Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [syslog]

syslog is a standard for logging messages about the operation of a system.

syslog is a standard that defines the format of messages about a system's operation. They are further categorized by facility (user,mail,kern), etc and a severity (critical, emergency, informational, etc). These messages are usually then processed by a network monitoring system to take appropriate action. For example, on an emergency message, staff could be paged to resolve the issue, whereas long term analysis could be done on informational messages to properly maintain sytems.

660 questions
15
votes
3 answers

Deciphering continuing mpt2sas syslog messages

Summary I have been getting these cryptic messages in syslog since I installed some new hardware and I can't figure out what the problem is, if it's serious, or what to do about it. They're from the new SATA HBA and they follow a pattern. I will get…
Chris Smith
  • 580
  • 1
  • 4
  • 13
15
votes
1 answer

Any logs of if/when "at" jobs were executed?

I've setup a couple of "at" jobs to execute at specific times on CentOS 5. This morning I don't see these commands in the queue ("atq"), as expected, but I also don't see were can I check whether the daemon responsible to execute them did this on…
Capt. Crunch
  • 839
  • 2
  • 12
  • 25
15
votes
3 answers

Sending audit logs to SYSLOG server

I'm running several RHEL based systems which utilize the audit functionality within the 2.6 kernel to track user activity and I need to have these logs sent to centralized SYSLOG servers for monitoring and event correlation. Anyone know how to…
syn-
  • 493
  • 3
  • 7
  • 10
14
votes
1 answer

Remove UFW Block from kern.log and sys.log

Using Nginx, Wordpress and Ubuntu 16. I am constantly bombarded with these messages in kern.log , syslog and ufw.log Nov 28 21:02:28 kernel: [246817.450026] [UFW BLOCK] IN=eth0 OUT= MAC=xx.xx SRC=122.3.133.77 DST=xx.xx LEN=60 TOS=0x00 PREC=0x00…
JoaMika
  • 499
  • 2
  • 9
  • 21
14
votes
4 answers

How can I reduce the verbosity of certain Ansible tasks to not leak passwords into syslog?

Sometimes I would like to use Ansible's lineinfile or blockinfile modules to write a password into some configuration file. If I do so, the whole line or block, password included, ends up in my syslog. As I don't consider syslog to be a secure place…
aef
  • 1,745
  • 4
  • 25
  • 43
13
votes
6 answers

Open source tomcat log viewer

I'm managing several tomcat instances (aprox 30-35) and looking for some console to centralize the logs. I tried php-syslog-ng before (no with tomcat), and found it useful. I would like that these software would have some of these features: -Syntax…
Ari
13
votes
1 answer

How do I make sec ignore a timestamp properly

I have a rule that is set up like so; In /etc/sec/rules.d I have; type=SingleWithSuppress ptype=regexp pattern=(\S+) sshd\[\d+\]: PAM \d+ more authentication failures\; logname=.* uid=.* euid=.* tty=ssh ruser=.* rhost=(.*) user=(.*) desc=Login…
Ethabelle
  • 2,052
  • 14
  • 20
13
votes
1 answer

How do I setup rsyslog to send all logs to multiple remote servers?

I am trying to make rsyslog to send all logs to 2 remote servers, but it seems rsyslog only sends to the secondary server if the first one fails. *.* @@server1 *.* @@server2 If I put the above in /etc/rsyslog.conf, server2 will not receive any logs…
Daniele Testa
  • 661
  • 4
  • 10
  • 18
13
votes
3 answers

how to filter rsyslog messages by tags

I have several applications and scripts that I want to redirect the output to custom files. I launch those applications using command | logger -t TAG I would like to filter these messages based on their tags and redirect them to different files. I…
mistyrouge
  • 301
  • 1
  • 2
  • 8
13
votes
7 answers

How did you implement log management on your servers?

I'm trying to figure out how other people implement their log management systems. I have 20-30 Linux servers and a few Windows boxes (most of them virtualized). We utilize a lot of Perl and Bash scripts to do most of our automated jobs and I'm…
Edward
  • 449
  • 3
  • 12
13
votes
4 answers

Is there a way to remove "Last message repeated x times" from logs?

I have a script that updates me on any changes to the kernel log on my (Debian) servers. The problem is that occasionally the log contains lines like: last message repeated 4 times I realize that this is a feature to shorten the size of the logs -…
Brent
  • 22,857
  • 19
  • 70
  • 102
12
votes
4 answers

How can I make syslogd email certain log messages to me?

I'd like to be able to get an email notification whenever syslogd logs something of, say err priority or higher. Assume this is a BSD compatible syslog daemon. Can this be accomplished? Should I use a named pipe to a shell script? What other…
jason
  • 222
  • 1
  • 2
  • 7
11
votes
6 answers

Good syslog server for Windows

I've been trying to find a "good" syslog server to provide centralized application login for a distributed system we've built. Our application logging system can not only log to files but also to a syslog server and we would like to utilize this…
Todd
  • 243
  • 1
  • 5
  • 8
11
votes
1 answer

Tool for testing syslog

Does anyone know of a tool or a script that I could use to send messages to syslog? I'm trying to troubleshoot a syslog configuration, and I'm having trouble eliminating possibilities. What I would like to do is something like this: ./testScript -f…
Rich
  • 1,343
  • 7
  • 28
  • 39
11
votes
4 answers

How to allow non-root user to listen on privileged port?

I want syslog to run as a non-root user on my linux box. That makes it impossible for it to bind to port 514 - because that's a privileged port. Is there any way I can grant non-admin user "foo" the ability to listen on port 514?
Dan Goldburt
  • 133
  • 1
  • 1
  • 6
1
2
3
43 44