similar to: rsyslog.conf - why the "-" in this entry? mail.* -/var/log/maillog

Hello everyone, We have some chrooted sftp-only users on a CentOS release 6.6 server. The server had been logging their actions, but after recent updates the logs have stopped. The server correctly logs non-chrooted users: Sep 14 17:47:24 vsecure4 sshd[1981]: Accepted publickey for jcours from 192.168.10.166 port 42545 ssh2 Sep 14 17:47:24 vsecure4 sshd[1981]: pam_unix(sshd:session):

I have several network appliances, and I want aggregate their syslog output for later analysis. Eventually I might think about a Splunk box, but for the interim I'm hoping to just build a CentOS 6 syslog server and have it aggregate everything on it for quick review. I installed rsyslog and am looking through the /etc/rsyslog.conf file for what I configure to (a) listen for syslog input from

Hi, My rsyslog is not working as expected. I have some thing in rsyslog.d that do well, like this: # Log all iptables stuff separately :msg, contains, "iptables: " { action(type="omfile" file="/var/log/iptraf/info") } No problems with that. Bu what's in /etc/rsyslog.conf like: mail.* /var/log/mail/info don't do anything at all. Rsyslogd -N1 is OK,

Hi, My apologies if this isn't the right place to ask this question. We have trying to setup auditing in Samba but can't seem to get it to work. The audit log file is empty and we see some entries about file/folders in the /var/log/samba/%m but not the actual audit bits. Can someone please assist or point in the correct direction? syslog = 0 log file = /var/log/samba/%m Log level = 0

Nodes will use rsyslog to forward their logs to the server in /var/log/remote. --- installer/modules/ovirt/files/rsyslog.conf | 65 ++++++++++++++++++++ installer/modules/ovirt/manifests/ovirt.pp | 26 ++++++++ .../modules/ovirt/templates/ovirt-dns.conf.erb | 1 + ovirt-server.spec.in | 3 + scripts/ovirt-rsyslog-kerbsetup

TODO: Fix selinux :P --- Makefile.am | 1 + ovirt-node.spec.in | 3 ++ scripts/ovirt | 3 ++ scripts/ovirt-managed-rsyslog | 72 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 79 insertions(+), 0 deletions(-) create mode 100755 scripts/ovirt-managed-rsyslog diff --git a/Makefile.am b/Makefile.am index 0374f07..5201a79 100644

How can I disable PostFix maillog ( /var/log/maillog ) ?

On Sat, 5 May 2018 11:11:21 -0300 "Ethy H. Brito via samba" <samba at lists.samba.org> wrote: > On Sat, 5 May 2018 23:40:47 +1000 > Robin G via samba <samba at lists.samba.org> wrote: > > ... > > > > full_audit:prefix = %u|%I|%S > > full_audit:failure = none > > full_audit:success = mkdir rmdir read pread write pwrite

On Thu, July 23, 2015 13:19, m.roth at 5-cent.us wrote: > Physically dragging the thread back on topic... > > I really am going crazy, trying to deal with the hourly logs from the > loghost. We've got 170+ servers and workstations... but a *very* large > percentage of what's showing up is from his bloody new fedora 22, with > its idiot systemd logging of *ever* selinux

Hi, I have problems with rsyslog on C7. In /etc/rsyslog.d/iptables.conf I have: # Log all iptables stuff separately :msg, contains, "iptables: " { action(type="omfile" file="/var/log/iptraf/info") stop } THis works fine. In /etc/rsyslog.d/mail.conf I have: # Log all the mail messages in one place. if ($syslogfacility-text == 'mail') then {

And no sooner do I send the email than I spot the problem. Oops! Sorry about that. The sshd_config needed to contain a different internal-sftp line: Match User test-sftp-only ChrootDirectory /home/sftp/mcsosftp ForceCommand internal-sftp -f AUTHPRIV -l INFO PasswordAuthentication no AuthorizedKeysCommand /usr/local/bin/get_sftp_key That's gotten

Hi all! Is anybody here using rsyslog? I am looking for the right solution how to use rsyslog in CentOS 5 as the default logging daemon. We use it because of filtering using regular expressions. I switched from sysklogd to rsyslog simply using chkconfig --del syslog chkconfig --add rsyslog chkconfig rsyslog on service syslog stop service rsyslog start but this seems not to be

The system is an AWS Instance based on a community CentOS 6.4 AMI snapshot. The vdisk is as follows as shown below [1] The root LVM contains /var/log/ I have attached another block device with ext4 FS. I copied the files from /var/log to this device (mounted on /mnt) and then changed /etc/fstab to mount this device on /var/log on boot. However, I do not see anything being logged in

This works for splitting off lmtp traffic, for instance. syslog_facility = uucp rsyslog: :msg, contains, "lmtp(" -/var/log/dovecot/lmtp.log & stop uucp.=debug -/var/log/dovecot/debug.log uucp.=info -/var/log/dovecot/dovecot.log uucp.=warn -/var/log/dovecot/warn.log uucp.=err

Adds rsyslog configaration module --- scripts/logging.py | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 89 insertions(+), 0 deletions(-) create mode 100755 scripts/logging.py diff --git a/scripts/logging.py b/scripts/logging.py new file mode 100755 index 0000000..6a32b7a --- /dev/null +++ b/scripts/logging.py @@ -0,0 +1,89 @@ +#!/usr/bin/python +# +# Configures

Hello, Some time ago I wrote PR conf/48170, which discussed the following problem: Syslog messages of facility LOG_AUTHPRIV and priority LOG_NOTICE (or higher) are sent by default to the world-readable log file /var/log/messages. That seems unacceptable since the facility LOG_AUTHPRIV is for hiding sensitive log messages inside a protected file, e.g., /var/log/auth.log. For example, login(1)

On 04/18/2016 07:09 PM, lingpanda101 at gmail.com wrote: > On 4/18/2016 12:52 PM, Johannes Amorosa | Celluloid VFX wrote: >> >> On 04/15/2016 04:36 PM, lingpanda101 at gmail.com wrote: >>> On 4/15/2016 10:08 AM, Johannes Amorosa | Celluloid VFX wrote: >>>> Hello, >>>> we're using sambas internal DNS server. >>>> >>>> Is

I hoped I don't have to switch to syslog logging. Well, anyway. I changed 10-logging.conf: syslog_facility = uucp and commented out the other log lines. rsyslog.d/50-default.conf: uucp.debug -/var/log/dovecot/debug.log uucp.info -/var/log/dovecot/dovecot.log uucp.warn -/var/log/dovecot/warn.log uucp.err

Hi all, Somebody can helps me with rsyslog configuration to use it as a log centralized server?? I am trying several configs without luck, and all examples that I found are related to v3 and nothing about v2 that ships with CentOS or RHEL. I am trying to do something like this: $template DynFile,"/var/log/rsyslog/%HOSTNAME%/secure" if $source != 'localhost' and

Peter Eckel wrote: > Hi all, > > I know this comes from upstream (and most likely from the rsyslog project itself), but what's your opinion about Google Ads in system documentation files? > >> [peckel at mucnvjmppmtr01 ~]$ cat /etc/redhat-release >> Red Hat Enterprise Linux Server release 6.7 (Santiago) >> [peckel at mucnvjmppmtr01 ~]$ grep google