Skip to main content

Questions tagged [syslog]

syslog is a standard for logging messages about the operation of a system.

Filter by
Sorted by
Tagged with
75 votes
16 answers
62k views

Alternatives to Splunk?

I'm pretty impressed with Splunk, especially version 4. Pretty graphs, alerting (Enterprise only), and fast, accurate, searching. It's a great product. However, the cost just way too high to consider ...
MichaelGG's user avatar
  • 1,739
70 votes
3 answers
57k views

Better logging for cronjobs? Send cron output to syslog?

I am looking for a better way to log cronjobs. Most cronjobs tend to spam email or the console, get ignored, or create yet another logfile. In this case, I have a Nagios NSCA script which sends data ...
Stefan Lasiewski's user avatar
67 votes
4 answers
204k views

What is the difference between syslog, rsyslog and syslog-ng? [closed]

I am a bit confused in syslog, rsyslog and syslog-ng. From where can I get the source code for syslog()? Is there any difference between rsyslog and rsyslogd?
StackUser's user avatar
  • 803
53 votes
7 answers
81k views

How to add message that will be read with dmesg?

I am trying to write some custom messages in my dmesg output. I tried: logger "Hello" but this does not work. It exits without error, but no "Hello" appears int the output of: dmesg I am using a ...
calandoa's user avatar
  • 1,305
49 votes
2 answers
99k views

Splunk is fantastically expensive: What are the alternatives? [duplicate]

Possible Duplicate: Alternatives to Splunk? This has been discussed, but it has been several months, so it may be time to revisit it: Earlier discussion RE Splunk alternatives For the record, ...
Jonesome Reinstate Monica's user avatar
43 votes
6 answers
50k views

How can I prevent cron from filling up my syslog?

I have a script which needs to be executed each minute. The problem is that cron is logging to /var/log/syslog each time it executes. I end up seeing something like this repeated over and over in /...
user7321's user avatar
  • 1,026
43 votes
7 answers
111k views

Switch on PAM debugging to Syslog

How do I switch on PAM debugging in Debian Squeeze at the admin level? I have checked every resource I was able to find. Google, manpages, whatever. The only thing I haven't tried yet (I simply not ...
Tino's user avatar
  • 1,173
34 votes
6 answers
25k views

Linux: logwatch(8) is too noisy. How can I control the noise level?

Our Linux systems run logwatch(8) utility by default. On a RedHat/CentOS/SL system, Logwatch is called by the /etc/cron.daily/ cronjob, which then sends a daily email with the results. These emails ...
Stefan Lasiewski's user avatar
28 votes
2 answers
10k views

Server crash with ascii NUL characters in syslog ( ^@^@^@... )

I have some dedicated server hosted by a OVH (French service provider). OS : Ubuntu 12.04 x64 A few months ago, one of my server crashed. The only weird thing was some "ASCII NUL" caracters in the ...
KilianD's user avatar
  • 281
26 votes
2 answers
7k views

Weird syslog order

Have you ever seen wrong order in /var/log/syslog ? I think that it causes only crontab. Jun 28 22:20:01 alex CRON[2327]: (root) CMD (something > /dev/null) Jun 28 22:21:01 alex CRON[2700]: (root) ...
Tomasz's user avatar
  • 371
22 votes
7 answers
43k views

How would you send syslog *securely* over the public Internet?

So I've got a few servers which I'd like to log centrally but obviously I don't want to pass the data insecurely over the internet. I've tried syslog-ng but can't make it work in a secure way, a ...
JamesHannah's user avatar
  • 1,741
19 votes
4 answers
46k views

Which program defaults uses syslog local[0-7] facilities?

As well as the common system facilities (mail, news, daemon, cron, etc), syslog provides a series of "local" facilities, numbers 0 to 7: LOCAL0, LOCAL1, ..., LOCAL7. Which ones are program defaults ...
Jonathan Clarke's user avatar
18 votes
4 answers
163k views

HAProxy logging to syslog

I installed HAProxy 1.5 via apt-get on ubuntu 14.04 via ppa:vbernat/haproxy-1.5 as per this Debian repository selection tool. The problem is it logging to /var/log/syslog instead of /var/log/haproxy....
Petah's user avatar
  • 650
16 votes
2 answers
16k views

No more logging after upgrade to Debian Wheezy

Syslog, auth.log, kern.log and messages log files are not updated anymore after upgrading to Debian Wheezy (Debian Squeeze was previously running). How could I fix it?
Th. Ma.'s user avatar
  • 527
16 votes
3 answers
106k views

logrotate does not compress /var/log/messages

Over time I noticed some logs in /var/log such as auth, kern and messages were getting huge. I made logrotate entries for them: $ cat /etc/logrotate.d/auth.log /var/log/kern.log { rotate 5 ...
Mike Mazur's user avatar
  • 6,323
15 votes
3 answers
96k views

Sending audit logs to SYSLOG server

I'm running several RHEL based systems which utilize the audit functionality within the 2.6 kernel to track user activity and I need to have these logs sent to centralized SYSLOG servers for ...
syn-'s user avatar
  • 493
15 votes
3 answers
24k views

