Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [syslog]

syslog is a standard for logging messages about the operation of a system.

syslog is a standard that defines the format of messages about a system's operation. They are further categorized by facility (user,mail,kern), etc and a severity (critical, emergency, informational, etc). These messages are usually then processed by a network monitoring system to take appropriate action. For example, on an emergency message, staff could be paged to resolve the issue, whereas long term analysis could be done on informational messages to properly maintain sytems.

660 questions
0
votes
1 answer

How do I get Docker to include the host hostname in syslog?

I have configured docker to use the syslog log driver. My daemon.json looks like this: { "log-driver": "syslog", "log-opts": { "syslog-address": "tcp://192.168.1.10:1514", "mode": "non-blocking", "tag": "{{.ImageName}}/{{.Name}}" …
Tim
  • 9
  • 1
0
votes
1 answer

define custom fields for systemd-journald

The doc states, it may be possible to define new fields by applications. What does it mean? Can one define arbitrary fields or are only those possible listed in the doc USER JOURNAL FIELDS? If arbitrary fields are possible, how to define them then?
woodz
  • 136
  • 3
0
votes
0 answers

How to generate McAfee ePO logs?

I'm configuring rsyslog to parse, store and forward the logs generated by McAfee ePO How can I trigger some real logs to be generated manually so that I don't have to wait (it can take a while) to see if rsyslog configuration is correct? I tried…
mfloris
  • 101
0
votes
0 answers

php-fpm access log to rsyslog

I am trying to find a solution for getting logs from php72 php-fpm yii2 application behind nginx on several numbers of servers: at now application writes its logs to files on server disk, yii performs rotation of log files. But this solution…
Илья Бугримов
  • 1
  • 1
0
votes
0 answers

Promtail - syslog configuration only logs localhost for hostname and IP

I have a number of boxes that run docker containers. To keep a record of all the logs, we have 1 instance of logspout on every box that grabs all container logs on that box, and routes it to a syslog-ng instance (docker container) on a central host …
WorkAppropriateUsername
  • 1
0
votes
1 answer

syslog access beginning of log line

I would like to filter the content of my logs generated by Syslog, I'm applying a filter based on $msg but it is not containing the beggining of the line: 2022-09-29T16:39:39Z SYS_SERVER_2 - - - - - A Web interface has been accessed when I try to…
tiamat
  • 103
  • 1
  • 4
0
votes
0 answers

rsyslog include $msg variable while using omprog

I would like to include the variable $msg into a omprog while calling a shell script but I cannot retrieve the real value: if ($msg contains 'dummy') then {action(type="omprog" binary="/usr/bin/sh /home/test/myScript.sh $msg")} is there a way to…
tiamat
  • 103
  • 1
  • 4
0
votes
1 answer

Combining multiple Property-Based Filters for Rsyslog

I was trying to set up a specific Rsyslog configuration file to catch all incoming kernel messages of a few types. For example, I want to dump all logs containing "example message 1" and "example message 2" into a custom log. For example, this rule…
jeff
  • 1
0
votes
0 answers

How to stream syslog to physical screen to debug network hicups on NFS-rootfs system?

I have a system without any local storage, that is booting via PXE/TFTP and has an NFS root and some iSCSI targets mounted. I'm trying to debug a condition when due to some service the network is apparently being reset. Obviously from that moment…
Mofef
  • 21
  • 3
0
votes
1 answer

rsyslog ruleset for encrypted logging

I've setup managed to setup rsyslog to accept TLS traffic from a clients server. When I configured the certificate and the port originally, it all worked fine. The problem is it is dumping the logs into the same log file, /var/log/messages, as other…
itinneed2022_1
  • 1
  • 1
0
votes
1 answer

Sending rsyslog messages to remote file system

I have an Ubuntu server that will be running rsyslog and many "client" devices and applications sending logs to it (via various syslog clients). I know that rsyslog logs everything to /var/log, but ideally I could "pump" these logs to a file on…
hotmeatballsoup
  • 143
  • 7
0
votes
1 answer

does remote logging stops local logging

I'm using a Graylog server to centralize logs from network equipment and servers and I'm wondering if the Syslog service on the switches, windows machines, and other equipment, that service still going to save logs locally or just send them remotely…
Retro_0
  • 5
  • 3
0
votes
0 answers

syslog-ng duplicate log message

Not duplicate of this question because that one uses rsyslog on client whereas I use syslog-ng on both sides. I have a syslog-ng instance on both the client and the server and for whatever reason the there are repeated log lines in the server…
ElpersonPL
  • 1
  • 1
0
votes
1 answer

syslog-ng: how to configure sending RFC5424 messages with octet-counting framing

Please don't bother reading this question. syslog-ng is already set up to send RFC5424 messages with octet-counting framing by default. I was confused by the behaviour of another component. This question is invalid. I have a syslog-ng OSE config…
davidA
  • 383
  • 3
  • 12
0
votes
2 answers

systemd, journal receiving raw log

one common paradigm on all other syslog implementations (rsyslog, syslog-ng, readlog, etc) is to exchange log entries via UDP514 in plain text format. How do I enable systemd-journal-remote to receive logs in such format? (I know there are plugins…
gcb
  • 344
  • 1
  • 4
  • 18
1 2 3
43 44