Stack Overflow
Stack Overflow

Questions tagged [rsyslog]

Rsyslog is enhanced syslogd with lot of enhanced features

Rsyslog is enhanced syslogd and supports among other things MYSQL, PostgreSQL, failover log destination etc. Features like encryption, failover destination, precise timestamps etc make it a ideal candidate for enterprise log management. It is available in both flavors: with support and community edition.

References:

729 questions
8
votes
2 answers

Rsyslog to direct log messages to local syslog host on port 5000 using TCP

I have configured the below filter for rsyslog to direct a few SSH messages to a specific TCP port 5000 on the local system, so that the service running on the 5000 will process the SSH messages further. if $fromhost-ip == '127.0.0.1' and ( ($msg…
Nikhil
  • 576
  • 1
  • 11
  • 31
8
votes
2 answers

How to correctly parse text file using rsyslog and imfile

Good day I want to import text files into rsyslog, using the imfile file input module. However, rsyslog does not parse the content of the text files as I expected and I am struggling to find documentation on exactly how it is done. To test the…
Sonja Brits
  • 141
  • 1
  • 1
  • 10
8
votes
1 answer

What order does rsyslog process configuration files in /etc/rsyslog.d?

I have several configuration files in /etc/rsyslog.d, e.g., 01-templates.conf, 02-error-logs.conf, 03-system-logs.conf, and have the following line in my /etc/rsyslog.conf file # Include all config files in /etc/rsyslog.d/ $IncludeConfig…
Chris F
  • 14,337
  • 30
  • 94
  • 192
8
votes
3 answers

rsyslog inside docker containers => "rsyslogd is not running ... failed"

I am running rsyslog within docker containers to send UDP messages to logstash. When I log into the docker container, and type: service rsyslog status shows: rsyslogd is not running ... failed! However, while I am in the container, if I…
Shawn
  • 351
  • 1
  • 3
  • 9
8
votes
3 answers

Best Docker logging architecture using ELK stack

Recently I am trying to find out best Docker logging mechanism using ELK stack. I am having some questions regarding the best work flow that companies use in production. Our system has typical software stack including Tomcat, PostgreSQL, MongoDB,…
cucucool
  • 3,777
  • 8
  • 48
  • 63
7
votes
1 answer

Log to rsyslog facility from a python script

I have this in my /etc/rsyslog.conf: local0.* /var/log/local.log And I have a simple python script which reads from standard input and is supposed to send to local0 #!/usr/bin/python3 import sys, syslog syslog.openlog(ident="MY_SCRIPT",…
400 the Cat
  • 266
  • 3
  • 23
7
votes
1 answer

CentOS 7 rsyslog DEBUG logs dropped for C/C++ modules

I am using rsyslog (rsyslog-7.4.7-7.el7_0.x86_64) on CentOS 7 (CentOS Linux release 7.1.1503 (Core)). We have some applications on it which is using syslog framework for logging. We have a lot of logs. At peak, it can be upto 50000 logs in one…
Vimt
  • 71
  • 1
  • 4
7
votes
3 answers

Haproxy not logging with rsyslog

I want to setup HTTP logging in HAProxy and am having some trouble getting it to output the requests correctly. Here is the HAProxy relevent configuration: global log /dev/log local0 log /dev/log local1 notice maxconn 200000 …
Shail Patel
  • 1,764
  • 5
  • 30
  • 46
7
votes
1 answer

How to consolidate Multiline logs in syslog

I am feeding my var/log/message using rsyslog from a tool. The exception appears in multiple lines (on line per message) rather than logging it as one multi-line message. I would like my /var/log/message to look like the catalina.out message. Is…
White Roses
  • 309
  • 1
  • 6
  • 16
7
votes
1 answer

Using rsyslogd in Rails 3.0

I am running a couple of Rails 3.0 sites on a Debian server. Currently all logs go into RAILS_ROOT/log/production.log (RAILS_ROOT for each site) I would like to change this, so that all logging goes through rsyslog and is placed…
Carsten Gehling
  • 1,218
  • 1
  • 13
  • 31
6
votes
1 answer

What is spifno1stsp really doing as a rsyslog property?

I was reading the template documentation of rsyslog to find better properties and I stumble upon this one: spifno1stsp - expert options for RFC3164 template processing However, as you can see, the documentation is quite vague. Moreover, I have not…
piroux
  • 341
  • 3
  • 11
6
votes
1 answer

How to change timestamp format on rsyslog

I want to change the default timestamp format on rsyslog. Currently I am running on RHEL7.2. Syslog version 7.4.7. Now the default format is the following: Mar 23 09:35:30 localhost DEB [9125:.:2] debug info Inside rsyslog.conf I…
mr antoni
  • 595
  • 1
  • 6
  • 17
6
votes
1 answer

rsyslog not filtering messages into separate log file

Somehow I can't get this working and I need some help. I try to filter logs from syslog, written by a systemd service, into a separate log file. Currently I'm using Debian. Here is my rsyslog config located into /etc/rsyslog.d/19-test.conf with…
chirgeo
  • 111
  • 1
  • 9
6
votes
1 answer

How do I find my program name?

Problem I am unable to write to a different log than the default one using syslog. I am unsure if maybe my app name is wrong in my configuration. Do "program name" and "process name" not mean the same thing? If not, how can I find my program name in…
Nathan Smith
  • 683
  • 1
  • 10
  • 24
6
votes
4 answers

Empty space at beginning of rsyslog log file

Using this rsyslog config: $template MYFORMAT,"%msg%\n" if $programname == 'mylog' then { action(type="omfile" file="/var/log/mylog.log" template="MYFORMAT") & stop } and this PHP script:
Ian
  • 24,116
  • 22
  • 58
  • 96
1
2
3
48 49