Deciphering continuing mpt2sas syslog messages

Summary I have been getting these cryptic messages in syslog since I installed some new hardware and I can't figure out what the problem is, if it's serious, or what to do about it. They're from the ...
Chris Smith's user avatar
15 votes
1 answer
24k views

Any logs of if/when "at" jobs were executed? [duplicate]

I've setup a couple of "at" jobs to execute at specific times on CentOS 5. This morning I don't see these commands in the queue ("atq"), as expected, but I also don't see were can I check whether the ...
Capt. Crunch's user avatar
15 votes
4 answers
36k views

How can I reduce the verbosity of certain Ansible tasks to not leak passwords into syslog?

Sometimes I would like to use Ansible's lineinfile or blockinfile modules to write a password into some configuration file. If I do so, the whole line or block, password included, ends up in my syslog....
aef's user avatar
  • 1,785
14 votes
1 answer
46k views

How do I setup rsyslog to send all logs to multiple remote servers?

I am trying to make rsyslog to send all logs to 2 remote servers, but it seems rsyslog only sends to the secondary server if the first one fails. *.* @@server1 *.* @@server2 If I put the above in /...
Daniele Testa's user avatar
14 votes
1 answer
7k views

Remove UFW Block from kern.log and sys.log

Using Nginx, Wordpress and Ubuntu 16. I am constantly bombarded with these messages in kern.log , syslog and ufw.log Nov 28 21:02:28 kernel: [246817.450026] [UFW BLOCK] IN=eth0 OUT= MAC=xx.xx SRC=...
JoaMika's user avatar
  • 509
13 votes
3 answers
51k views

how to filter rsyslog messages by tags

I have several applications and scripts that I want to redirect the output to custom files. I launch those applications using command | logger -t TAG I would like to filter these messages based on ...
mistyrouge's user avatar
13 votes
4 answers
33k views

Is there a way to remove "Last message repeated x times" from logs?

I have a script that updates me on any changes to the kernel log on my (Debian) servers. The problem is that occasionally the log contains lines like: last message repeated 4 times I realize that ...
Brent 's user avatar
  • 23.5k
13 votes
7 answers
5k views

How did you implement log management on your servers?

I'm trying to figure out how other people implement their log management systems. I have 20-30 Linux servers and a few Windows boxes (most of them virtualized). We utilize a lot of Perl and Bash ...
Edward's user avatar
  • 449
13 votes
1 answer
360 views

How do I make sec ignore a timestamp properly

I have a rule that is set up like so; In /etc/sec/rules.d I have; type=SingleWithSuppress ptype=regexp pattern=(\S+) sshd\[\d+\]: PAM \d+ more authentication failures\; logname=.* uid=.* euid=.* tty=...
Ethabelle's user avatar
  • 2,042
13 votes
6 answers
20k views

Open source tomcat log viewer

I'm managing several tomcat instances (aprox 30-35) and looking for some console to centralize the logs. I tried php-syslog-ng before (no with tomcat), and found it useful. I would like that these ...
user avatar
12 votes
4 answers
22k views

How can I make syslogd email certain log messages to me?

I'd like to be able to get an email notification whenever syslogd logs something of, say err priority or higher. Assume this is a BSD compatible syslog daemon. Can this be accomplished? Should I ...
jason's user avatar
  • 222
11 votes
1 answer
32k views

Tool for testing syslog

Does anyone know of a tool or a script that I could use to send messages to syslog? I'm trying to troubleshoot a syslog configuration, and I'm having trouble eliminating possibilities. What I would ...
Rich's user avatar
  • 1,353
11 votes
6 answers
18k views

Good syslog server for Windows [closed]

I've been trying to find a "good" syslog server to provide centralized application login for a distributed system we've built. Our application logging system can not only log to files but also to a ...
Todd's user avatar
  • 243
11 votes
4 answers
21k views

How to allow non-root user to listen on privileged port?

I want syslog to run as a non-root user on my linux box. That makes it impossible for it to bind to port 514 - because that's a privileged port. Is there any way I can grant non-admin user "foo" the ...
Dan Goldburt's user avatar
11 votes
1 answer
28k views

Getting journald logs to a plain text file

I want to log journald logs to a file so I can later on fetch it and send it to Logstash. I thought about running syslog-ng and make it a client of journald, so I'd get syslog files. I'm using Docker ...
Jose Armesto's user avatar
10 votes
3 answers
43k views

Is there a way to filter syslog entries?

I have a cluster of Linux servers that are fronted by a load-balancer, which probes each server every 5 seconds to determine if it's operational. These probes generate a lot of useless noise in the ...
gharper's user avatar
  • 5,485
9 votes
2 answers
30k views

Can Journalctl and syslog be used in paralled?

