similar to: chrooted bind -- addition to rsyslog.conf

Hello everyone, We have some chrooted sftp-only users on a CentOS release 6.6 server. The server had been logging their actions, but after recent updates the logs have stopped. The server correctly logs non-chrooted users: Sep 14 17:47:24 vsecure4 sshd[1981]: Accepted publickey for jcours from 192.168.10.166 port 42545 ssh2 Sep 14 17:47:24 vsecure4 sshd[1981]: pam_unix(sshd:session):

And no sooner do I send the email than I spot the problem. Oops! Sorry about that. The sshd_config needed to contain a different internal-sftp line: Match User test-sftp-only ChrootDirectory /home/sftp/mcsosftp ForceCommand internal-sftp -f AUTHPRIV -l INFO PasswordAuthentication no AuthorizedKeysCommand /usr/local/bin/get_sftp_key That's gotten

In dealing with an unrelated issue I came across this in rsyslog.conf. # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* -/var/log/maillog # Log cron stuff cron.* /var/log/cron Why is there a "-"

I have several network appliances, and I want aggregate their syslog output for later analysis. Eventually I might think about a Splunk box, but for the interim I'm hoping to just build a CentOS 6 syslog server and have it aggregate everything on it for quick review. I installed rsyslog and am looking through the /etc/rsyslog.conf file for what I configure to (a) listen for syslog input from

Jonathan Billings wrote: > On Fri, Jul 24, 2015 at 09:16:26AM -0400, James B. Byrne wrote: >> We are giving RHEL-7 a pass on this iteration. > > For what it's worth, the problem described at the beginning of this > thread doesn't happen in RHEL7. Yet. Supposedly systemd is being > rebased in 7.2 so we'll see. > > This is why Fedora exists, to work out all

Peter Eckel wrote: > Hi all, > > I know this comes from upstream (and most likely from the rsyslog project itself), but what's your opinion about Google Ads in system documentation files? > >> [peckel at mucnvjmppmtr01 ~]$ cat /etc/redhat-release >> Red Hat Enterprise Linux Server release 6.7 (Santiago) >> [peckel at mucnvjmppmtr01 ~]$ grep google

I was looking at the manpage for rsyslog.conf, primarily because I need to filter my manager's new fedora 22 logs coming to our loghost, because of the bug that I forwarded (if it gets through). At any rate, I am surprised: under selectors, I see that " The keywords error, warn and panic are deprecated and should not be used anymore." Huh? If I only want warn or more severe,

Hi all! Is anybody here using rsyslog? I am looking for the right solution how to use rsyslog in CentOS 5 as the default logging daemon. We use it because of filtering using regular expressions. I switched from sysklogd to rsyslog simply using chkconfig --del syslog chkconfig --add rsyslog chkconfig rsyslog on service syslog stop service rsyslog start but this seems not to be

Dear CentOS folk, I've been try to solve one issue with rsyslog on CentOS 6, but can't figure it out. I've searched through rsyslog documentation, and used Google but not found anything that matches my issue. I'm sending output of a program to rsyslog using "logger -t progname". I've got the following config snippet in /etc/rsyslog.d: $FileCreateMode 0644 if

centos 6.4, setup to be syslog server. Doing remote syslog using tcp works fine, so now want to add relp. I installed the rsyslog-relp package and told rsyslog.conf to use it: # RELP Syslog Server: $ModLoad imrelp # provides RELP syslog reception $InputRELPServerRun 20514 when I restart rsyslog I am told it does not like my InputRELPServerRun line: Oct 28 13:43:54 scan rsyslogd: [origin

Hi, My rsyslog is not working as expected. I have some thing in rsyslog.d that do well, like this: # Log all iptables stuff separately :msg, contains, "iptables: " { action(type="omfile" file="/var/log/iptraf/info") } No problems with that. Bu what's in /etc/rsyslog.conf like: mail.* /var/log/mail/info don't do anything at all. Rsyslogd -N1 is OK,

Hello, I'm trying to send Dovecot logs to a Graylog server. To do this, I'd like to pass logs to rsyslog and rsyslog pass logs to remote Graylog server. I set in dovecot.conf : syslog_facility = local5.info I set in rsyslog.conf : local5.info @192.168.xxx.xxx:5555 Restarted services and it doesn't work. I use nmap to test if port 5555 is opened and this port is open. What

On Thu, July 23, 2015 13:19, m.roth at 5-cent.us wrote: > Physically dragging the thread back on topic... > > I really am going crazy, trying to deal with the hourly logs from the > loghost. We've got 170+ servers and workstations... but a *very* large > percentage of what's showing up is from his bloody new fedora 22, with > its idiot systemd logging of *ever* selinux

Hello All, Does the rsyslog version in CentOS 5 support expression based filters? I'm asking because a filter I believe should be working, isn't and I cannot figure out why. I'm trying to get the following expression working (might wrap): if $source == 'astappsrv2' and $programname == 'asterisk' then /var/log/asterisk/astappsrv2.log Every time I restart rsyslog, I

The system is an AWS Instance based on a community CentOS 6.4 AMI snapshot. The vdisk is as follows as shown below [1] The root LVM contains /var/log/ I have attached another block device with ext4 FS. I copied the files from /var/log to this device (mounted on /mnt) and then changed /etc/fstab to mount this device on /var/log on boot. However, I do not see anything being logged in

I have multiple servers running stock CentOS 7 rsyslog 7.4.7-16.el7, which are configured to log locally and over TCP to a remote logserver, also running stock CentOS 7 rsyslog. The remote server uses imptcp to receive, and pretty basic rules to parse and commit to disk. I have several systems that log prolifically, but periodically, they stop soon after the remote log server HUPs (daily

I have an rsyslog server which is running Debian Stable, and its version of rsyslog is 4.6.4-2. All of my Debian Stable server can send log to it now. and run both nc $IP $PORT <<< "HELLO" and echo "HELLO" | nc $IP $PORT on client, I can get log on the server. While for my CentOS 5.7 server, nc $IP $PORT <<< "HELLO" works well, but echo

I've setup my rsyslog server to forward traffic to another rsyslog server on my network. It's using gTLS to encrypt the messages in transit. selinux is not allowing rsyslogd to read the certificates. They are world readable, so I don't think that is the problem. When I turn selinux mode to permissive, it works fine. What context should the ssl certificates be in for rsyslog to be

So I have asterisk 1.8.23 and want to send my logs to rsyslog. I tell asterisk to use syslog in addition to messages: root at voip:~# tail -10 /etc/asterisk/logger.conf ;debug => debug console => notice,warning,error ;console => notice,warning,error,debug messages => notice,warning,error ;full => notice,warning,error,debug,verbose,dtmf,fax ;syslog keyword : This special keyword

Does anyone know of a CentOS-5 (el5) repo for rsyslog, that's being maintained on a relatively regular basis? I checked all the usual suspects (dag, karan, epel, etc.), but they either don't have rsyslog at all, or they have an old version. Currently, I'm doing a rebuild of the Fedora-8 srpm, but it's at version 2.0.2. I wanted to move to 3.11.x for the disk-assisted