Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [syslog]

syslog is a standard for logging messages about the operation of a system.

syslog is a standard that defines the format of messages about a system's operation. They are further categorized by facility (user,mail,kern), etc and a severity (critical, emergency, informational, etc). These messages are usually then processed by a network monitoring system to take appropriate action. For example, on an emergency message, staff could be paged to resolve the issue, whereas long term analysis could be done on informational messages to properly maintain sytems.

660 questions
7
votes
2 answers

Is it still allowed to have log files under the new GDPR?

Is it still allowed to have server access log files under the new GDPR? Because of the gathering of IP addresses is not allowed, I can imagine that system operators are in violation of the law in countries where the GDPR is active. Edit (thanks to…
C.A. Vuyk
  • 632
  • 10
  • 18
7
votes
1 answer

Send NGINX logs to Graylog

I'm trying to collect nginx error and access logs with graylog, I think everything is correctly configured, but Graylog receive nothing from NGINX (Graylog & NGINX are in docker containers and both are in the same network) I use nginx/1.13.5 &…
MickaelCa
  • 96
  • 1
  • 1
  • 3
7
votes
1 answer

Ubuntu server hang with ascii NUL characters in syslog and other files ( ^@^@^@… )

We are experiencing occasional hangs with ubuntu 16.04 LTS (kernel 4.4.0-34-generic) and we wonder if somebody has some clues how to get to bottom of this. The log looks like this: Aug 24 10:02:04 Ubuntu-1404-trusty-64-minimal kernel: [ 2046.519099]…
user2196351
  • 191
  • 4
7
votes
3 answers

How can I suppress Postfix anvil statistics from system logs?

After every email sent through my mail server, postfix/anvil appends something like the following: Nov 9 15:09:11 keutenberg postfix/anvil[30006]: statistics: max connection rate 1/60s for (smtp:103.28.42.75) at Nov 9 15:02:42 Nov 9 15:09:11…
squircle
  • 524
  • 6
  • 14
7
votes
1 answer

How do I configure rsyslog on Ubuntu 14.04 to use ISO8601 timestamps?

In a file in /etc/rsyslog.d/ I have the following: local3.* /var/log/mylog.log When I log to this facility, records have timestamps which look like this: Apr 27 21:12:20 hostname msg How do I set things up so that they look like this…
jl6
  • 2,575
  • 2
  • 18
  • 19
7
votes
1 answer

rsyslog udp forwarding truncates at 2048 characters

Rsyslog on a RHEL 6 server is receiving messages locally on port 514 UDP. These messages are sometimes much larger than normal syslog message sizes. I am seeing rsyslog handle all of the messages just fine, it writes to the local files without…
nictrix
  • 173
  • 1
  • 7
7
votes
5 answers

Does this log indicate the server reboooted?

I have a webserver I think rebooted at some point .. mostly because apache wasn't serving sites and it usually does that when someone starts it and doesn't enter the SSL cert's password ... and a reboot/start fixed the problem. Looking around in…
erik
  • 89
  • 1
  • 1
  • 2
7
votes
2 answers

rsyslogd: Any way to get around the number of local facilities?

We have about 9-10 appliances we want to direct the logging to our rsyslog server for. However, there's only 8 local facilities (0-7). How can we get around this limitation?
Belmin Fernandez
  • 10,799
  • 27
  • 84
  • 148
7
votes
1 answer

How old is the "severity" paradigm in logging?

Years of sysadmin left syslog's severity levels, as described by The BSD Syslog Protocol, clearly imprinted in my mind. You know the drill: Emergency, Alert, Critical, Error, Warning, Notice, Informational and Debug. This left traces elsewhere, such…
Daniel C. Sobral
  • 5,713
  • 6
  • 34
  • 48
7
votes
1 answer

OSX /var/log/system.log -- where do i define pruning interval?

I have a script that periodically checks /var/log/system.log and I've noticed across our network that some machines keep logfiles for a month through reboots and other activities, while some purge the file each night or each reboot. Does anyone…
David Houde
  • 3,200
  • 1
  • 16
  • 19
7
votes
5 answers

Recommended software for a Centralized logging server?

I'd like to centralize logging for all my servers. Server operating systems include Windows 2003, 2008, Ubuntu and Redhat. I think Splunk is too expensive, has anyone set up something like this using open source or reasonably priced software. …
Antonius Bloch
  • 4,680
  • 6
  • 29
  • 41
7
votes
1 answer

rsyslog filters on message contents and facility

I have found examples of how to filter based on the contents of a log entry with rsyslog. But is there a way to do this so it is only filtering on the contents of a certain facility? For example something like: if local0.* msg contains "foo" But…
Kyle Brandt
  • 83,619
  • 74
  • 305
  • 448
7
votes
4 answers

Logging atd messages via syslog

I am running CentOS 5.3 and would like to log all messages from the "at" daemon. My syslog.conf contains the following entry: cron.* /var/log/cron I assumed that cron line in syslog refers to the entire family of "cron, anacron, at and batch".…
Gurunandan Bhat
  • 247
  • 3
  • 8
7
votes
5 answers

Is centralized logging a good idea?

Right now, my organization has a solution comprised of 10+ components, and some have a log file per thread. Since files are rotated hourly, tracking all of this is a chore. Is centralizing all logging to a specific machine (using rsyslog or…
Bruno Antunes
  • 275
  • 1
  • 3
  • 8
6
votes
1 answer

Create separated syslog file for each host with rsyslog

I have a syslog server (running rsyslog on RHEL 7.4) that consolidates all the syslogs from my network devices. It's listening on port TCP/514. I want to redirect the logs of each device to a different file in a dedicated directory (based on their…
eden881
  • 215
  • 1
  • 2
  • 10
1 2 3
43 44