Questions tagged [rsyslog]
rsyslog is an enterprise-ready replacement for the syslog daemon on Linux and other UNIX operating systems.
690
questions
0
votes
0
answers
11
views
How I can send logs through syslog due to another process state?
I'm trying to set up rsyslog to process messages from the audispd program using a custom script, check.sh. The script is supposed to check if a specific process is running, and if it is, discard the ...
- 1
0
votes
0
answers
15
views
systemd-239 not installing rsyslog SystemLogSocketName
I have a system with Redhat7.9 where rsyslog is receiving journald logs via /run/systemd/journal/syslog. This is configured by the file located under /etc/rsyslog.d/listen.conf.
$ cat /etc/rsyslog.d/...
- 1,904
0
votes
0
answers
37
views
Provide a concise example of how to use rsyslog's immark module
I am seeking a working example that uses the immark module of rsyslog. I tried this nonsensical example just to see what it does:
# maybe in a file called "immark.test"
module(load="...
0
votes
0
answers
26
views
unencryted rsyslog through wireguard tunnel
We have a server and two cients with wireguard on them. The server is 10.10.10.1, the first
client is 10.10.10.2 and the second client is 10.10.10.3. The tunnel works and I can
ping from server ->...
0
votes
0
answers
58
views
Kubernetes pod name or print something unique in the pod logs entries or any alternative (rsyslog implementation)
I have implemented Rsyslog server for fetch the pod logs from EKS nodes (Rsyslog client). Everything is working fine but in the logs I need pod name or something uniq to identify the log entries ...
0
votes
1
answer
81
views
Is there a way to prevent log spamming with rsyslog?
I have AuditD running and one process like to constantly spawn children processes that do the same activity. Is there a way to have rsyslog not send in the same log message again? The hard part is the ...
- 3,941
0
votes
0
answers
168
views
Re-configuration of rsyslog
Probably a bit of an "off-kilter" question, but I want to conduct some experiments with rsyslog. I'd like to configure it to log nothing except the messages that I send with logger.
This is ...
- 295
0
votes
0
answers
33
views
Rsyslog is not saving logs from different networks correctly
I am trying to set up rsyslog server, that would save the logs into database. I coded web app easily maintain and search through logs. But I have multiple networks there (not at home, but in work ...
- 1
0
votes
1
answer
124
views
Rsyslog filter on machine hostname and not previous rsyslog server
I have a requirement to forward logs from hostname X to IP 1.1.1.1. However, the feed that is being received is from another Rsyslog server Y. Due to this, the existing condition is not working as it ...
0
votes
1
answer
143
views
How can I prepend the sender IP on each line in Rsyslog, using the newer template() syntax?
I've run an rsyslog server at our organization for a decade or so now. When we get a new device we want to centralize the logging for, we point it at the rsyslog server's IP address and away it logs.
...
0
votes
0
answers
28
views
Rsyslog storing only certain type of events in a file
I am collecting TM Deepsecurity events on my syslog server. The TM manager sends logs to my syslog server on port 514. There are two types of events TM sends. Deep Security Agent & Deep ...
- 1
0
votes
0
answers
42
views
How to get syslogd and/or Apache2 to STOP logging DEBUG messages to console
When I SSH into one of my Linux boxes (Ubuntu 20.04.2), I periodically see messages appear on the console screen:
Message from syslogd@my-hostname at Jan 30 21:35:17 ...
apache2: [MY-APP] DEBUG - 2024-...
- 1
0
votes
1
answer
35
views
How to send rotated logs to rsyslog server?
I want to send all the rotated logs from client to my rsyslog server.
I already tried using the modfile, but it sends the running logs not the rotated logs (gunzip).
0
votes
1
answer
53
views
Failed to make rsyslog filter to particular file
I configure the rsyslog server with /var/rsyslog/foo.conf to accept the udp messages
$ModLoad imudp
$UDPServerRun 514
And try to filter the log contents start with "foo" to /var/log/foo.log....
- 101
7
votes
2
answers
23k
views
Where is some os logs in Debian 12
It seems that some of the system log files (/var/log/syslog, /var/log/auth.log, /var/log/kern.log, ...) have been removed in the latest version of Debian, Debian Bookworm. What should be done to ...
- 373