Questions tagged [rsyslog]
rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.
689
questions
71
votes
2
answers
250k
views
How to restart rsyslog daemon on ubuntu
how can i restart rsyslog or rsyslogd on ubuntu 10
root@terminator:/etc/init.d# service rsyslog status
rsyslog stop/waiting
root@terminator:/etc/init.d# service rsyslog stop
stop: Unknown instance:
...
67
votes
4
answers
204k
views
What is the difference between syslog, rsyslog and syslog-ng? [closed]
I am a bit confused in syslog, rsyslog and syslog-ng.
From where can I get the source code for syslog()?
Is there any difference between rsyslog and rsyslogd?
33
votes
5
answers
71k
views
How to keep haproxy log messages out of /var/log/syslog
I set up haproxy logging via rsyslogd using the tips from this article, and everything seems to be working fine. The log files get the log messages.
However, every log message from haproxy also shows ...
29
votes
5
answers
87k
views
How do I get rsyslogd to log a server's FQDN instead of it's short hostname?
I'm trying to implement a simple centralized syslog server using stock rsyslogd (4.2.0-2ubuntu8.1) on Ubuntu 10.04 LTS. At this point I have all my client nodes sending logs to the central server, but ...
29
votes
2
answers
123k
views
How to forward specific log file outside of /var/log with rsyslog to remote server?
How can I forward message from a specific log file like /www/myapp/log/test.log with rsyslog client to remote rsyslog server? This log file is outside of the directory /var/log.
24
votes
5
answers
52k
views
rsyslog with logrotate: reload rsyslog vs copytruncate
I'm working on Ubuntu 14 with the default rsyslog and logrotate utility.
In the default rsyslog logrotate /etc/logrotate.d/rsyslog config I see the following:
/var/log/syslog
{
rotate 7
...
24
votes
2
answers
9k
views
What does "-/filepath" ACTION mean in rsyslog configuration
I came across this one Debian Linux installation (6.0.6), and examining its /etc/rsyslog.conf, I see configuration lines like this:
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv....
19
votes
4
answers
116k
views
Haproxy not logging requests?
So, I configured Haproxy so the logging would go through rsyslog and, for now, be all dumped in one file.
It's definetly logging, as I get those "starting" messages on startup, but no HTTP requests ...
19
votes
4
answers
50k
views
Configuring Rsyslog To Stop The Logging Of Certain Messages
I want to stop rsyslog logging these messages.
[168707.740364] TCP: Peer 192.168.100.1:46199/41503 unexpectedly shrunk window 2027330493:2027331431 (repaired)
I tried this in the /etc/rsyslog.conf ...
18
votes
4
answers
163k
views
HAProxy logging to syslog
I installed HAProxy 1.5 via apt-get on ubuntu 14.04 via ppa:vbernat/haproxy-1.5 as per this Debian repository selection tool.
The problem is it logging to /var/log/syslog instead of /var/log/haproxy....
18
votes
1
answer
50k
views
manually rotating logfile with rsyslogd
I want to force logfile rotation using logrotate -f /var/log/syslog, but it's only return tones of:
error: syslog:1 unknown option 'May' -- ignoring line
error: syslog:1 unexpected text
I know that ...
15
votes
4
answers
101k
views
Rsyslog is not working properly, it does not log anything
I'm running a Debian server and a couple of days ago my rsyslog started to behave very weird, the daemon is running but it doesn't seem to do anything. Many people use the system but I'm the only one ...
15
votes
3
answers
17k
views
Is rsyslog redundant on when using journald?
I have noticed log messages are duplicated in journald and /var/log/messages on my CentOS 7 system. At first I thought it was the journald option ForwardToSyslog (which defaults to 'yes' in the ...
14
votes
1
answer
46k
views
How do I setup rsyslog to send all logs to multiple remote servers?
I am trying to make rsyslog to send all logs to 2 remote servers, but it seems rsyslog only sends to the secondary server if the first one fails.
*.* @@server1
*.* @@server2
If I put the above in /...
13
votes
3
answers
51k
views
how to filter rsyslog messages by tags
I have several applications and scripts that I want to redirect the output to custom files.
I launch those applications using
command | logger -t TAG
I would like to filter these messages based on ...
13
votes
2
answers
15k
views
Interpreting DHCP related message from rsyslog
In /var/log/messages from an EC2 instance there are a lot of lines such as:
<date/timestamp> ip-<IP_HERE> ec2net: [get_meta] Trying to get http://169.254.169.254/latest/meta-data/network/...
