Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [rsyslog]

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

It consists of an open source project with commercial addons such as the ability to log Windows events, as well as available support contracts.

681 questions
3
votes
0 answers

php-fpm: Maintain php_mod logging format

I recently switched all my lab servers from apache pre_fork/mod_php to apache worker/fcgi/php-fpm, and after getting everything set-up correctly, I noticed one last issue; php-fpm is adding it's own logging "header" to the php error log. So this…
Mike Purcell
  • 1,708
  • 7
  • 32
  • 54
3
votes
1 answer

How do I configure rsyslog to deal with MySQL Slow Query Log multi-line messages?

Using rsyslog v8.2.2, I would like to group multi-line messages, such as those output by the MySQL Slow Query log. Each new message begins with three consecutive lines having '#' as the first char of the line, though some messages have only two…
Gaia
  • 1,855
  • 5
  • 34
  • 60
3
votes
0 answers

rsyslog - How to flush queue?

I'm using rsyslog to get logs from haproxy and put them into logstash for elasticsearch/kibana. Everything was working ok, but i've found something strange in rsyslog. I've found that i've got missing data in kibana. The reason is rsyslog. Queue on…
Lisek
  • 309
  • 2
  • 7
  • 15
3
votes
4 answers

rsyslog relp - preventing remote logs from being written to my local /var/log

I've set up a logging server using rsyslog with relp. It works just fine as far as receiving remote logs and placing them in /var/spool/rsyslog. My problem is: most of these messages are appearing in my /var/log/messages file as well, which can get…
lysdexia
  • 133
  • 1
  • 1
  • 6
3
votes
1 answer

Failing forwarding rsyslog

I have a centralised rsyslog server A that receives a bunch of logs through TCP from servers X, Y, Z. It then stores the files on disk but also forwards them to logstash server B (on a different machine). For the relaying to the logstash server B I…
Arthur Lutz
  • 375
  • 3
  • 11
3
votes
2 answers

syslog message format question

is there a way with rsyslog or syslog-ng to allow tab delimited messages? I'm currently using rsyslog and the c syslog() function to generate syslog messages from within my app. The problem is that I use \t and they get translated into #011 when I…
razor
3
votes
1 answer

Why Postfix on Linux require a "-" character before the pathname of the log file?

I´ve found the following here: IMPORTANT: on Linux you need to put a "-" character before the pathname, e.g., -/var/log/maillog, otherwise the syslogd process will use more system resources than Postfix. But the documentation does not give any…
Metalcoder
  • 153
  • 1
  • 5
3
votes
2 answers

firewall output flooding dmesg

I log all dropped packets using following iptables rule: -A INPUT -j LOG --log-prefix "FW_DROP: " --log-level 7 and then in rsyslog.conf, I redirect this output to a separate file, so that my syslog is not flooded :msg, contains, "FW_DROP"…
user1968963
  • 101
  • 1
  • 5
3
votes
2 answers

why is stunnel doing this

I am trying to setup stunnel to encrypt traffic from rsyslog (using the relp protocol), but whenever I try starting stunnel and sending logs to the remote server, i get the following: Remote socket (FD=13) closed Feb 15 01:25:55 ruby…
lacrosse1991
  • 1,437
  • 5
  • 20
  • 26
3
votes
1 answer

rsyslog starttls ssl

I'm trying to test a setup of rsyslog that uses ssl. I'm (perhaps mis)-understanding that if I use starttls for the ssl traffic, I should be able to receive both ssl and plain syslog traffic on the same tcp port as the ssl session is negotiated if,…
Sirex
  • 5,499
  • 2
  • 33
  • 54
3
votes
1 answer

Rsyslog messages are truncated, not sent to the correct file

On Ubuntu 10.04 LTS, I'm using the stock rsyslog configuration and added a custom file in /etc/rsyslog.d with the following contents: # cat /etc/rsyslog.d/62-pc local3.debug /var/log/pc/debug.log local3.* /var/log/pc/main.log The two…
jd.
  • 33
  • 6
3
votes
2 answers

How to redirect third party logs to log server in Centos

I want to setup a simple log server to accept logs from all clients. I am not talking about standard system logs such as /var/log/mail , message, boot etc. I want to redirect or send application logs and they may not be using syslog daemon at all to…
chandank
  • 847
  • 3
  • 14
  • 31
3
votes
2 answers

Removing 'local7' log entries from /var/log/messages

Using rsyslog.conf on Ubuntu - The default line for /var/log/messages in 50-default.conf is: *.*;auth,authpriv.none -/var/log/syslog I'm starting to log a lot of things at the local7 level - with a line like: local7.* /my/file/name All of…
koblas
  • 155
  • 5
3
votes
1 answer

syslog writing to general instead of specific file

I'm running Ubuntu and Postgresql 9. I've enabled postgresql to log to syslog, and added the following directive to the config file: syslog_facility = 'local0'". I've tried to configure syslog to log those to a separate file, but that filed. I…
user410932
  • 155
  • 2
  • 7
3
votes
1 answer

rsyslog with heroku

I'm trying to capture logs from Heroku. I have setup as suggested http://devcenter.heroku.com/articles/logging#syslog_drains. I'm completely new to the rsyslog, please bear with me. Where do I see the logs from heroku? Also, how do I…
Devi
  • 131
  • 3
1 2 3
45 46