Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [syslog]

syslog is a standard for logging messages about the operation of a system.

syslog is a standard that defines the format of messages about a system's operation. They are further categorized by facility (user,mail,kern), etc and a severity (critical, emergency, informational, etc). These messages are usually then processed by a network monitoring system to take appropriate action. For example, on an emergency message, staff could be paged to resolve the issue, whereas long term analysis could be done on informational messages to properly maintain sytems.

660 questions
0
votes
1 answer

Graylog fails to parse nginx access_log: JsonParseException: Unexpected character ('<' (code 60))

I've followed https://github.com/ronlut/graylog-content-pack-nginx-docker and Send NGINX logs to Graylog to try to get nginx logs into a graylog 4.1.5 server. Graylog is not displaying messages because it's failing to JSON parse them.…
Felipe
  • 1
  • 1
0
votes
1 answer

Limit number of available archives in syslog rotation

I have the following configuration for my /etc/logrotate.d/rsyslog file. In it, i explicitly declared the number of days it will rotate to 4 and the size of the rotation archive file as 100k for /var/log/syslog. What I want to know is when the…
justanotheruser1019
  • 25
  • 3
0
votes
0 answers

How to reduce repeat log in debian 10?

In similar quesiton,I know echo 'if $programname == "systemd" and ($msg contains "Starting Session" or $msg contains "Started Session" or $msg contains "Created slice" or $msg contains "Starting user-" or $msg contains "Starting User Slice of" or…
kittygirl
  • 945
  • 5
  • 13
  • 33
0
votes
0 answers

Rsyslog unable to receive syslogs from two or more switches , error in rsyslog configuration file

I am trying to send syslogs from routers/switches in a production environment to a linux server which has Rsyslog installed on it. Its working fine as long as rsyslog config file is set to receive logs from one switch, as soon as I am making…
Zius_123
  • 1
  • 1
0
votes
1 answer

Why are cron jobs not being logged by rsyslog on Debian 10 buster?

(I figured this out, it was multiple problems...I'm leaving this as is and explain the process I took to resolve in my answer to this question) I'm working on a simple Ruby script that runs as a cron job. I'm using Visual Studio Code and the…
David Mackey
  • 697
  • 2
  • 15
  • 30
0
votes
1 answer

Log systemd service stderr to different file using rsyslog

I have the following config in a systemd service: StandardOutput=syslog StandardError=syslog SyslogIdentifier=udocit And this rsyslog conf file: if $programname == 'udocit' and $syslogseverity > 5 then { action( type="omfile" …
HomeIsWhereThePcIs
  • 144
  • 1
  • 2
  • 9
0
votes
1 answer

VMWare ESXi remote syslog format

I've followed the documentation, host can connect to remote log port using nc, but no logs are received. As a remote syslog I'm using Loki and Promtail which only supports RFC 5424. Does ESXi ship this format? How the format can be changed?
Jan Zahradník
  • 547
  • 6
  • 14
0
votes
1 answer

rsyslog tag based forwarding

I'm looking to do a tag based forwarding instead of using local1. local1 is used for other things so I don't want it to get mixed up. How can I do this? Here's my config forwarding nginx logs under /etc/rsyslog.d/nginx.conf module(load="imfile"…
coffeemate090
  • 1
0
votes
1 answer

Exclude remote syslog client logs from /var/log/syslog on host machine

Background: I have a lil Raspberry Pi server running the latest Raspbian OS running a number of network appliances to help manage a complex IOT LAN for a client. I have been using rsyslog to write logs from the network hardware and servers to an…
kennnnnnnnneth
  • 3
  • 4
0
votes
1 answer

UFW Weird ICMP log record - Pinging is blocked

In the log records below I have replace my eth MAC address with ETH_MAC_ADDRESS the IP of my server with MY_SERVER_IP and other IPs with STRANGE_IP plus a number to distingue. Jan 29 15:11:48 cld kernel: [140229.731612] [UFW BLOCK] IN=eth0 OUT=…
fat_mike
  • 123
  • 8
0
votes
1 answer

CentOS 8 syslog entrys for xrdp & mariadb

I recently took a look into my syslog /var/log/messages and noticed two repeating entries that I don't understand: The log is full (and I mean full) of: xrdp[959]: [INFO ] Socket 12: AF_INET connection received from
blaze4k
  • 1
0
votes
1 answer

duplicate packet to another local host(SIEM)

We have a Central Syslog server that we use to collect all logs from our hosts and recently got a SIEM that we also want to collect the logs. We would like the Central Syslog server to duplicate the logs to the SIEM without changing the source…
Swannie
  • 3
  • 1
0
votes
1 answer

Save incoming log with suffix to its logfile-suffix.log using syslog-ng

I've been searching on the internet for answers relating to syslog-ng and how I can configure syslog-ng to save incoming log files with a specific suffix to a file and also carry over the suffix variable. destination d_logs { …
OMG-1
  • 156
  • 1
0
votes
1 answer

Custom service filling up syslog

We have a custom service we start via systemd. File is stored at /etc/systemd/system/custom.service. That's all great but we just had a situation where the disk ran full. I guess systemd catches all of the process' stdout and writes it into…
transient_loop
  • 499
  • 1
  • 4
  • 15
0
votes
1 answer

rsyslog, is there a way to see the facility codes of messages recieved?

I have a cisco ftd sending logs tagged with local3(19) however I am still seeing some messages ending up in my users.log instead of where i have them configured to be sent. Is that where they would end up if untagged? or is there was way to verify…
Security_Pete
  • 99
  • 1
  • 1
  • 11
1 2 3
43 44