similar to: Rsyslog warning

On Thu, 2018-09-06 at 15:10 -0400, Mike Burger wrote: > On 2018-09-06 14:06, Adam Tauno Williams wrote: > > Attempting to lookup why rsyslogd is listening on the high port > > UDP/51427.????Have not succeeded in what this port is used for and > > what directive controls what interface it binds to. > > [root at bedrock ~]# netstat --listen --inet --program --numeric |

centos 6.4, setup to be syslog server. Doing remote syslog using tcp works fine, so now want to add relp. I installed the rsyslog-relp package and told rsyslog.conf to use it: # RELP Syslog Server: $ModLoad imrelp # provides RELP syslog reception $InputRELPServerRun 20514 when I restart rsyslog I am told it does not like my InputRELPServerRun line: Oct 28 13:43:54 scan rsyslogd: [origin

Hi, My rsyslog is not working as expected. I have some thing in rsyslog.d that do well, like this: # Log all iptables stuff separately :msg, contains, "iptables: " { action(type="omfile" file="/var/log/iptraf/info") } No problems with that. Bu what's in /etc/rsyslog.conf like: mail.* /var/log/mail/info don't do anything at all. Rsyslogd -N1 is OK,

Hello All, Does the rsyslog version in CentOS 5 support expression based filters? I'm asking because a filter I believe should be working, isn't and I cannot figure out why. I'm trying to get the following expression working (might wrap): if $source == 'astappsrv2' and $programname == 'asterisk' then /var/log/asterisk/astappsrv2.log Every time I restart rsyslog, I

Package: logcheck-database Severity: wishlist Tags: patch Hi, ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: imklog 3\.18\.6, log source = /proc/kmsg started\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ rsyslogd: \[origin software="rsyslogd" swVersion="3.18.6" x-pid="[[:digit:]]+" x-info="http://www.rsyslog.com"\] restart$ Hendrik -- Hendrik Jaeger

And no sooner do I send the email than I spot the problem. Oops! Sorry about that. The sshd_config needed to contain a different internal-sftp line: Match User test-sftp-only ChrootDirectory /home/sftp/mcsosftp ForceCommand internal-sftp -f AUTHPRIV -l INFO PasswordAuthentication no AuthorizedKeysCommand /usr/local/bin/get_sftp_key That's gotten

Hello everyone, We have some chrooted sftp-only users on a CentOS release 6.6 server. The server had been logging their actions, but after recent updates the logs have stopped. The server correctly logs non-chrooted users: Sep 14 17:47:24 vsecure4 sshd[1981]: Accepted publickey for jcours from 192.168.10.166 port 42545 ssh2 Sep 14 17:47:24 vsecure4 sshd[1981]: pam_unix(sshd:session):

On Thu, Sep 06, 2018 at 02:06:37PM -0400, Adam Tauno Williams wrote: > > Attempting to lookup why rsyslogd is listening on the high port > UDP/51427. Have not succeeded in what this port is used for and what > directive controls what interface it binds to. > > [root at bedrock ~]# netstat --listen --inet --program --numeric | grep syslog > udp??0??0

I just noticed that on one CentOS 5 server the logs messages, maillog and a couple of others have been blank for a couple of weeks! I tracked down the error to /etc/sysconfig/rsyslogd There was a line SYSLOGD_OPTIONS="-c3" I googled that -c3 defines the "version" or "compatibility mode", and with 3 it means "rsyslog v3 native interface". When I removed

Attempting to lookup why rsyslogd is listening on the high port UDP/51427. Have not succeeded in what this port is used for and what directive controls what interface it binds to. [root at bedrock ~]# netstat --listen --inet --program --numeric | grep syslog udp??0??0 0.0.0.0:51427??0.0.0.0:*???66655/rsyslogd? -- Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383

On 2018-09-06 14:06, Adam Tauno Williams wrote: > Attempting to lookup why rsyslogd is listening on the high port > UDP/51427. Have not succeeded in what this port is used for and what > directive controls what interface it binds to. > > [root at bedrock ~]# netstat --listen --inet --program --numeric | grep > syslog > udp??0??0 0.0.0.0:51427??0.0.0.0:*???66655/rsyslogd?

I've setup my rsyslog server to forward traffic to another rsyslog server on my network. It's using gTLS to encrypt the messages in transit. selinux is not allowing rsyslogd to read the certificates. They are world readable, so I don't think that is the problem. When I turn selinux mode to permissive, it works fine. What context should the ssl certificates be in for rsyslog to be

The system is an AWS Instance based on a community CentOS 6.4 AMI snapshot. The vdisk is as follows as shown below [1] The root LVM contains /var/log/ I have attached another block device with ext4 FS. I copied the files from /var/log to this device (mounted on /mnt) and then changed /etc/fstab to mount this device on /var/log on boot. However, I do not see anything being logged in

Once upon a time, Chris Murphy <lists at colorremedies.com> said: > On Tue, Apr 26, 2016, 2:09 PM Chris Adams <linux at cmadams.net> wrote: > > I have several recently-installed CentOS 7 servers that keep having > > systemd-journald corruption > > Determined with 'journalctl --verify' or another way? I get messages like this in dmesg: [4756650.489117]

So I was having an issue with rsyslog in one of my centos 6.6 hosts: [root at scan ~]# /etc/init.d/rsyslog start Starting system logger: *** glibc detected *** /sbin/rsyslogd: double free or corruption (fasttop): 0x00007f80cc3da880 *** ======= Backtrace: ========= /lib64/libc.so.6(+0x75e66)[0x7f80c9210e66] /usr/lib64/librelp.so.0(relpTcpDestruct+0x5f)[0x7f80c7f1a9bf]

Hello, I recently upgraded a server from CentOS 6.2 to 6.3 I found a change in the behavior of rsyslog's configuration file that I found particularly interesting. The "$PreserveFQDN on" directive was not being recognized as the config remained unchanged during the upgrade. This incorrect behavior caused the host to syslog with only the host name and not it's fully qualified

This is a similar post to one I've made on the rsyslog list that has received no responses after four days, so I figured I'd try here since the problem seems to be CentOS specific. This is also my second attempt to send it to this list as the first seems to have never showed up. I am trying to test remote logging between two CentOS 6.3 systems and unable to get the client logs to show up

CentOS Linux release 7.2.1511 (Core) Hi, Last night our CentOS 7 server rebooted. Seemingly it's a very clean reboot. I can't find a shred of evidence as to why it happened though. Things I've checked: * sa reports * /var/log/{messages,secure,dmesg,cron} * /var/log/audit/audit.log * lastlog The host is used for KVM virtualisation and connects via multipathing to our OmniOS SAN via

Package: logcheck Version: 1.3.13 Severity: minor Tags: patch Hi, Logcheck reports messages of the form: Mar 15 06:25:26 foohost rsyslogd: [origin software="rsyslogd" swVersion="5.7.6" x-pid="3301" x-info="http://www.rsyslog.com"] rsyslogd was HUPed I suggest the following tweak to /etc/logcheck/ignore.d.server/rsyslog: diff -u

Hello. Centos 7.6 with libvirt build from base "virt" repository: libvirt-daemon-driver-lxc-5.0.0-1.el7.x86_64 libvirt-client-5.0.0-1.el7.x86_64 libvirt-daemon-5.0.0-1.el7.x86_64 libvirt-daemon-driver-network-5.0.0-1.el7.x86_64 libvirt-libs-5.0.0-1.el7.x86_64 + systemd-219-62.el7_6.2.x86_64 Now lxc containers with type='direct' can be started, but can't be stopped :)