similar to: Rsyslog problems

Hi, I have problems with rsyslog on C7. In /etc/rsyslog.d/iptables.conf I have: # Log all iptables stuff separately :msg, contains, "iptables: " { action(type="omfile" file="/var/log/iptraf/info") stop } THis works fine. In /etc/rsyslog.d/mail.conf I have: # Log all the mail messages in one place. if ($syslogfacility-text == 'mail') then {

On 10/14/2015 01:56 PM, Jonathan Billings wrote: > lsof /dev/log Uhmm ... that is not what I expect: lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs Output information may be incomplete. COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME systemd 1 root 27u unix 0xffff880250ea0f00 0t0 1436 /dev/log systemd-j 263 root 5u

On 10/14/2015 07:09 AM, C.L. Martinez wrote: > Uhmm ... that is not what I expect: > > lsof: WARNING: can't stat() fuse.gvfsd-fuse file system > /run/user/1000/gvfs > Output information may be incomplete. > COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME > systemd 1 root 27u unix 0xffff880250ea0f00 0t0 1436 /dev/log > systemd-j

On 10/14/2015 06:42 PM, Gordon Messmer wrote: > On 10/14/2015 07:09 AM, C.L. Martinez wrote: >> Uhmm ... that is not what I expect: >> >> lsof: WARNING: can't stat() fuse.gvfsd-fuse file system >> /run/user/1000/gvfs >> Output information may be incomplete. >> COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME >> systemd

Hello, I recently upgraded a server from CentOS 6.2 to 6.3 I found a change in the behavior of rsyslog's configuration file that I found particularly interesting. The "$PreserveFQDN on" directive was not being recognized as the config remained unchanged during the upgrade. This incorrect behavior caused the host to syslog with only the host name and not it's fully qualified

centos 6.4, setup to be syslog server. Doing remote syslog using tcp works fine, so now want to add relp. I installed the rsyslog-relp package and told rsyslog.conf to use it: # RELP Syslog Server: $ModLoad imrelp # provides RELP syslog reception $InputRELPServerRun 20514 when I restart rsyslog I am told it does not like my InputRELPServerRun line: Oct 28 13:43:54 scan rsyslogd: [origin

This is a similar post to one I've made on the rsyslog list that has received no responses after four days, so I figured I'd try here since the problem seems to be CentOS specific. This is also my second attempt to send it to this list as the first seems to have never showed up. I am trying to test remote logging between two CentOS 6.3 systems and unable to get the client logs to show up

TODO: Fix selinux :P --- Makefile.am | 1 + ovirt-node.spec.in | 3 ++ scripts/ovirt | 3 ++ scripts/ovirt-managed-rsyslog | 72 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 79 insertions(+), 0 deletions(-) create mode 100755 scripts/ovirt-managed-rsyslog diff --git a/Makefile.am b/Makefile.am index 0374f07..5201a79 100644

Nodes will use rsyslog to forward their logs to the server in /var/log/remote. --- installer/modules/ovirt/files/rsyslog.conf | 65 ++++++++++++++++++++ installer/modules/ovirt/manifests/ovirt.pp | 26 ++++++++ .../modules/ovirt/templates/ovirt-dns.conf.erb | 1 + ovirt-server.spec.in | 3 + scripts/ovirt-rsyslog-kerbsetup

I have several network appliances, and I want aggregate their syslog output for later analysis. Eventually I might think about a Splunk box, but for the interim I'm hoping to just build a CentOS 6 syslog server and have it aggregate everything on it for quick review. I installed rsyslog and am looking through the /etc/rsyslog.conf file for what I configure to (a) listen for syslog input from

Adds rsyslog configaration module --- scripts/logging.py | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 89 insertions(+), 0 deletions(-) create mode 100755 scripts/logging.py diff --git a/scripts/logging.py b/scripts/logging.py new file mode 100755 index 0000000..6a32b7a --- /dev/null +++ b/scripts/logging.py @@ -0,0 +1,89 @@ +#!/usr/bin/python +# +# Configures

Hi all, Somebody knows how can I bind rsyslogd to a specific ip adress?? I have two different interfaces on a centos5.5 host and I need to bind rsyslog to only one. Thanks. -- CL Martinez carlopmart {at} gmail {d0t} com

Hello All, Does the rsyslog version in CentOS 5 support expression based filters? I'm asking because a filter I believe should be working, isn't and I cannot figure out why. I'm trying to get the following expression working (might wrap): if $source == 'astappsrv2' and $programname == 'asterisk' then /var/log/asterisk/astappsrv2.log Every time I restart rsyslog, I

And no sooner do I send the email than I spot the problem. Oops! Sorry about that. The sshd_config needed to contain a different internal-sftp line: Match User test-sftp-only ChrootDirectory /home/sftp/mcsosftp ForceCommand internal-sftp -f AUTHPRIV -l INFO PasswordAuthentication no AuthorizedKeysCommand /usr/local/bin/get_sftp_key That's gotten

I have an rsyslog server which is running Debian Stable, and its version of rsyslog is 4.6.4-2. All of my Debian Stable server can send log to it now. and run both nc $IP $PORT <<< "HELLO" and echo "HELLO" | nc $IP $PORT on client, I can get log on the server. While for my CentOS 5.7 server, nc $IP $PORT <<< "HELLO" works well, but echo

Hello everyone, We have some chrooted sftp-only users on a CentOS release 6.6 server. The server had been logging their actions, but after recent updates the logs have stopped. The server correctly logs non-chrooted users: Sep 14 17:47:24 vsecure4 sshd[1981]: Accepted publickey for jcours from 192.168.10.166 port 42545 ssh2 Sep 14 17:47:24 vsecure4 sshd[1981]: pam_unix(sshd:session):

Hello, I am in the process of getting Allegiance (http://www.freeallegiance.org/) [R5rev483 (http://freeallegiance.sourceforge.net/pub/AllSrv_R5rev480.exe)] (AppDB entry (http://appdb.winehq.org/objectManager.php?sClass=application&iId=6586) - this entry is not current) to work under Wine. The game itself runs decent but will not connect to a lobby server. Also, when I attempt to run a

I've setup my rsyslog server to forward traffic to another rsyslog server on my network. It's using gTLS to encrypt the messages in transit. selinux is not allowing rsyslogd to read the certificates. They are world readable, so I don't think that is the problem. When I turn selinux mode to permissive, it works fine. What context should the ssl certificates be in for rsyslog to be

The system is an AWS Instance based on a community CentOS 6.4 AMI snapshot. The vdisk is as follows as shown below [1] The root LVM contains /var/log/ I have attached another block device with ext4 FS. I copied the files from /var/log to this device (mounted on /mnt) and then changed /etc/fstab to mount this device on /var/log on boot. However, I do not see anything being logged in

So I was having an issue with rsyslog in one of my centos 6.6 hosts: [root at scan ~]# /etc/init.d/rsyslog start Starting system logger: *** glibc detected *** /sbin/rsyslogd: double free or corruption (fasttop): 0x00007f80cc3da880 *** ======= Backtrace: ========= /lib64/libc.so.6(+0x75e66)[0x7f80c9210e66] /usr/lib64/librelp.so.0(relpTcpDestruct+0x5f)[0x7f80c7f1a9bf]