Unix and Linux Stack Exchange
Unix and Linux Stack Exchange

Questions tagged [rsyslog]

rsyslog is a popular syslog daemon implementation commonly used on many Linux distributions, e.g. it is the default syslog daemon on Debian.

433 questions
142
votes
1 answer

How to do a `tail -f` of log rotated files?

On a long running system I usually have a terminal with $ tail -f /var/log/kern.log or something like this open. But from time to time I have to restart such command because no new messages are displayed anymore. I assume this is because of the log…
maxschlepzig
  • 56,316
  • 50
  • 205
  • 279
91
votes
2 answers

Understand logging in Linux

As I understand, Linux kernel logs to /proc/kmsg file(mostly hardware-related messages) and /dev/log socket? Anywhere else? Are other applications also able to send messages to /proc/kmsg or /dev/log? Last but not least, am I correct that it is the…
Martin
  • 7,284
  • 40
  • 125
  • 208
29
votes
2 answers

add new syslog facility

I would like to use syslog to log messages coming from my PHP based site. My question is - can I add custom facility name? I know there are predefined facilities like: auth, authpriv, cron, dæmon, kern, lpr, mail, mark, news, syslog, user, UUCP and…
Stann
  • 2,159
  • 5
  • 23
  • 24
19
votes
4 answers

rsyslog not logging

This is an odd issue. I was testing the chrony/ntp services on a RHEL7 VM and was resetting its time as well as the host's. Once I was satisfied with it I checked /var/log/messages and realized it hadn't been changed in a while. Now no matter what I…
Arkandel
  • 343
  • 2
  • 3
  • 6
16
votes
2 answers

How to tell rsyslog to create log file if not there?

Default behaviour by rsyslog is to append traces to an existing log file. Now, I've seen (CentOs, Scientific Linux) that when rsyslog is already running, you delete the log file (e.g. the one dedicated to log traces from your application), you then…
fduff
  • 4,925
  • 4
  • 35
  • 39
16
votes
2 answers

How should I send systemd logs to a dedicated logging server

In the past, I have used syslog-ng or rsyslog to send system logs to a dedicated logging server somewhere else on the network. With systemd however, things like the sudo commands that previously were stored in /var/log/secure or /var/log/auth.log…
James Shewey
  • 1,126
  • 2
  • 11
  • 18
14
votes
1 answer

rsyslogd HUPed repeatedly

Noticing that for a VM box, getting in the logs that rsyslogd process gets HUPed. Finding no ideas except a few post in some forums saying this is for logrorate. Any ideas how to fix/troubleshoot…
Rituraj
  • 313
  • 1
  • 2
  • 9
14
votes
1 answer

What does the *.*;auth,authpriv.none -/var/log/syslog line mean in rsyslog config file?

I'm trying to understand the /etc/rsyslog.conf file, but I'm missing something. For example, this is a part of the file: auth,authpriv.* /var/log/auth.log *.*;auth,authpriv.none -/var/log/syslog cron.* …
Mikhail Morfikov
  • 10,309
  • 19
  • 69
  • 104
12
votes
1 answer

Suppress duplicate messages in rsyslog?

Is there a way to configure rsyslog to suppress identical duplicate messages? In certain situations (often hardware failures) my syslog can grow to 100 MB or more due to repeated messages every quarter-second or so.
David Pfeffer
  • 379
  • 1
  • 3
  • 12
12
votes
4 answers

Prevent rsyslog from logging remote hosts messages to local /var/log/syslog

I use rsyslog to save logs from remote hosts to a server this way: Server: # Logfile for each host $template DynaFile,"/var/log/rsyslog/%HOSTNAME%.log" *.* -?DynaFile Clients: *.* @servername This creates log files for every client host in servers…
Michael
  • 1,583
  • 3
  • 13
  • 19
11
votes
2 answers

rsyslogd eating up 20+ GB (!) of RAM - what evidence to gather?

I have a Ubuntu 14.04.3 box running kernel 3.13.0-74 with 32GB RAM, which features a rsyslogd process gone mad: $ ps -auxww | grep rsyslog syslog 16212 0.7 64.0 27966168 21070336 ? Ssl Jan04 180:31 rsyslogd -c 5 -x $ free -m …
sxc731
  • 381
  • 2
  • 4
  • 10
10
votes
2 answers

Parse syslog messages into separate MySQL tables with rsyslog

Out of the box rsyslog will dump everything into the SystemEvents table within the `Syslog database (if you use the default schema provided). I would like to use a regular expression to filter inbound messages into separate database tables. I've…
efk
  • 231
  • 2
  • 5
10
votes
2 answers

Rsyslog not creating log files

I'm hardening an Ubuntu 14.04 VM to CIS standards and am having a problems getting rsyslog to create the necessary files. Note: I'm getting better with Linux but I'm no master yet, please excuse any ignorance. I inserted a file…
JaReg
  • 143
  • 1
  • 2
  • 8
10
votes
3 answers

decrease kernel boot log verbosity level

When my kernel boots, apart from the useful important information, it prints lots of debugging info, such as .... kernel: [0.00000] BIOS-e820: [mem 0x0000000000000000-0x000000000009d3ff] usable kernel: [0.00000] BIOS-e820: [mem…
Martin Vegter
  • 69
  • 66
  • 195
  • 326
10
votes
3 answers

Tomcat 7 not producing log output to catalina.out on RHEL7

I have a RHEL7 server with Apache Tomcat 7.0 installed and after a recent update to RHEL7.1 all of the logging to ${catalina.base}/logs/catalina.out was stopped. However I am receiving the logs inside journalctl. If I type journalctl -u tomcat I do…
xterrez
  • 101
  • 1
  • 1
  • 4
1
2 3
28 29