Questions tagged [syslog]
syslog is a standard for logging messages about the operation of a system.
670
questions
75
votes
16
answers
62k
views
Alternatives to Splunk?
I'm pretty impressed with Splunk, especially version 4. Pretty graphs, alerting (Enterprise only), and fast, accurate, searching. It's a great product.
However, the cost just way too high to consider ...
70
votes
3
answers
57k
views
Better logging for cronjobs? Send cron output to syslog?
I am looking for a better way to log cronjobs. Most cronjobs tend to spam email or the console, get ignored, or create yet another logfile.
In this case, I have a Nagios NSCA script which sends data ...
67
votes
4
answers
204k
views
What is the difference between syslog, rsyslog and syslog-ng? [closed]
I am a bit confused in syslog, rsyslog and syslog-ng.
From where can I get the source code for syslog()?
Is there any difference between rsyslog and rsyslogd?
53
votes
7
answers
81k
views
How to add message that will be read with dmesg?
I am trying to write some custom messages in my dmesg output. I tried:
logger "Hello"
but this does not work. It exits without error, but no "Hello" appears int the output of:
dmesg
I am using a ...
49
votes
2
answers
99k
views
Splunk is fantastically expensive: What are the alternatives? [duplicate]
Possible Duplicate:
Alternatives to Splunk?
This has been discussed, but it has been several months, so it may be time to revisit it:
Earlier discussion RE Splunk alternatives
For the record, ...
43
votes
6
answers
50k
views
How can I prevent cron from filling up my syslog?
I have a script which needs to be executed each minute. The problem is that cron is logging to /var/log/syslog each time it executes. I end up seeing something like this repeated over and over in /...
43
votes
7
answers
111k
views
Switch on PAM debugging to Syslog
How do I switch on PAM debugging in Debian Squeeze at the admin level?
I have checked every resource I was able to find. Google, manpages, whatever. The only thing I haven't tried yet (I simply not ...
34
votes
6
answers
25k
views
Linux: logwatch(8) is too noisy. How can I control the noise level?
Our Linux systems run logwatch(8) utility by default. On a RedHat/CentOS/SL system, Logwatch is called by the /etc/cron.daily/ cronjob, which then sends a daily email with the results. These emails ...
28
votes
2
answers
10k
views
Server crash with ascii NUL characters in syslog ( ^@^@^@... )
I have some dedicated server hosted by a OVH (French service provider).
OS : Ubuntu 12.04 x64
A few months ago, one of my server crashed.
The only weird thing was some "ASCII NUL" caracters in the ...
26
votes
2
answers
7k
views
Weird syslog order
Have you ever seen wrong order in /var/log/syslog ? I think that it causes only crontab.
Jun 28 22:20:01 alex CRON[2327]: (root) CMD (something > /dev/null)
Jun 28 22:21:01 alex CRON[2700]: (root) ...
22
votes
7
answers
43k
views
How would you send syslog *securely* over the public Internet?
So I've got a few servers which I'd like to log centrally but obviously I don't want to pass the data insecurely over the internet.
I've tried syslog-ng but can't make it work in a secure way, a ...
19
votes
4
answers
46k
views
Which program defaults uses syslog local[0-7] facilities?
As well as the common system facilities (mail, news, daemon, cron, etc), syslog provides a series of "local" facilities, numbers 0 to 7: LOCAL0, LOCAL1, ..., LOCAL7.
Which ones are program defaults ...
18
votes
4
answers
163k
views
HAProxy logging to syslog
I installed HAProxy 1.5 via apt-get on ubuntu 14.04 via ppa:vbernat/haproxy-1.5 as per this Debian repository selection tool.
The problem is it logging to /var/log/syslog instead of /var/log/haproxy....
16
votes
2
answers
16k
views
No more logging after upgrade to Debian Wheezy
Syslog, auth.log, kern.log and messages log files are not updated anymore after upgrading to Debian Wheezy (Debian Squeeze was previously running).
How could I fix it?
16
votes
3
answers
106k
views
logrotate does not compress /var/log/messages
Over time I noticed some logs in /var/log such as auth, kern and messages were getting huge. I made logrotate entries for them:
$ cat /etc/logrotate.d/auth.log
/var/log/kern.log {
rotate 5
...
15
votes
3
answers
96k
views
Sending audit logs to SYSLOG server
I'm running several RHEL based systems which utilize the audit functionality within the 2.6 kernel to track user activity and I need to have these logs sent to centralized SYSLOG servers for ...
