Skip to main content

Questions tagged [rsyslog]

rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.

Filter by
Sorted by
Tagged with
71 votes
2 answers
250k views

How to restart rsyslog daemon on ubuntu

how can i restart rsyslog or rsyslogd on ubuntu 10 root@terminator:/etc/init.d# service rsyslog status rsyslog stop/waiting root@terminator:/etc/init.d# service rsyslog stop stop: Unknown instance: ...
user avatar
67 votes
4 answers
204k views

What is the difference between syslog, rsyslog and syslog-ng? [closed]

I am a bit confused in syslog, rsyslog and syslog-ng. From where can I get the source code for syslog()? Is there any difference between rsyslog and rsyslogd?
StackUser's user avatar
  • 803
33 votes
5 answers
71k views

How to keep haproxy log messages out of /var/log/syslog

I set up haproxy logging via rsyslogd using the tips from this article, and everything seems to be working fine. The log files get the log messages. However, every log message from haproxy also shows ...
itsadok's user avatar
  • 1,889
29 votes
5 answers
87k views

How do I get rsyslogd to log a server's FQDN instead of it's short hostname?

I'm trying to implement a simple centralized syslog server using stock rsyslogd (4.2.0-2ubuntu8.1) on Ubuntu 10.04 LTS. At this point I have all my client nodes sending logs to the central server, but ...
cwjohnston's user avatar
29 votes
2 answers
123k views

How to forward specific log file outside of /var/log with rsyslog to remote server?

How can I forward message from a specific log file like /www/myapp/log/test.log with rsyslog client to remote rsyslog server? This log file is outside of the directory /var/log.
Kevin Campion's user avatar
24 votes
5 answers
52k views

rsyslog with logrotate: reload rsyslog vs copytruncate

I'm working on Ubuntu 14 with the default rsyslog and logrotate utility. In the default rsyslog logrotate /etc/logrotate.d/rsyslog config I see the following: /var/log/syslog { rotate 7 ...
Mattan's user avatar
  • 343
24 votes
2 answers
9k views

What does "-/filepath" ACTION mean in rsyslog configuration

I came across this one Debian Linux installation (6.0.6), and examining its /etc/rsyslog.conf, I see configuration lines like this: auth,authpriv.* /var/log/auth.log *.*;auth,authpriv....
Pawel Veselov's user avatar
19 votes
4 answers
116k views

Haproxy not logging requests?

So, I configured Haproxy so the logging would go through rsyslog and, for now, be all dumped in one file. It's definetly logging, as I get those "starting" messages on startup, but no HTTP requests ...
Silver Quettier's user avatar
19 votes
4 answers
50k views

Configuring Rsyslog To Stop The Logging Of Certain Messages

I want to stop rsyslog logging these messages. [168707.740364] TCP: Peer 192.168.100.1:46199/41503 unexpectedly shrunk window 2027330493:2027331431 (repaired) I tried this in the /etc/rsyslog.conf ...
Stephen's user avatar
  • 201
18 votes
4 answers
163k views

HAProxy logging to syslog

I installed HAProxy 1.5 via apt-get on ubuntu 14.04 via ppa:vbernat/haproxy-1.5 as per this Debian repository selection tool. The problem is it logging to /var/log/syslog instead of /var/log/haproxy....
Petah's user avatar
  • 650
18 votes
1 answer
50k views

manually rotating logfile with rsyslogd

I want to force logfile rotation using logrotate -f /var/log/syslog, but it's only return tones of: error: syslog:1 unknown option 'May' -- ignoring line error: syslog:1 unexpected text I know that ...
kbec's user avatar
  • 1,023
15 votes
4 answers
101k views

Rsyslog is not working properly, it does not log anything

I'm running a Debian server and a couple of days ago my rsyslog started to behave very weird, the daemon is running but it doesn't seem to do anything. Many people use the system but I'm the only one ...
Victor Henriquez's user avatar
15 votes
3 answers
17k views

Is rsyslog redundant on when using journald?

I have noticed log messages are duplicated in journald and /var/log/messages on my CentOS 7 system. At first I thought it was the journald option ForwardToSyslog (which defaults to 'yes' in the ...
joaerl's user avatar
  • 417
14 votes
1 answer
46k views

How do I setup rsyslog to send all logs to multiple remote servers?

I am trying to make rsyslog to send all logs to 2 remote servers, but it seems rsyslog only sends to the secondary server if the first one fails. *.* @@server1 *.* @@server2 If I put the above in /...
Daniele Testa's user avatar
13 votes
3 answers
51k views

how to filter rsyslog messages by tags

I have several applications and scripts that I want to redirect the output to custom files. I launch those applications using command | logger -t TAG I would like to filter these messages based on ...
mistyrouge's user avatar
13 votes
2 answers
15k views

Interpreting DHCP related message from rsyslog

In /var/log/messages from an EC2 instance there are a lot of lines such as: <date/timestamp> ip-<IP_HERE> ec2net: [get_meta] Trying to get http://169.254.169.254/latest/meta-data/network/...
ChristianF's user avatar
11 votes
4 answers
29k views

Sending logs to Graylog2 server

I have just setup a Graylog2 server and I am looking to send all logs from my main server to the graylog server. I have enabled logging for the main server and am sending logs to my graylog server by ...
user avatar
11 votes
2 answers
6k views

how to prevent cron logs from registering in syslog?

