Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [syslog]

syslog is a standard for logging messages about the operation of a system.

syslog is a standard that defines the format of messages about a system's operation. They are further categorized by facility (user,mail,kern), etc and a severity (critical, emergency, informational, etc). These messages are usually then processed by a network monitoring system to take appropriate action. For example, on an emergency message, staff could be paged to resolve the issue, whereas long term analysis could be done on informational messages to properly maintain sytems.

660 questions
10
votes
3 answers

Is there a way to filter syslog entries?

I have a cluster of Linux servers that are fronted by a load-balancer, which probes each server every 5 seconds to determine if it's operational. These probes generate a lot of useless noise in the logs, and I'd like to simply not have them…
gharper
  • 5,425
  • 4
  • 29
  • 35
9
votes
2 answers

Can Journalctl and syslog be used in paralled?

I'm having a hard time understanding how logging works on linux. Since the inclusion of systemd, it seems a bit easier, but I still have a couple of concepts that still can't fully understand. Given a system with journalctl, I want to send some log…
RedNano
  • 333
  • 1
  • 7
  • 10
9
votes
1 answer

Rsyslog.conf disable mail.info and/or disable postfix reporting

I have log entries like: Apr 8 10:25:31 monitor postfix/smtpd[3131]: connect from localhost[127.0.0.1] Apr 8 10:25:31 monitor postfix/smtpd[3131]: lost connection after CONNECT from localhost[127.0.0.1] Apr 8 10:25:31 monitor postfix/smtpd[3131]:…
user699077
8
votes
1 answer

How to forward Docker container logs to ELK?

I would like to know what is the easiest way to forward my docker container logs to an ELK server, so far the solutions I have tried after having searched the internet didn't work at all. Basically I have a docker image that I run using…
ndarkness
  • 193
  • 1
  • 7
8
votes
2 answers

Nginx log to syslog on TCP port

I need to redirect Nginx access and error logs to a remote syslog server. From http://nginx.org/en/docs/syslog.html I saw that I can do: error_log syslog:server=192.168.1.1; However I need to redirect to a specific TCP (not UDP!) port and I tried…
int 2Eh
  • 193
  • 1
  • 2
  • 6
8
votes
1 answer

ELK Stack (Logstash, Elasticsearch and Kibana) with concurrent remote syslog server?

I'm building a log analyser service to start monitoring mainly our pfSense Firewalls, XenServer Hypervisors, FreeBSD/Linux servers and Windows servers. There's a lot of documentation on the internet about the ELK stack and how to make it work…
Vinícius Ferrão
  • 5,520
  • 11
  • 55
  • 95
8
votes
1 answer

Getting journald logs to a plain text file

I want to log journald logs to a file so I can later on fetch it and send it to Logstash. I thought about running syslog-ng and make it a client of journald, so I'd get syslog files. I'm using Docker containers on a CoreOS machine, so I tried to run…
Jose Armesto
  • 181
  • 1
  • 1
  • 4
8
votes
3 answers

SNMPD not binding correctly

OS: Debian 5.0.3 SNMPD Version: 5.4.1 I have the following two lines in my snmpd.conf file: interface eth0agentaddress udp:161 I'm getting the following errors in my syslog: Oct 5 18:04:44 webdb003 snmpd[29864]: /etc/snmp/snmpd.conf: line 434:…
chizou
  • 477
  • 3
  • 8
  • 18
8
votes
5 answers

How to log multiline message with logger command?

I want to log a multiline message into the system logger via the commabnd echo -e "foo\nbar" | logger But it appear as 2 logs. Is it possible to log as a single log?
Howard
  • 2,135
  • 13
  • 48
  • 72
8
votes
5 answers

Linux: how to send new lines in log files to remote syslog?

We have several applications which are generating their own plain-text log files, which I would like to forward to a remote syslog server for centralized logging. I do not have access to root on these machines, nor can I reconfigure syslog to…
Michael Martinez
  • 2,645
  • 3
  • 24
  • 35
8
votes
3 answers

To use syslog or not

Can someone make a decent case here: I want to use syslog so logging is integrated and so I can direct it based on severity etc not to mention log rotate, but at the same time I like the idea of having a dedicated log file for my application so if…
Atomiklan
  • 549
  • 1
  • 8
  • 16
8
votes
5 answers

How do I stop postfix log info going into syslog?

We have a vps running Ubuntu 10.04.4 LTS, and while trying to find a solution to a php problem, I've become aware of what looks like a problem with the syslog system - I'm not sure though. The syslog.conf file looks like this: auth,authpriv.* …
Paulioliolio
  • 81
  • 1
  • 1
  • 2
8
votes
2 answers

Add a local application to syslog excluded from /var/log/messages

I have an application which logs to syslog facility local1. I would like to configure syslog to send all local1 messages to a log file separate from /var/log/messages -- that turned out to be easy. But the messages are also going to…
Josh
  • 9,190
  • 28
  • 80
  • 128
8
votes
3 answers

Syslog forwarding loses original hostname

I have DMZ hosts forwarding to a DMZ syslog which in turn forwards all the syslog messages to an internal syslog server. It's working fine for the most part but the internal syslog host messages appear to all be coming from the DMZ syslog ie it…
garg
  • 635
  • 1
  • 7
  • 17
8
votes
2 answers

Formal separation marker of syslog events?

I've been looking at RFC5424 to find the formally specified marker that will end a syslog event. Unfortunately I couldn't find it. So If I wanted to implement some small syslog server that reacts on certain messages what is the marker that ends a…
serverhorror
  • 6,478
  • 2
  • 25
  • 42
1 2
3
43 44