15
votes
3
answers
24k
views
Deciphering continuing mpt2sas syslog messages
Summary
I have been getting these cryptic messages in syslog since I installed some new hardware and I can't figure out what the problem is, if it's serious, or what to do about it.
They're from the ...
15
votes
1
answer
24k
views
Any logs of if/when "at" jobs were executed? [duplicate]
I've setup a couple of "at" jobs to execute at specific times on CentOS 5.
This morning I don't see these commands in the queue ("atq"), as expected, but I also don't see were can I check whether the ...
15
votes
4
answers
36k
views
How can I reduce the verbosity of certain Ansible tasks to not leak passwords into syslog?
Sometimes I would like to use Ansible's lineinfile or blockinfile modules to write a password into some configuration file. If I do so, the whole line or block, password included, ends up in my syslog....
14
votes
1
answer
46k
views
How do I setup rsyslog to send all logs to multiple remote servers?
I am trying to make rsyslog to send all logs to 2 remote servers, but it seems rsyslog only sends to the secondary server if the first one fails.
*.* @@server1
*.* @@server2
If I put the above in /...
14
votes
1
answer
7k
views
Remove UFW Block from kern.log and sys.log
Using Nginx, Wordpress and Ubuntu 16.
I am constantly bombarded with these messages in kern.log , syslog and ufw.log
Nov 28 21:02:28 kernel: [246817.450026] [UFW BLOCK] IN=eth0 OUT= MAC=xx.xx SRC=...
13
votes
3
answers
51k
views
how to filter rsyslog messages by tags
I have several applications and scripts that I want to redirect the output to custom files.
I launch those applications using
command | logger -t TAG
I would like to filter these messages based on ...
13
votes
4
answers
33k
views
Is there a way to remove "Last message repeated x times" from logs?
I have a script that updates me on any changes to the kernel log on my (Debian) servers.
The problem is that occasionally the log contains lines like:
last message repeated 4 times
I realize that ...
13
votes
7
answers
5k
views
How did you implement log management on your servers?
I'm trying to figure out how other people implement their log management systems.
I have 20-30 Linux servers and a few Windows boxes (most of them virtualized). We utilize a lot of Perl and Bash ...
13
votes
1
answer
360
views
How do I make sec ignore a timestamp properly
I have a rule that is set up like so;
In /etc/sec/rules.d I have;
type=SingleWithSuppress
ptype=regexp
pattern=(\S+) sshd\[\d+\]: PAM \d+ more authentication failures\; logname=.* uid=.* euid=.* tty=...
13
votes
6
answers
20k
views
Open source tomcat log viewer
I'm managing several tomcat instances (aprox 30-35) and looking for some console to centralize the logs.
I tried php-syslog-ng before (no with tomcat), and found it useful. I would like that these ...
12
votes
4
answers
22k
views
How can I make syslogd email certain log messages to me?
I'd like to be able to get an email notification whenever syslogd logs something of, say err priority or higher. Assume this is a BSD compatible syslog daemon.
Can this be accomplished?
Should I ...
11
votes
1
answer
32k
views
Tool for testing syslog
Does anyone know of a tool or a script that I could use to send messages to syslog? I'm trying to troubleshoot a syslog configuration, and I'm having trouble eliminating possibilities. What I would ...
11
votes
6
answers
18k
views
Good syslog server for Windows [closed]
I've been trying to find a "good" syslog server to provide centralized application login for a distributed system we've built. Our application logging system can not only log to files but also to a ...
11
votes
4
answers
21k
views
How to allow non-root user to listen on privileged port?
I want syslog to run as a non-root user on my linux box. That makes it impossible for it to bind to port 514 - because that's a privileged port. Is there any way I can grant non-admin user "foo" the ...
11
votes
1
answer
28k
views
Getting journald logs to a plain text file
I want to log journald logs to a file so I can later on fetch it and send it to Logstash. I thought about running syslog-ng and make it a client of journald, so I'd get syslog files.
I'm using Docker ...
10
votes
3
answers
43k
views
Is there a way to filter syslog entries?
I have a cluster of Linux servers that are fronted by a load-balancer, which probes each server every 5 seconds to determine if it's operational. These probes generate a lot of useless noise in the ...
9
votes
2
answers
30k
views
Can Journalctl and syslog be used in paralled?
I'm having a hard time understanding how logging works on linux.
Since the inclusion of systemd, it seems a bit easier, but I still have a couple of concepts that still can't fully understand.