I have separated my crontab logging into /var/log/cron.log by uncommenting the below line in /etc/syslog.conf, but it still writes to /var/log/syslog too! cron.* /var/...
shgnInc's user avatar
  • 1,914
11 votes
1 answer
14k views

Does the ``-'' sign have meaning in rsyslog.conf

Rsyslog is backwards-compatible with Syslog configuration files. The syslog.conf man page has: You may prefix each entry with the minus ``-'' sign to omit syncing the file after every logging. ...
Aleksandr Levchuk's user avatar
10 votes
2 answers
18k views

command KLogPermitNonKernelFacility is currently not permitted

I've setup loggly to for syslog alerts among other things and am getting the following error repeatedly in syslog. command 'KLogPermitNonKernelFacility' is currently not permitted - did you already ...
cnizzardini's user avatar
10 votes
1 answer
19k views

Different permissions per log file when using rsyslog

Is it feasible to define different permissions per log file, using rsyslog? $FileCreateMode applies to all, but I want different permissions for a specific file.
yannisf's user avatar
  • 587
10 votes
2 answers
12k views

Rsyslog stops sending data to remote server after log rotation

In my configuration, I have rsyslog who is in charge of following changes of /home/user/my_app/shared/log/unicorn.stderr.log using imfile. The content is sent to another remote logging server using ...
Vincent B.'s user avatar
9 votes
2 answers
39k views

syslog ip ranges to specific files using `rsyslog`

I have many Cisco / JunOS routers and switches that send logs to my Debian server, which uses rsyslogd. How can I configure rsyslogd to send these router / switch logs to a specific file, based on ...
Mike Pennington's user avatar
9 votes
2 answers
30k views

Can Journalctl and syslog be used in paralled?

I'm having a hard time understanding how logging works on linux. Since the inclusion of systemd, it seems a bit easier, but I still have a couple of concepts that still can't fully understand. Given ...
RedNano's user avatar
  • 343
9 votes
1 answer
18k views

Rsyslog.conf disable mail.info and/or disable postfix reporting

I have log entries like: Apr 8 10:25:31 monitor postfix/smtpd[3131]: connect from localhost[127.0.0.1] Apr 8 10:25:31 monitor postfix/smtpd[3131]: lost connection after CONNECT from localhost[127.0....
user avatar
9 votes
1 answer
2k views

Debian 9 server no sshd in auth.log

On one of my servers, Debian 9, there is no output from sshd in /var/log/auth.log. In fact, if I do ag sshd in /var/log, it just doesn't appear. The only thing in auth.log is systemd-logind. In fact, ...
Halfgaar's user avatar
  • 8,234
8 votes
3 answers
10k views

Errors using new rsyslog template syntax on RHEL6

I'm migrating our rsyslog config from an old server to a new one, and thought I'd use the opportunity to tidy up our config. The old config used "legacy" template definitions, and the rsyslog doc on ...
Bart B's user avatar
  • 3,507
8 votes
3 answers
25k views

Using Rsyslog to send application logs to syslog server

I'm trying to setup my rsyslog to send logs generated by an application under /opt/appname/logs to a remote syslog server. I have already configured rsyslog to send OS level logs but wanted to see if ...
Lego's user avatar
  • 495
8 votes
3 answers
12k views

Syslog forwarding loses original hostname

I have DMZ hosts forwarding to a DMZ syslog which in turn forwards all the syslog messages to an internal syslog server. It's working fine for the most part but the internal syslog host messages ...
garg's user avatar
  • 635
8 votes
3 answers
10k views

Rsyslog duplicate logs (rsyslog.conf and rsyslog.d/something.conf)

I've created a custom log (PHP sends log entries to rsyslog) using local0. It uses a new custom file (/var/log/sea.log). The problem is that logs are being sent to /var/log/sea.log, /var/log/messages ...
brgsousa's user avatar
  • 215
8 votes
2 answers
1k views

How to configure a log aggregator to authenticate data?

Background: Remote log aggregation is regarded as a way to improve security. Generally, this addresses the risk that an attacker who compromises a system can edit or delete logs to frustrate forensic ...
Tim Otten's user avatar
  • 183
8 votes
2 answers
14k views

Nginx log to syslog on TCP port

I need to redirect Nginx access and error logs to a remote syslog server. From http://nginx.org/en/docs/syslog.html I saw that I can do: error_log syslog:server=192.168.1.1; However I need to ...
int 2Eh's user avatar
  • 193
7 votes
2 answers
10k views

rsyslogd: Any way to get around the number of local facilities?

We have about 9-10 appliances we want to direct the logging to our rsyslog server for. However, there's only 8 local facilities (0-7). How can we get around this limitation?
Belmin Fernandez's user avatar
7 votes
1 answer
9k views

How do I configure rsyslog on Ubuntu 14.04 to use ISO8601 timestamps?