11
votes
4
answers
29k
views
Sending logs to Graylog2 server
I have just setup a Graylog2 server and I am looking to send all logs from my main server to the graylog server. I have enabled logging for the main server and am sending logs to my graylog server by ...
11
votes
2
answers
6k
views
how to prevent cron logs from registering in syslog?
I have separated my crontab logging into /var/log/cron.log by uncommenting the below line in /etc/syslog.conf, but it still writes to /var/log/syslog too!
cron.* /var/...
11
votes
1
answer
14k
views
Does the ``-'' sign have meaning in rsyslog.conf
Rsyslog is backwards-compatible with Syslog configuration files.
The syslog.conf man page has:
You may prefix each entry with the
minus ``-'' sign to omit syncing the
file after every logging. ...
10
votes
2
answers
18k
views
command KLogPermitNonKernelFacility is currently not permitted
I've setup loggly to for syslog alerts among other things and am getting the following error repeatedly in syslog.
command 'KLogPermitNonKernelFacility' is currently not permitted - did you already ...
10
votes
1
answer
19k
views
Different permissions per log file when using rsyslog
Is it feasible to define different permissions per log file, using rsyslog?
$FileCreateMode applies to all, but I want different permissions for a specific file.
10
votes
2
answers
12k
views
Rsyslog stops sending data to remote server after log rotation
In my configuration, I have rsyslog who is in charge of following changes of /home/user/my_app/shared/log/unicorn.stderr.log using imfile. The content is sent to another remote logging server using ...
9
votes
2
answers
39k
views
syslog ip ranges to specific files using `rsyslog`
I have many Cisco / JunOS routers and switches that send logs to my Debian server, which uses rsyslogd.
How can I configure rsyslogd to send these router / switch logs to a specific file, based on ...
9
votes
2
answers
30k
views
Can Journalctl and syslog be used in paralled?
I'm having a hard time understanding how logging works on linux.
Since the inclusion of systemd, it seems a bit easier, but I still have a couple of concepts that still can't fully understand.
Given ...
9
votes
1
answer
18k
views
Rsyslog.conf disable mail.info and/or disable postfix reporting
I have log entries like:
Apr 8 10:25:31 monitor postfix/smtpd[3131]: connect from localhost[127.0.0.1]
Apr 8 10:25:31 monitor postfix/smtpd[3131]: lost connection after CONNECT from localhost[127.0....
9
votes
1
answer
2k
views
Debian 9 server no sshd in auth.log
On one of my servers, Debian 9, there is no output from sshd in /var/log/auth.log. In fact, if I do ag sshd in /var/log, it just doesn't appear. The only thing in auth.log is systemd-logind. In fact, ...
8
votes
3
answers
10k
views
Errors using new rsyslog template syntax on RHEL6
I'm migrating our rsyslog config from an old server to a new one, and thought I'd use the opportunity to tidy up our config. The old config used "legacy" template definitions, and the rsyslog doc on ...
8
votes
3
answers
25k
views
Using Rsyslog to send application logs to syslog server
I'm trying to setup my rsyslog to send logs generated by an application under /opt/appname/logs to a remote syslog server.
I have already configured rsyslog to send OS level logs but wanted to see if ...
8
votes
3
answers
12k
views
Syslog forwarding loses original hostname
I have DMZ hosts forwarding to a DMZ syslog which in turn forwards all the syslog messages to an internal syslog server. It's working fine for the most part but the internal syslog host messages ...
8
votes
3
answers
10k
views
Rsyslog duplicate logs (rsyslog.conf and rsyslog.d/something.conf)
I've created a custom log (PHP sends log entries to rsyslog) using local0. It uses a new custom file (/var/log/sea.log). The problem is that logs are being sent to /var/log/sea.log, /var/log/messages ...
8
votes
2
answers
1k
views
How to configure a log aggregator to authenticate data?
Background: Remote log aggregation is regarded as a way to improve security. Generally, this addresses the risk that an attacker who compromises a system can edit or delete logs to frustrate forensic ...
8
votes
2
answers
14k
views
Nginx log to syslog on TCP port
I need to redirect Nginx access and error logs to a remote syslog server. From http://nginx.org/en/docs/syslog.html I saw that I can do:
error_log syslog:server=192.168.1.1;
However I need to ...
7
votes
2
answers
10k
views
rsyslogd: Any way to get around the number of local facilities?
We have about 9-10 appliances we want to direct the logging to our rsyslog server for. However, there's only 8 local facilities (0-7). How can we get around this limitation?
