Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [rsyslog]

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

It consists of an open source project with commercial addons such as the ability to log Windows events, as well as available support contracts.

681 questions
4
votes
1 answer

Rsyslog Discarding Unwanted Messages

Once again, i found that Rsyslog is not as flexible as i expected... My application logs to LOCAL5.* ( depending on the severity ) I would like to see on my centralized log server only LOCAL5.WARNING and above I assumed and tested local5.info …
Arenstar
  • 3,602
  • 2
  • 25
  • 34
4
votes
2 answers

rsyslog appears to act on old configuration

I'm using a template to dynamically generate rsyslog filenames. I've made some changes from my original format, but rsyslog still appears to be using both the new template and the old after restarting. My filename template went from this: $template…
Jeff Lee
  • 171
  • 4
4
votes
2 answers

Centralized logging over intermittent connection

I'm using rsyslog to forward syslog entries from a pile of servers to Loggly The configuration looks something like this: # Config for loggly upload *.* @@logs.loggly.com:12345 This works, but because it's forwarding, any log entries which occur…
Matt Sweeney
  • 259
  • 2
  • 7
4
votes
1 answer

rSyslog and short hostname

I'm working with rsyslog through multiple hops. What I want is the following, I do not want the short hostname in the msg I only want the IP. So the server sending the msg I do not want it to add its short hostname to the message being sent I only…
user52297
  • 41
  • 3
4
votes
5 answers

How can root start a process that only root can kill?

It is easy to start a process at background or make it as systemd service. However, if I want to start a process that monitors activities on the Linux machine, it fells to the target of attacks. If any user want to do something bad it will first…
George Y
  • 528
  • 6
  • 16
4
votes
1 answer

What happens to logs generated by logger if there is no logging daemon installed or active

If you have a Linux distribution either without a logging daemon installed, or with the logging daemon disabled, what happens to the logs generated by the logger command? I have Ubuntu 20.04.2 with the rsyslog service. When I turn this service off,…
Dom
  • 458
  • 1
  • 5
  • 15
3
votes
1 answer

Rsyslog does not set read and write permission for group and everyone

Rsyslog ignores read and write permission set with fileCreateMode for group and everyone. I have set up a service to run my node application as such: ... [Service] WorkingDirectory=/opt/demo/app User=appuser Type=simple ExecStart=/usr/bin/node…
HomeIsWhereThePcIs
  • 144
  • 1
  • 2
  • 9
3
votes
1 answer

Does logrotate.conf override the config of the submodules?

I wonder which of the logs takes precedence over the other. Looking at rsyslog defined here, it defines daily rotation and keeping them for 30 days. vim /etc/logrotate.d/rsyslog /var/log/syslog { rotate 30 daily missingok …
Houman
  • 1,545
  • 4
  • 22
  • 36
3
votes
0 answers

Rsyslog not logging after logrotate

I am using rsyslog and have a number of network devices sending their logs to this server. Rsyslog then splits each out device's logs into "devicename.log". Via this: $template…
Daniel Hood
  • 63
  • 4
3
votes
0 answers

Rsyslog messages not making it to local logfile

I've been tasked with setting up longer/better log retention for our postgres servers, but after configuring postgres to ship logs to syslog via local0 I've found that they never actually hit the configured local…
Sammitch
  • 2,111
  • 1
  • 21
  • 35
3
votes
1 answer

global configuration rsyslog using RainerScript how to?

Right now i have this in my rsyslog.conf file. /* GLOBAL DIRECTIVES */ # Global umask for all actions $umask 0022 # Set the default permissions for all log files. module(load="buildin:omfile" # To enable high precision timestamps, use the…
serine
  • 33
  • 1
  • 3
3
votes
0 answers

How to setup logrotate properly for multiple systemd services, which sends their stdout, stderr to rsyslog

Suppose I have many systemd service units on ubuntu 16.04 which looks like this: [Unit] Description=Do something…
vskubriev
  • 686
  • 9
  • 15
3
votes
1 answer

Suppress logging rsyslog boot messages in my message file

I have rsyslog installed and I am listening to a log stream from a device. The problem I'm having is that before I start saving the device's own log lines, some lines are generated that correspond to the rsyslog itself. Someone can tell me how to…
xav
  • 153
  • 2
  • 5
3
votes
2 answers

Logging Chrooted SFTP user activity

I have been trying to log SFTP activity by Chrooted user. I have not been able to log a single line so far for any chrooted user. For regular users it works. My current settings: /etc/ssh/sshd_config: Subsystem sftp internal-sftp -f AUTH -l…
Jeppe
  • 133
  • 1
  • 7
3
votes
2 answers

Rewriting facility/severity in rsyslog v7 before shipping off to a remote collector

I have a machine "A" with a local rsyslogd, and a remote collector machine "B" elsewhere listening with its own syslog daemon and log processing engine. It all works great...except that there is one process on A that logs at local0.notice, which is…
AlwaysLearning
  • 129
  • 6
1 2 3
45 46