similar to: rsyslog as default syslog daemon?

Hi, I recently had a machine filling up its harddisk with syslog and tinc pilling up milions of messages like this: "Error while reading from Linux ethertap device /dev/net/tun: File descriptor in bad state" I remembered that there was a difference between rsyslog and other loggers, where one of those was skipping those messages, and simply was displaying: "this message has been

I have several network appliances, and I want aggregate their syslog output for later analysis. Eventually I might think about a Splunk box, but for the interim I'm hoping to just build a CentOS 6 syslog server and have it aggregate everything on it for quick review. I installed rsyslog and am looking through the /etc/rsyslog.conf file for what I configure to (a) listen for syslog input from

Hi All. I've used syslog-ng for some time. I like it. I have a project in which I need to choose a central logging solution. What are your experiences with rsyslog? Is it more complex to setup than syslog-ng? Or maybe does it have some additional features? I am also thinking about using some gui tools for log parsing and graphing. May be proprietary/paid. Any suggestions? Best regards,

Hello, I recently upgraded a server from CentOS 6.2 to 6.3 I found a change in the behavior of rsyslog's configuration file that I found particularly interesting. The "$PreserveFQDN on" directive was not being recognized as the config remained unchanged during the upgrade. This incorrect behavior caused the host to syslog with only the host name and not it's fully qualified

Hi there, I am slightly confused by the RHEL release notes and an earlier thread here about rsyslogd, so I hope someone can clear this up for me; I see that rsyslog is included in RHEL as of 5.2 (and so will be available in CentOS when 5.2 is ready) however there is no indication of whether it has been made the default syslogger or not - is it an optional package or installed by default on a

Peter Eckel wrote: > Hi all, > > I know this comes from upstream (and most likely from the rsyslog project itself), but what's your opinion about Google Ads in system documentation files? > >> [peckel at mucnvjmppmtr01 ~]$ cat /etc/redhat-release >> Red Hat Enterprise Linux Server release 6.7 (Santiago) >> [peckel at mucnvjmppmtr01 ~]$ grep google

Dear CentOS folk, I've been try to solve one issue with rsyslog on CentOS 6, but can't figure it out. I've searched through rsyslog documentation, and used Google but not found anything that matches my issue. I'm sending output of a program to rsyslog using "logger -t progname". I've got the following config snippet in /etc/rsyslog.d: $FileCreateMode 0644 if

centos 6.4, setup to be syslog server. Doing remote syslog using tcp works fine, so now want to add relp. I installed the rsyslog-relp package and told rsyslog.conf to use it: # RELP Syslog Server: $ModLoad imrelp # provides RELP syslog reception $InputRELPServerRun 20514 when I restart rsyslog I am told it does not like my InputRELPServerRun line: Oct 28 13:43:54 scan rsyslogd: [origin

Hi, My rsyslog is not working as expected. I have some thing in rsyslog.d that do well, like this: # Log all iptables stuff separately :msg, contains, "iptables: " { action(type="omfile" file="/var/log/iptraf/info") } No problems with that. Bu what's in /etc/rsyslog.conf like: mail.* /var/log/mail/info don't do anything at all. Rsyslogd -N1 is OK,

On Mon, 4 Feb 2008 08:15:24 +1300, martin f krafft wrote: > logcheck has the policy not to ignore restart messages. Thanks for > the patch, please understand that I won't be including it. Quote from README.logcheck-database: "Unfortunately, we don't have the time to add and update rules for everything, therefore the following exceptions apply: * Debug messages * Messages

Hello, I'm trying to send Dovecot logs to a Graylog server. To do this, I'd like to pass logs to rsyslog and rsyslog pass logs to remote Graylog server. I set in dovecot.conf : syslog_facility = local5.info I set in rsyslog.conf : local5.info @192.168.xxx.xxx:5555 Restarted services and it doesn't work. I use nmap to test if port 5555 is opened and this port is open. What

Hello All, Does the rsyslog version in CentOS 5 support expression based filters? I'm asking because a filter I believe should be working, isn't and I cannot figure out why. I'm trying to get the following expression working (might wrap): if $source == 'astappsrv2' and $programname == 'asterisk' then /var/log/asterisk/astappsrv2.log Every time I restart rsyslog, I

The system is an AWS Instance based on a community CentOS 6.4 AMI snapshot. The vdisk is as follows as shown below [1] The root LVM contains /var/log/ I have attached another block device with ext4 FS. I copied the files from /var/log to this device (mounted on /mnt) and then changed /etc/fstab to mount this device on /var/log on boot. However, I do not see anything being logged in

I have multiple servers running stock CentOS 7 rsyslog 7.4.7-16.el7, which are configured to log locally and over TCP to a remote logserver, also running stock CentOS 7 rsyslog. The remote server uses imptcp to receive, and pretty basic rules to parse and commit to disk. I have several systems that log prolifically, but periodically, they stop soon after the remote log server HUPs (daily

I have an rsyslog server which is running Debian Stable, and its version of rsyslog is 4.6.4-2. All of my Debian Stable server can send log to it now. and run both nc $IP $PORT <<< "HELLO" and echo "HELLO" | nc $IP $PORT on client, I can get log on the server. While for my CentOS 5.7 server, nc $IP $PORT <<< "HELLO" works well, but echo

In /etc/sysconfig/named that gets installed along with bind-chroot there is a comment that basically says: Don't forget to add "$AddUnixListenSocket /var/named/chroot/dev/log" line to your /etc/rsyslog.conf file. All these little touches you need to find out about. But is there any order in rsyslog.conf? Do I just add this line to the end of it?

I've setup my rsyslog server to forward traffic to another rsyslog server on my network. It's using gTLS to encrypt the messages in transit. selinux is not allowing rsyslogd to read the certificates. They are world readable, so I don't think that is the problem. When I turn selinux mode to permissive, it works fine. What context should the ssl certificates be in for rsyslog to be

In dealing with an unrelated issue I came across this in rsyslog.conf. # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* -/var/log/maillog # Log cron stuff cron.* /var/log/cron Why is there a "-"

So I have asterisk 1.8.23 and want to send my logs to rsyslog. I tell asterisk to use syslog in addition to messages: root at voip:~# tail -10 /etc/asterisk/logger.conf ;debug => debug console => notice,warning,error ;console => notice,warning,error,debug messages => notice,warning,error ;full => notice,warning,error,debug,verbose,dtmf,fax ;syslog keyword : This special keyword

Does anyone know of a CentOS-5 (el5) repo for rsyslog, that's being maintained on a relatively regular basis? I checked all the usual suspects (dag, karan, epel, etc.), but they either don't have rsyslog at all, or they have an old version. Currently, I'm doing a rebuild of the Fedora-8 srpm, but it's at version 2.0.2. I wanted to move to 3.11.x for the disk-assisted