I'm having a hard time understanding how logging works on linux. Since the inclusion of systemd, it seems a bit easier, but I still have a couple of concepts that still can't fully understand. Given ...
RedNano's user avatar
  • 343
9 votes
1 answer
18k views

Rsyslog.conf disable mail.info and/or disable postfix reporting

I have log entries like: Apr 8 10:25:31 monitor postfix/smtpd[3131]: connect from localhost[127.0.0.1] Apr 8 10:25:31 monitor postfix/smtpd[3131]: lost connection after CONNECT from localhost[127.0....
user avatar
9 votes
5 answers
10k views

How to log multiline message with logger command?

I want to log a multiline message into the system logger via the commabnd echo -e "foo\nbar" | logger But it appear as 2 logs. Is it possible to log as a single log?
Howard's user avatar
  • 2,195
8 votes
5 answers
56k views

Linux: how to send new lines in log files to remote syslog?

We have several applications which are generating their own plain-text log files, which I would like to forward to a remote syslog server for centralized logging. I do not have access to root on ...
Michael Martinez's user avatar
8 votes
5 answers
24k views

Does this log indicate the server reboooted?

I have a webserver I think rebooted at some point .. mostly because apache wasn't serving sites and it usually does that when someone starts it and doesn't enter the SSL cert's password ... and a ...
erik's user avatar
  • 99
8 votes
3 answers
3k views

To use syslog or not [closed]

Can someone make a decent case here: I want to use syslog so logging is integrated and so I can direct it based on severity etc not to mention log rotate, but at the same time I like the idea of ...
Atomiklan's user avatar
  • 559
8 votes
5 answers
28k views

How do I stop postfix log info going into syslog?

We have a vps running Ubuntu 10.04.4 LTS, and while trying to find a solution to a php problem, I've become aware of what looks like a problem with the syslog system - I'm not sure though. The syslog....
Paulioliolio's user avatar
8 votes
3 answers
22k views

SNMPD not binding correctly

OS: Debian 5.0.3 SNMPD Version: 5.4.1 I have the following two lines in my snmpd.conf file: interface eth0agentaddress udp:161 I'm getting the following errors in my syslog: Oct 5 18:04:44 ...
chizou's user avatar
  • 477
8 votes
3 answers
16k views

Add a local application to syslog excluded from /var/log/messages

I have an application which logs to syslog facility local1. I would like to configure syslog to send all local1 messages to a log file separate from /var/log/messages -- that turned out to be easy. ...
Josh's user avatar
  • 9,258
8 votes
3 answers
12k views

Syslog forwarding loses original hostname

I have DMZ hosts forwarding to a DMZ syslog which in turn forwards all the syslog messages to an internal syslog server. It's working fine for the most part but the internal syslog host messages ...
garg's user avatar
  • 635
8 votes
4 answers
7k views

Logging atd messages via syslog

I am running CentOS 5.3 and would like to log all messages from the "at" daemon. My syslog.conf contains the following entry: cron.* /var/log/cron I assumed that cron line in syslog refers to the ...
Gurunandan Bhat's user avatar
8 votes
1 answer
9k views

How to forward Docker container logs to ELK?

I would like to know what is the easiest way to forward my docker container logs to an ELK server, so far the solutions I have tried after having searched the internet didn't work at all. Basically ...
ndarkness's user avatar
  • 193
8 votes
2 answers
14k views

Nginx log to syslog on TCP port

I need to redirect Nginx access and error logs to a remote syslog server. From http://nginx.org/en/docs/syslog.html I saw that I can do: error_log syslog:server=192.168.1.1; However I need to ...
int 2Eh's user avatar
  • 193
8 votes
1 answer
1k views

ELK Stack (Logstash, Elasticsearch and Kibana) with concurrent remote syslog server?

I'm building a log analyser service to start monitoring mainly our pfSense Firewalls, XenServer Hypervisors, FreeBSD/Linux servers and Windows servers. There's a lot of documentation on the internet ...
Vinícius Ferrão's user avatar
8 votes
2 answers
5k views

Formal separation marker of syslog events?

I've been looking at RFC5424 to find the formally specified marker that will end a syslog event. Unfortunately I couldn't find it. So If I wanted to implement some small syslog server that reacts on ...
serverhorror's user avatar
  • 6,508
7 votes
2 answers
10k views

Is it still allowed to have log files under the new GDPR? [closed]

Is it still allowed to have server access log files under the new GDPR? Because of the gathering of IP addresses is not allowed, I can imagine that system operators are in violation of the law in ...
C.A. Vuyk's user avatar
  • 632
7 votes
3 answers
9k views

How can I suppress Postfix anvil statistics from system logs?

After every email sent through my mail server, postfix/anvil appends something like the following: Nov 9 15:09:11 keutenberg postfix/anvil[30006]: statistics: max connection rate 1/60s for (smtp:103....
squircle's user avatar
  • 524
7 votes
2 answers
10k views

rsyslogd: Any way to get around the number of local facilities?

We have about 9-10 appliances we want to direct the logging to our rsyslog server for. However, there's only 8 local facilities (0-7). How can we get around this limitation?
Belmin Fernandez's user avatar

1
2 3 4 5
14