similar to: selinux policy with rsyslog and tls/certs

centos 6.4, setup to be syslog server. Doing remote syslog using tcp works fine, so now want to add relp. I installed the rsyslog-relp package and told rsyslog.conf to use it: # RELP Syslog Server: $ModLoad imrelp # provides RELP syslog reception $InputRELPServerRun 20514 when I restart rsyslog I am told it does not like my InputRELPServerRun line: Oct 28 13:43:54 scan rsyslogd: [origin

Hi, My rsyslog is not working as expected. I have some thing in rsyslog.d that do well, like this: # Log all iptables stuff separately :msg, contains, "iptables: " { action(type="omfile" file="/var/log/iptraf/info") } No problems with that. Bu what's in /etc/rsyslog.conf like: mail.* /var/log/mail/info don't do anything at all. Rsyslogd -N1 is OK,

Hello everyone, We have some chrooted sftp-only users on a CentOS release 6.6 server. The server had been logging their actions, but after recent updates the logs have stopped. The server correctly logs non-chrooted users: Sep 14 17:47:24 vsecure4 sshd[1981]: Accepted publickey for jcours from 192.168.10.166 port 42545 ssh2 Sep 14 17:47:24 vsecure4 sshd[1981]: pam_unix(sshd:session):

Package: logcheck-database Severity: wishlist Tags: patch Hi, ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: imklog 3\.18\.6, log source = /proc/kmsg started\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ rsyslogd: \[origin software="rsyslogd" swVersion="3.18.6" x-pid="[[:digit:]]+" x-info="http://www.rsyslog.com"\] restart$ Hendrik -- Hendrik Jaeger

The system is an AWS Instance based on a community CentOS 6.4 AMI snapshot. The vdisk is as follows as shown below [1] The root LVM contains /var/log/ I have attached another block device with ext4 FS. I copied the files from /var/log to this device (mounted on /mnt) and then changed /etc/fstab to mount this device on /var/log on boot. However, I do not see anything being logged in

Attempting to lookup why rsyslogd is listening on the high port UDP/51427. Have not succeeded in what this port is used for and what directive controls what interface it binds to. [root at bedrock ~]# netstat --listen --inet --program --numeric | grep syslog udp??0??0 0.0.0.0:51427??0.0.0.0:*???66655/rsyslogd? -- Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383

Hello All, Does the rsyslog version in CentOS 5 support expression based filters? I'm asking because a filter I believe should be working, isn't and I cannot figure out why. I'm trying to get the following expression working (might wrap): if $source == 'astappsrv2' and $programname == 'asterisk' then /var/log/asterisk/astappsrv2.log Every time I restart rsyslog, I

Any SElinux expert here - briefly: # getenforce Enforcing # sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t <no output> # sesearch -ACR -s httpd_t -c file -p read |grep syslog_conf_t <no output> # ls -laZ /etc/sysctl.conf /etc/rsyslog.conf -rw-r--r--. root root system_u:object_r:syslog_conf_t:s0 /etc/rsyslog.conf -rw-r--r--. root root

Am 09.09.2018 um 14:49 schrieb Daniel Walsh <dwalsh at redhat.com>: > > On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote: >> Any SElinux expert here - briefly: >> >> # getenforce >> Enforcing >> >> # sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t >> <no output> >> >> # sesearch -ACR -s httpd_t -c file

Am 09.09.2018 um 16:19 schrieb Daniel Walsh <dwalsh at redhat.com>: > > On 09/09/2018 09:43 AM, Leon Fauster via CentOS wrote: >> Am 09.09.2018 um 14:49 schrieb Daniel Walsh <dwalsh at redhat.com>: >>> On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote: >>>> Any SElinux expert here - briefly: >>>> >>>> # getenforce

This is a similar post to one I've made on the rsyslog list that has received no responses after four days, so I figured I'd try here since the problem seems to be CentOS specific. This is also my second attempt to send it to this list as the first seems to have never showed up. I am trying to test remote logging between two CentOS 6.3 systems and unable to get the client logs to show up

Hi there, I am slightly confused by the RHEL release notes and an earlier thread here about rsyslogd, so I hope someone can clear this up for me; I see that rsyslog is included in RHEL as of 5.2 (and so will be available in CentOS when 5.2 is ready) however there is no indication of whether it has been made the default syslogger or not - is it an optional package or installed by default on a

Hi all, Somebody knows how can I bind rsyslogd to a specific ip adress?? I have two different interfaces on a centos5.5 host and I need to bind rsyslog to only one. Thanks. -- CL Martinez carlopmart {at} gmail {d0t} com

And no sooner do I send the email than I spot the problem. Oops! Sorry about that. The sshd_config needed to contain a different internal-sftp line: Match User test-sftp-only ChrootDirectory /home/sftp/mcsosftp ForceCommand internal-sftp -f AUTHPRIV -l INFO PasswordAuthentication no AuthorizedKeysCommand /usr/local/bin/get_sftp_key That's gotten

On Thu, 2018-09-06 at 15:10 -0400, Mike Burger wrote: > On 2018-09-06 14:06, Adam Tauno Williams wrote: > > Attempting to lookup why rsyslogd is listening on the high port > > UDP/51427.????Have not succeeded in what this port is used for and > > what directive controls what interface it binds to. > > [root at bedrock ~]# netstat --listen --inet --program --numeric |

I hoped I don't have to switch to syslog logging. Well, anyway. I changed 10-logging.conf: syslog_facility = uucp and commented out the other log lines. rsyslog.d/50-default.conf: uucp.debug -/var/log/dovecot/debug.log uucp.info -/var/log/dovecot/dovecot.log uucp.warn -/var/log/dovecot/warn.log uucp.err

On Thu, Sep 06, 2018 at 02:06:37PM -0400, Adam Tauno Williams wrote: > > Attempting to lookup why rsyslogd is listening on the high port > UDP/51427. Have not succeeded in what this port is used for and what > directive controls what interface it binds to. > > [root at bedrock ~]# netstat --listen --inet --program --numeric | grep syslog > udp??0??0

I have several recently-installed CentOS 7 servers that keep having systemd-journald corruption (which stops ALL logging, including syslog). Interestingly, they are all spam-scanning servers running amavisd-new (so could be some particular pattern is triggering it). Is there a "supported" way to just cut systemd-journald out of the picture and have log entries go straight to rsyslogd?

Hello, I recently upgraded a server from CentOS 6.2 to 6.3 I found a change in the behavior of rsyslog's configuration file that I found particularly interesting. The "$PreserveFQDN on" directive was not being recognized as the config remained unchanged during the upgrade. This incorrect behavior caused the host to syslog with only the host name and not it's fully qualified

So I was having an issue with rsyslog in one of my centos 6.6 hosts: [root at scan ~]# /etc/init.d/rsyslog start Starting system logger: *** glibc detected *** /sbin/rsyslogd: double free or corruption (fasttop): 0x00007f80cc3da880 *** ======= Backtrace: ========= /lib64/libc.so.6(+0x75e66)[0x7f80c9210e66] /usr/lib64/librelp.so.0(relpTcpDestruct+0x5f)[0x7f80c7f1a9bf]