Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [syslog]

syslog is a standard for logging messages about the operation of a system.

syslog is a standard that defines the format of messages about a system's operation. They are further categorized by facility (user,mail,kern), etc and a severity (critical, emergency, informational, etc). These messages are usually then processed by a network monitoring system to take appropriate action. For example, on an emergency message, staff could be paged to resolve the issue, whereas long term analysis could be done on informational messages to properly maintain sytems.

660 questions
4
votes
4 answers

Can remote logging with syslog-ng hang my application?

I want every server to send logs to /var/log and and copy to a remote syslog-ng server. I've heard anecdotes how logging remotely can hang your application if the network has problems. Should I be concerned about my app hanging when logging…
where's the fire
  • 101
  • 2
  • 5
4
votes
1 answer

F5 Load Balancer and SIEM

I am looking for information on whether F5 can forward syslog info to a SIEM such as arclight or Qradar. I have heard that you can only send unencrypted traffic on port 80 but you cant forward anything encrypted. Is this true. Has anyone else ran…
Sublime1914
  • 41
  • 2
3
votes
1 answer

Rsyslog does not set read and write permission for group and everyone

Rsyslog ignores read and write permission set with fileCreateMode for group and everyone. I have set up a service to run my node application as such: ... [Service] WorkingDirectory=/opt/demo/app User=appuser Type=simple ExecStart=/usr/bin/node…
HomeIsWhereThePcIs
  • 144
  • 1
  • 2
  • 9
3
votes
0 answers

How to apply grok to logs from syslog in telegraf?

In my current setup I am using Telegraf to ingest nginx logs from syslog and spit them out into influxdb. This works great. Telegraf has support for grok log parsing. As far as I can tell it can be invoked for [[inputs.file]] and for…
Mr. Developerdude
  • 183
  • 1
  • 10
3
votes
0 answers

Rsyslog messages not making it to local logfile

I've been tasked with setting up longer/better log retention for our postgres servers, but after configuring postgres to ship logs to syslog via local0 I've found that they never actually hit the configured local…
Sammitch
  • 2,111
  • 1
  • 21
  • 35
3
votes
2 answers

How to forward windows log using Nxlog to rsyslog server(linux)?

Im using nxlog version 3.0 on WinServ2012 R2 Standard, i can forward the event logs under Eventviewer --> windows logs --> application, system, security. But Im not able to forward other log that is on different log directory/levels for…
sherpaurgen
  • 616
  • 6
  • 10
  • 26
3
votes
2 answers

Rewriting facility/severity in rsyslog v7 before shipping off to a remote collector

I have a machine "A" with a local rsyslogd, and a remote collector machine "B" elsewhere listening with its own syslog daemon and log processing engine. It all works great...except that there is one process on A that logs at local0.notice, which is…
AlwaysLearning
  • 129
  • 6
3
votes
0 answers

Why is my CUPS scheduler repeatedly being restarted?

In my /var/log/syslog, I see (filtered irrelevant parts out): Dec 30 15:00:10 myhost systemd[1]: Started CUPS Scheduler. Dec 30 15:13:11 myhost systemd[1]: Started CUPS Scheduler. Dec 30 15:26:11 myhost systemd[1]: Started CUPS Scheduler. Dec 30…
einpoklum
  • 1,652
  • 3
  • 21
  • 31
3
votes
1 answer

Why aren't syslog messages forwarded despite having the appropriate configuration?

I would like to forward (rsyslog 8.4.2-1) all syslog messages to a port on 127.0.0.1. In order to do so, I added a file in /etc/rsyslog.d/expose-42000.conf: *.* @127.0.0.1:42000 After restarting rsyslog (no error messages in the logs) I tried to…
WoJ
  • 3,607
  • 9
  • 49
  • 79
3
votes
1 answer

How do I handle messages from my custom application in rsyslog?

I have a Ruby application on my server, let's call it "alpha". The application emits syslog messages with the program name "alpha". I want to separate my log messages into separate files based on what type of message it is, for instance "auth"…
Hubro
  • 1,138
  • 4
  • 16
  • 35
3
votes
0 answers

syslog spammed with authdaemond: pam_ecryptfs: pam_sm_authenticate: /home/user is already mounted

I setup my new server with harddisk-encryption and now I noticed that /var/log/syslog is full of the following lines: server authdaemond: pam_ecryptfs: pam_sm_authenticate: /home/user is already mounted Should I be worried? How can I fix this / get…
mercury
  • 41
  • 3
3
votes
0 answers

When configuring rsyslog to log to mysql DB, what is purpose of SystemEventsProperties table?

I've configured rsyslog on my servers to log to a remote mysql DB. I did this essentially by following the rsyslog wiki and it essentially creates two tables: mysql> show tables; +------------------------+ | Tables_in_Syslog …
drewyupdrew
  • 206
  • 1
  • 5
3
votes
2 answers

How to read sar file from different ubuntu system

I am using two different version on ubuntu one is 14.04 and other is 15.10. I want to read 14.04 systems sar files from ubuntu 15.10 system. I have transferred the sar files but can't read it.
Pradip Das
  • 41
  • 1
  • 4
3
votes
1 answer

logrotate frequency - when and from when

if have lograte in my daily cron /etc/cron.daily/logrotate -- assume cron.daily is run at 1.05am daily and if my logrotate config has a weekly settings Does it means that my logrotate will run daily, but the logs will only be rotated weekly…
tiongmaru
  • 355
  • 1
  • 5
  • 11
3
votes
1 answer

What process is causing unexpected nslcd syslog entries?

We're using LDAP for authenticating users our devices using nslcd and we're seeing messages in syslog like this: /var/log/syslog.1:Dec 20 06:25:11 T53-1014-014 nslcd[1496]: [398c89] "*": name denied by validnames…
Katjoek
  • 131
  • 1
  • 4
1 2 3
43 44