Unix and Linux Stack Exchange
Unix and Linux Stack Exchange

Questions tagged [rsyslogd]

51 questions
15
votes
4 answers

How do I restore `/dev/log` in systemd+rsyslog host?

On RHEL7, systemd-journald takes over many of the responsibilites of what was once done by rsyslogd. Whether by bug or conflict between these two daemons, sometimes /dev/log will go missing. As a result, programs relying on the syslog(3) call will…
Otheus
  • 5,945
  • 1
  • 22
  • 53
4
votes
1 answer

How to disable messages from syslogd for my own user?

I am using a Centos Linux OS with ssh tools. I get these messages every minute. Message from syslogd@rakhsh4 at May 6 17:48:34 ... kernel:[Hardware Error]: Corrected error, no action required. Message from syslogd@rakhsh4 at May 6 17:48:34 ... …
sajad.k
  • 41
  • 1
  • 2
4
votes
3 answers

syslog duplicate all content

I have a problem that anything that printed to syslog file is appear as duplicate. My search on network show me that /etc/rsyslog.conf contain attribute that should avoid such thingRepeatedMsgReduction on Unfortunately it just have no influence on…
Sergey Meerovich
  • 61
  • 2
  • 7
3
votes
1 answer

How to redirect rsyslog messges from a specific unix socket to a different log file without duplication?

I have been trying to implement separate logging for haproxy. But I end up with duplicate logging and can't separate logs based on the input socket or facility alone. My sample configuration in haproxy: Global configuration: log …
GP92
  • 775
  • 6
  • 15
  • 31
2
votes
1 answer

rsyslogd sometimes doesn't write the initial bits of dmesg to /var/log/syslog

I have a Linux machine running Ubuntu 16.04.7 LTS that uses rsyslogd. My understanding of rsyslogd is that it rotates the content from the kernel ring buffer (ie, dmesg) to an on-disk file (ie, /var/log/syslog). So nominally in /var/log/syslog, I…
Ken Lin
  • 153
  • 4
2
votes
0 answers

secure log file data not up to date, behind a few hours

When I tail -f my /var/secure log file the data in it is about 3 hours behind the current time. This only happens when someone attacks this particular server and the secure log files blows up with attempts. Eventually the log file will catch up when…
saleetzo
  • 570
  • 2
  • 9
  • 23
2
votes
2 answers

How to split logs into monthly, daily and hourly folders when bringing in syslog events?

I am bringing in log files via rsyslog and my config looks like the following: root@rhel:/etc/rsyslog.d# head mail_prod_logs.conf if $fromhost-ip=="10.10.10.10" and $programname=="AMP_Logs" then -/var/log/mail_logs/amp.log My logs are all stored in…
sectechguy
  • 127
  • 1
  • 8
2
votes
0 answers

Why might rsyslog %syslogtag% display "(none)"?

Given the following lines in an instance of /etc/rsyslog.conf: $template MyFmt, "%timereported:::date-year%%timereported:::date-month%%timereported:::date-day%_%timereported:::date-hour%%timereported:::date-minute%%timereported:::date-second%…
StoneThrow
  • 1,575
  • 5
  • 19
  • 41
2
votes
1 answer

Use filter rule to redirect _and_ remove from syslogd

Adding this to /etc/rsyslog.d/myapp.conf helpfully sends messages to a dedicated log file. :programname, isequal, "myapp" /var/log/myapp.log The log messages go in my new log file, but they are also being placed in /var/log/syslog as well. How do…
Jay
  • 143
  • 6
2
votes
1 answer

rsyslog: How can I ensure that rsyslog gives an error/debug message whenever the messages are being dropped?

I am using rsyslog to read the logs from an input file (using imfile module) and to send the logs to a remote server using RELP (module omrelp). I am using an action queue for this. It is a disk-assisted queue. The rsyslog is running as a background…
user3351603
  • 21
  • 2
2
votes
1 answer

Why is rsyslog not listed when I run service?

I'm trying to learn about rsyslog. On one of my linux boxes, I think that rsyslog has been configured to run through systemd based on this output: >systemctl status rsyslog rsyslog.service - System Logging Service Loaded: loaded…
StoneThrow
  • 1,575
  • 5
  • 19
  • 41
1
vote
1 answer

What is the meaning of the daemon facility in rsyslog.conf on Red Hat Linux

I'm looking for detailed information about what the daemon facility would log if configured in /etc/rsyslog.conf. So far, the most detail I have found is: daemon: affects a daemon without any special classification (DNS, NTP, etc.)…
Tech109
  • 13
  • 3
1
vote
1 answer

rsyslog: append source IP in log file name

I have a number of hosts sending logs to rsyslog server, and I'd like to distinguish them by adding their IP, i.e. /var/log/10.10.10.1-messages.log, /var/log/10.10.10.2-messages.log and so on. At the moment all messages land in the same log file. Is…
Mark
  • 1,763
  • 5
  • 25
  • 45
1
vote
0 answers

rsyslog forwarding msg using template format to remote server

I want to send logs from 2 client servers to a single remote server. The client config : ... module(load="imfile" PollingInterval="10") # Polling every 10 secondes ... if $syslogtag == 'apache' then { action(type="omfwd"…
gduh
  • 111
  • 2
1
vote
2 answers

How can I have "rsyslogd" start automatically after a reboot?

I'm running an Ubuntu based distro Linux version 4.1.18-ipipe (ubuntu1604@ubuntu1604) (gcc version 4.9.3 (Ubuntu/Linaro 4.9.3-13ubuntu2) When this system boots up, rsyslogd is not running. So any C programs that call syslog(...) do not report any…
Izzo
  • 999
  • 1
  • 8
  • 15
1
2 3 4