Given ...
9
votes
1
answer
18k
views
Rsyslog.conf disable mail.info and/or disable postfix reporting
I have log entries like:
Apr 8 10:25:31 monitor postfix/smtpd[3131]: connect from localhost[127.0.0.1]
Apr 8 10:25:31 monitor postfix/smtpd[3131]: lost connection after CONNECT from localhost[127.0....
9
votes
5
answers
10k
views
How to log multiline message with logger command?
I want to log a multiline message into the system logger via the commabnd
echo -e "foo\nbar" | logger
But it appear as 2 logs.
Is it possible to log as a single log?
8
votes
5
answers
56k
views
Linux: how to send new lines in log files to remote syslog?
We have several applications which are generating their own plain-text log files, which I would like to forward to a remote syslog server for centralized logging. I do not have access to root on ...
8
votes
5
answers
24k
views
Does this log indicate the server reboooted?
I have a webserver I think rebooted at some point .. mostly because apache wasn't serving sites and it usually does that when someone starts it and doesn't enter the SSL cert's password ... and a ...
8
votes
3
answers
3k
views
To use syslog or not [closed]
Can someone make a decent case here:
I want to use syslog so logging is integrated and so I can direct it based on severity etc not to mention log rotate, but at the same time I like the idea of ...
8
votes
5
answers
28k
views
How do I stop postfix log info going into syslog?
We have a vps running Ubuntu 10.04.4 LTS, and while trying to find a solution to a php problem, I've become aware of what looks like a problem with the syslog system - I'm not sure though.
The syslog....
8
votes
3
answers
22k
views
SNMPD not binding correctly
OS: Debian 5.0.3
SNMPD Version: 5.4.1
I have the following two lines in my snmpd.conf file:
interface eth0agentaddress udp:161
I'm getting the following errors in my syslog:
Oct 5 18:04:44 ...
8
votes
3
answers
16k
views
Add a local application to syslog excluded from /var/log/messages
I have an application which logs to syslog facility local1. I would like to configure syslog to send all local1 messages to a log file separate from /var/log/messages -- that turned out to be easy. ...
8
votes
3
answers
12k
views
Syslog forwarding loses original hostname
I have DMZ hosts forwarding to a DMZ syslog which in turn forwards all the syslog messages to an internal syslog server. It's working fine for the most part but the internal syslog host messages ...
8
votes
4
answers
7k
views
Logging atd messages via syslog
I am running CentOS 5.3 and would like to log all messages from the "at" daemon. My syslog.conf contains the following entry:
cron.* /var/log/cron
I assumed that cron line in syslog refers to the ...
8
votes
1
answer
9k
views
How to forward Docker container logs to ELK?
I would like to know what is the easiest way to forward my docker container logs to an ELK server, so far the solutions I have tried after having searched the internet didn't work at all.
Basically ...
8
votes
2
answers
14k
views
Nginx log to syslog on TCP port
I need to redirect Nginx access and error logs to a remote syslog server. From http://nginx.org/en/docs/syslog.html I saw that I can do:
error_log syslog:server=192.168.1.1;
However I need to ...
8
votes
1
answer
1k
views
ELK Stack (Logstash, Elasticsearch and Kibana) with concurrent remote syslog server?
I'm building a log analyser service to start monitoring mainly our pfSense Firewalls, XenServer Hypervisors, FreeBSD/Linux servers and Windows servers.
There's a lot of documentation on the internet ...
8
votes
2
answers
5k
views
Formal separation marker of syslog events?
I've been looking at RFC5424 to find the formally specified marker that will end a syslog event.
Unfortunately I couldn't find it. So If I wanted to implement some small syslog server that reacts on ...
7
votes
2
answers
10k
views
Is it still allowed to have log files under the new GDPR? [closed]
Is it still allowed to have server access log files under the new GDPR?
Because of the gathering of IP addresses is not allowed, I can imagine that system operators are in violation of the law in ...
7
votes
3
answers
9k
views
How can I suppress Postfix anvil statistics from system logs?
After every email sent through my mail server, postfix/anvil appends something like the following:
Nov 9 15:09:11 keutenberg postfix/anvil[30006]: statistics: max connection rate 1/60s for (smtp:103....
7
votes
2
answers
10k
views
rsyslogd: Any way to get around the number of local facilities?
We have about 9-10 appliances we want to direct the logging to our rsyslog server for. However, there's only 8 local facilities (0-7). How can we get around this limitation?