7
votes
1
answer
9k
views
How do I configure rsyslog on Ubuntu 14.04 to use ISO8601 timestamps?
In a file in /etc/rsyslog.d/ I have the following:
local3.* /var/log/mylog.log
When I log to this facility, records have timestamps which look like this:
Apr 27 21:12:20 hostname msg
How do ...
7
votes
3
answers
20k
views
kernel.log stays empty: “rsyslogd: imklog: cannot open kernel log (/proc/kmsg): Operation not permitted.”
I'm on a VPS (Ubuntu 14.04.2 LTS, Kernel 3.13.0-042stab094.8, rsyslog 7.4.4-1ubuntu2.5) and kernel.log stays empty with only this line:
rsyslogd: imklog: cannot open kernel log (/proc/kmsg): ...
7
votes
2
answers
29k
views
Filter log messages by program name and log level at the same time in rsyslogd
I want to save log messages from program foobar with log level err into file /var/log/foobar.log in rsyslogd. How can I do that?
This is how I can filter messages by program name:
:programname,...
7
votes
1
answer
24k
views
Proper way to reload rsyslog with a config file for a custom application
I want to log my app so that it writes its log into its own log file. I create the log file and save it under /etc/rsyslog.dbut my app doesn't create/write to the designated file. However, once I ...
7
votes
1
answer
25k
views
rsyslog filters on message contents and facility
I have found examples of how to filter based on the contents of a log entry with rsyslog. But is there a way to do this so it is only filtering on the contents of a certain facility? For example ...
7
votes
1
answer
8k
views
rsyslog udp forwarding truncates at 2048 characters
Rsyslog on a RHEL 6 server is receiving messages locally on port 514 UDP. These messages are sometimes much larger than normal syslog message sizes. I am seeing rsyslog handle all of the messages ...
6
votes
2
answers
20k
views
Where is some os logs in Debian 12
It seems that some of the system log files (/var/log/syslog, /var/log/auth.log, /var/log/kern.log, ...) have been removed in the latest version of Debian, Debian Bookworm. What should be done to ...
6
votes
1
answer
16k
views
Ubuntu + Postfix: Mail Log Missing [duplicate]
I've just installed postfix on my ubuntu server and am trying to debug why outgoing mails are not being sent. This led me to notice that the /var/log/mail.log file is missing. For that matter, there's ...
6
votes
3
answers
31k
views
Log Locally and Remotely with rsyslogd
How can I make it so log file is stored both remotely and locally using rsyslog?
6
votes
3
answers
11k
views
Increase rsyslog/syslog precision to include fractional seconds?
I use syslog and rsyslog to handle logging on my Linux & FreeBSD systems.
The timestamp is currently in seconds but I would like to increase the precision of these timestamps to include ...
6
votes
1
answer
42k
views
Create separated syslog file for each host with rsyslog
I have a syslog server (running rsyslog on RHEL 7.4) that consolidates all the syslogs from my network devices. It's listening on port TCP/514.
I want to redirect the logs of each device to a ...
6
votes
4
answers
41k
views
imuxsock messages in syslog and system becomes unresponsive
I am getting such messages in syslog.
rsyslogd-2177: imuxsock lost 21869 messages from pid 3418 due to rate-limiting
rsyslogd-2177: imuxsock begins to drop messages from pid 3427 due to rate-limiting
...
6
votes
2
answers
8k
views
Apache errorlog piping fail
Trying to log to a central syslog server, either direct using Apache's ErrorLog to pipe to logger, or getting syslog to forward, but nothing is working and the errors are not making sense to me. I can ...
6
votes
2
answers
12k
views
rsyslog does not discard messages
I have the following rsyslog.conf:
$PreserveFQDN on
# rsyslog v5 configuration file
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www....
6
votes
1
answer
16k
views
nginx logs to syslog - connection refused
I'm trying to setup nginx 1.7.3 to send logs to syslog, but when I this configuration:
server {
access_log syslog:server=localhost;
}
this shows up in nginx's error log:
2015/01/15 21:42:47 [...
6
votes
4
answers
14k
views
Wildcard support for InputFileName in rsyslog?
We have log files with names that match a certain pattern but frequently change. Is there a way to specify a wildcard or pattern for rsyslog to include via InputFileName?
Example:
InputFileName: /...
6
votes
1
answer
26k
views
rsyslog not logging messages
i'm attempting to set up my ec2 instance (running amazon linux which as i understand is built on RHEL 5) to forward log messages to loggentries.com but nothing is getting forwarded. as a sanity check ...