In a file in /etc/rsyslog.d/ I have the following: local3.* /var/log/mylog.log When I log to this facility, records have timestamps which look like this: Apr 27 21:12:20 hostname msg How do ...
jl6's user avatar
  • 2,635
7 votes
3 answers
20k views

kernel.log stays empty: “rsyslogd: imklog: cannot open kernel log (/proc/kmsg): Operation not permitted.”

I'm on a VPS (Ubuntu 14.04.2 LTS, Kernel 3.13.0-042stab094.8, rsyslog 7.4.4-1ubuntu2.5) and kernel.log stays empty with only this line: rsyslogd: imklog: cannot open kernel log (/proc/kmsg): ...
Felix's user avatar
  • 81
7 votes
2 answers
29k views

Filter log messages by program name and log level at the same time in rsyslogd

I want to save log messages from program foobar with log level err into file /var/log/foobar.log in rsyslogd. How can I do that? This is how I can filter messages by program name: :programname,...
Marko Kevac's user avatar
7 votes
1 answer
24k views

Proper way to reload rsyslog with a config file for a custom application

I want to log my app so that it writes its log into its own log file. I create the log file and save it under /etc/rsyslog.dbut my app doesn't create/write to the designated file. However, once I ...
sdot257's user avatar
  • 3,069
7 votes
1 answer
25k views

rsyslog filters on message contents and facility

I have found examples of how to filter based on the contents of a log entry with rsyslog. But is there a way to do this so it is only filtering on the contents of a certain facility? For example ...
Kyle Brandt's user avatar
  • 84.6k
7 votes
1 answer
8k views

rsyslog udp forwarding truncates at 2048 characters

Rsyslog on a RHEL 6 server is receiving messages locally on port 514 UDP. These messages are sometimes much larger than normal syslog message sizes. I am seeing rsyslog handle all of the messages ...
nictrix's user avatar
  • 173
6 votes
2 answers
20k views

Where is some os logs in Debian 12

It seems that some of the system log files (/var/log/syslog, /var/log/auth.log, /var/log/kern.log, ...) have been removed in the latest version of Debian, Debian Bookworm. What should be done to ...
Omidreza Bagheri's user avatar
6 votes
1 answer
16k views

Ubuntu + Postfix: Mail Log Missing [duplicate]

I've just installed postfix on my ubuntu server and am trying to debug why outgoing mails are not being sent. This led me to notice that the /var/log/mail.log file is missing. For that matter, there's ...
ystan-'s user avatar
  • 367
6 votes
3 answers
31k views

Log Locally and Remotely with rsyslogd

How can I make it so log file is stored both remotely and locally using rsyslog?
Kyle Brandt's user avatar
  • 84.6k
6 votes
3 answers
11k views

Increase rsyslog/syslog precision to include fractional seconds?

I use syslog and rsyslog to handle logging on my Linux & FreeBSD systems. The timestamp is currently in seconds but I would like to increase the precision of these timestamps to include ...
Stefan Lasiewski's user avatar
6 votes
1 answer
42k views

Create separated syslog file for each host with rsyslog

I have a syslog server (running rsyslog on RHEL 7.4) that consolidates all the syslogs from my network devices. It's listening on port TCP/514. I want to redirect the logs of each device to a ...
eden881's user avatar
  • 215
6 votes
4 answers
41k views

imuxsock messages in syslog and system becomes unresponsive

I am getting such messages in syslog. rsyslogd-2177: imuxsock lost 21869 messages from pid 3418 due to rate-limiting rsyslogd-2177: imuxsock begins to drop messages from pid 3427 due to rate-limiting ...
shashuec's user avatar
  • 287
6 votes
2 answers
8k views

Apache errorlog piping fail

Trying to log to a central syslog server, either direct using Apache's ErrorLog to pipe to logger, or getting syslog to forward, but nothing is working and the errors are not making sense to me. I can ...
SysadminB's user avatar
6 votes
2 answers
12k views

rsyslog does not discard messages

I have the following rsyslog.conf: $PreserveFQDN on # rsyslog v5 configuration file # For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html # If you experience problems, see http://www....
Iokanaan Iokan's user avatar
6 votes
1 answer
16k views

nginx logs to syslog - connection refused

I'm trying to setup nginx 1.7.3 to send logs to syslog, but when I this configuration: server { access_log syslog:server=localhost; } this shows up in nginx's error log: 2015/01/15 21:42:47 [...
Jan Langer's user avatar
6 votes
4 answers
14k views

Wildcard support for InputFileName in rsyslog?

We have log files with names that match a certain pattern but frequently change. Is there a way to specify a wildcard or pattern for rsyslog to include via InputFileName? Example: InputFileName: /...
Dan's user avatar
  • 707
6 votes
1 answer
26k views

rsyslog not logging messages

i'm attempting to set up my ec2 instance (running amazon linux which as i understand is built on RHEL 5) to forward log messages to loggentries.com but nothing is getting forwarded. as a sanity check ...
asbestossupply's user avatar

1
2 3 4 5
14