Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [rsyslog]

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

It consists of an open source project with commercial addons such as the ability to log Windows events, as well as available support contracts.

681 questions
3
votes
1 answer

Why aren't syslog messages forwarded despite having the appropriate configuration?

I would like to forward (rsyslog 8.4.2-1) all syslog messages to a port on 127.0.0.1. In order to do so, I added a file in /etc/rsyslog.d/expose-42000.conf: *.* @127.0.0.1:42000 After restarting rsyslog (no error messages in the logs) I tried to…
WoJ
  • 3,607
  • 9
  • 49
  • 79
3
votes
1 answer

Rsyslog: From a custom log file, Forward only the messages matching a pattern

I want to forward messages matching a pattern (HELLO in this case) from a custom log file (/home/ubuntu/test.log) to a remote rsyslog server. Here is the configuration: # cat /etc/rsyslog.d/05-forwarding.conf *.*…
slayedbylucifer
  • 504
  • 3
  • 7
  • 24
3
votes
1 answer

rsyslog: How do I split the events in a log file into separate files if it contains a keyword?

I'm receiving syslog data in a .log file. That file contains two types of events. An event that only contains the syslog datetime stamp and an event that contains the syslog datetime stamp and a "timestamp=" field in the message. Using rules, how…
user3002
  • 31
  • 2
3
votes
1 answer

sshd no longer logging after update on fresh CentOS 7 Install

I am running a VPS with CentOS 7. After a clean install, I correctly saw failed login attempts and service restarts appearing in /var/log/secure like so: Jul 8 13:55:32 vps unix_chkpwd[2561]: password check failed for user (root) ... Jul 8…
user364469
  • 132
  • 11
3
votes
1 answer

How do I handle messages from my custom application in rsyslog?

I have a Ruby application on my server, let's call it "alpha". The application emits syslog messages with the program name "alpha". I want to separate my log messages into separate files based on what type of message it is, for instance "auth"…
Hubro
  • 1,138
  • 4
  • 16
  • 35
3
votes
3 answers

I erased haproxy.log with old content but this file hasn't appeared again

I have a load balancer with HAProxy in Ubuntu 14.04. I did all configurations for turn on log and it works well. However, I erased haproxy.log file and that hasn't appeared again. Can someone help me? I restart rsyslog and haproxy service. But it…
Jhonatan Alarcon
  • 293
  • 2
  • 4
3
votes
1 answer

How can I add values to structured data with rsyslog?

Our logs are sent from our applications to rsyslog running on the same host. Rsyslog then forwards the messages to Sumo Logic. We need to add some metadata to our log messages in the structured data field. Some of our applications already use…
Jeff Strunk
  • 2,127
  • 1
  • 24
  • 29
3
votes
1 answer

remote rsyslog client/server issue

I only want rsyslog to send the logs to the centralized rsyslog server but it is sending them locally as well. This is for legal reasons, the servers will not have a logs directory, only the centralized rsyslog server will have logs. I thought by …
BioRod
  • 303
  • 4
  • 13
3
votes
0 answers

When configuring rsyslog to log to mysql DB, what is purpose of SystemEventsProperties table?

I've configured rsyslog on my servers to log to a remote mysql DB. I did this essentially by following the rsyslog wiki and it essentially creates two tables: mysql> show tables; +------------------------+ | Tables_in_Syslog …
drewyupdrew
  • 206
  • 1
  • 5
3
votes
1 answer

Why isn't my SELinux logging anything?

I have a sneaking suspicion it has something to do with me mucking about with my rsyslog.conf, but I'm not 100% sure about that. I am running Centos 7, and SELinux has been working A-OK. However, I tried to follow these instructions and SELinux did…
Wayne Werner
  • 739
  • 4
  • 15
  • 27
3
votes
1 answer

Syslog logging to syslog.1 not syslog

My syslog file is getting a bit unmanageable. I believed I had configured this previously to rotate daily but obviously something has gone amiss. At the moment, my /var/log looks like this: -rw-r----- 1 syslog adm 0 Feb 25 06:25…
Zakalwe
  • 153
  • 2
  • 7
3
votes
1 answer

How to configure Monit to alert me when anything appears in syslog

I want Monit to alert me if ANYTHING shows up in syslog - as anything in there would be abnormal. I've tried the following and I'm not receiving any alert emails when I manually add something to syslog echo testing >> /var/log/syslog. I've verified…
runningonplants
  • 287
  • 3
  • 10
3
votes
3 answers

kibana: no indices error

None of the existing answers helped, so here a new question. Usecase: Redirecting syslog (or) monitoring static file. I have successfully installed logstash (1.4.2), elasticsearch(1.1.1) and kibana(3.0.1) but struggling to get rid of error No…
user3247463
  • 31
  • 1
  • 3
3
votes
2 answers

Snort not sending alert log file to syslog server?

I am set up with three virtual machines running Ubuntu - a Server, Client, and Gateway. I am tasked with setting up Snort on the Gateway to monitor "attacks" from the Client to the Server. Snort is supposed to send the log files to a rsyslog server…
rphello101
  • 95
  • 1
  • 1
  • 8
3
votes
2 answers

rsyslog configuration syntax

I need to take several actions for some log messages. For example I want to log them to different files according to severity. Everything is ok if I use this: if $programname == 'myprog' then…
Gregory MOUSSAT
  • 1,673
  • 2
  • 25
  • 50
1 2 3
45 46