd - queue is full - dropping event Not sure if this is a bug, but it is rapidly filling up my log file at a few lines per second…
Question Overflow
  • 2,103
  • 7
  • 30
  • 45
4
votes
2 answers

Properly Configured Rsyslog on CentOS

I'm trying to configure Rsyslog 5.8.10 on CentOS 6.4 to send Apache's error and access logs to a remote server. It's working, but I have a couple questions. UPDATE: A, B and C are the only ones pending an answer. A) I would like to use as few queues…
Gaia
  • 1,855
  • 5
  • 34
  • 60
4
votes
2 answers

Ubuntu 12.04 logger won't write to remote syslog

I'm trying to use logger to send events to a remote syslog server. The syslog server is Ubuntu 12.04 running the default rsyslogd. The "client" servers are both Ubuntu 12.04 and SLES11SP1. On SLES11, I can send events to the syslog server…
James Watson
  • 41
  • 2
4
votes
4 answers

How can I forward an application log to a remote log server?

I have an application which writes its own log file in /var/log/app/app.log. How can I forward these logs to a remote Rsyslog server?
user2284355
  • 455
  • 2
  • 10
  • 24
4
votes
4 answers

CentOS centralised logging, syslogd, rsyslog, syslog-ng, logstash sender?

I'm trying to figure out the best way to setup a central place to store and interrogate server logs. syslog, Apache, MySQL etc. I've found a few different options but I'm not sure what would be best. I'm looking for something that is easy to install…
batfastad
  • 456
  • 1
  • 11
  • 22
4
votes
1 answer

Remote rsyslog only writing logging data to /var/log/syslog and not custom logfiles

I'm having a problem setting up rsyslog to log remote logging data to a specific file. I have two Windows Server 2008 boxes that each have a C# application using NLog.Targets.Syslog which log their debugging data to a linux box. All the logging data…
Shawn
  • 71
  • 6
1 2 3
45 46