Displaying 20 results from an estimated 90000 matches similar to: "Rsyslog warning"
2018 Sep 07
1
rsyslog listening on high port
On Thu, 2018-09-06 at 15:10 -0400, Mike Burger wrote:
> On 2018-09-06 14:06, Adam Tauno Williams wrote:
> > Attempting to lookup why rsyslogd is listening on the high port
> > UDP/51427.????Have not succeeded in what this port is used for and
> > what directive controls what interface it binds to.
> > [root at bedrock ~]# netstat --listen --inet --program --numeric |
2013 Oct 28
1
rsyslog not loading relp
centos 6.4, setup to be syslog server. Doing remote syslog using tcp
works fine, so now want to add relp. I installed the rsyslog-relp
package and told rsyslog.conf to use it:
# RELP Syslog Server:
$ModLoad imrelp # provides RELP syslog reception
$InputRELPServerRun 20514
when I restart rsyslog I am told it does not like my InputRELPServerRun line:
Oct 28 13:43:54 scan rsyslogd: [origin
2016 Apr 17
1
Rsyslog problems
Hi,
My rsyslog is not working as expected.
I have some thing in rsyslog.d that do well, like this:
# Log all iptables stuff separately
:msg, contains, "iptables: " {
action(type="omfile" file="/var/log/iptraf/info")
}
No problems with that.
Bu what's in /etc/rsyslog.conf like:
mail.* /var/log/mail/info
don't do anything at all.
Rsyslogd -N1 is OK,
2009 May 25
1
rsyslog expression based filters
Hello All,
Does the rsyslog version in CentOS 5 support expression based filters?
I'm asking because a filter I believe should be working, isn't and I
cannot figure out why.
I'm trying to get the following expression working (might wrap):
if $source == 'astappsrv2' and $programname == 'asterisk' then /var/log/asterisk/astappsrv2.log
Every time I restart rsyslog, I
2010 Jul 28
2
Bug#590684: [logcheck-database] rules for rsyslog
Package: logcheck-database
Severity: wishlist
Tags: patch
Hi,
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: imklog 3\.18\.6, log
source = /proc/kmsg started\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ rsyslogd: \[origin
software="rsyslogd" swVersion="3.18.6" x-pid="[[:digit:]]+"
x-info="http://www.rsyslog.com"\] restart$
Hendrik
--
Hendrik Jaeger
2015 Sep 15
0
rsyslog for chrooted sftp users has stopped working -- Centos 6.6
And no sooner do I send the email than I spot the problem. Oops! Sorry
about that.
The sshd_config needed to contain a different internal-sftp line:
Match User test-sftp-only
ChrootDirectory /home/sftp/mcsosftp
ForceCommand internal-sftp -f AUTHPRIV -l INFO
PasswordAuthentication no
AuthorizedKeysCommand /usr/local/bin/get_sftp_key
That's gotten
2015 Sep 15
2
rsyslog for chrooted sftp users has stopped working -- Centos 6.6
Hello everyone,
We have some chrooted sftp-only users on a CentOS release 6.6 server. The
server had been logging their actions, but after recent updates the logs
have stopped.
The server correctly logs non-chrooted users:
Sep 14 17:47:24 vsecure4 sshd[1981]: Accepted publickey for jcours from
192.168.10.166 port 42545 ssh2
Sep 14 17:47:24 vsecure4 sshd[1981]: pam_unix(sshd:session):
2018 Sep 07
0
rsyslog listening on high port
On Thu, Sep 06, 2018 at 02:06:37PM -0400, Adam Tauno Williams wrote:
>
> Attempting to lookup why rsyslogd is listening on the high port
> UDP/51427. Have not succeeded in what this port is used for and what
> directive controls what interface it binds to.
>
> [root at bedrock ~]# netstat --listen --inet --program --numeric | grep syslog
> udp??0??0
2010 Dec 15
0
Rsyslog weirdness
I just noticed that on one CentOS 5 server the logs messages, maillog
and a couple of others have been blank for a couple of weeks!
I tracked down the error to /etc/sysconfig/rsyslogd
There was a line
SYSLOGD_OPTIONS="-c3"
I googled that -c3 defines the "version" or "compatibility mode", and
with 3 it means "rsyslog v3 native interface".
When I removed
2018 Sep 06
6
rsyslog listening on high port
Attempting to lookup why rsyslogd is listening on the high port
UDP/51427. Have not succeeded in what this port is used for and what
directive controls what interface it binds to.
[root at bedrock ~]# netstat --listen --inet --program --numeric | grep syslog
udp??0??0 0.0.0.0:51427??0.0.0.0:*???66655/rsyslogd?
--
Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383
2018 Sep 06
0
rsyslog listening on high port
On 2018-09-06 14:06, Adam Tauno Williams wrote:
> Attempting to lookup why rsyslogd is listening on the high port
> UDP/51427. Have not succeeded in what this port is used for and what
> directive controls what interface it binds to.
>
> [root at bedrock ~]# netstat --listen --inet --program --numeric | grep
> syslog
> udp??0??0 0.0.0.0:51427??0.0.0.0:*???66655/rsyslogd?
2018 Feb 13
1
selinux policy with rsyslog and tls/certs
I've setup my rsyslog server to forward traffic to another rsyslog
server on my network. It's using gTLS to encrypt the messages in transit.
selinux is not allowing rsyslogd to read the certificates. They are
world readable, so I don't think that is the problem. When I turn
selinux mode to permissive, it works fine.
What context should the ssl certificates be in for rsyslog to be
2014 Aug 06
1
rsyslog does not log on a separate partition/FS mounted on /var/log/
The system is an AWS Instance based on a community CentOS 6.4 AMI snapshot.
The vdisk is as follows as shown below [1]
The root LVM contains /var/log/
I have attached another block device with ext4 FS.
I copied the files from /var/log to this device (mounted on /mnt) and
then changed
/etc/fstab to mount this device on /var/log on boot.
However, I do not see anything being logged in
2016 Apr 26
2
systemd-journald corruption
Once upon a time, Chris Murphy <lists at colorremedies.com> said:
> On Tue, Apr 26, 2016, 2:09 PM Chris Adams <linux at cmadams.net> wrote:
> > I have several recently-installed CentOS 7 servers that keep having
> > systemd-journald corruption
>
> Determined with 'journalctl --verify' or another way?
I get messages like this in dmesg:
[4756650.489117]
2015 Mar 16
0
rsyslog 5.8.10 crashing on centos 6.6 due to relp
So I was having an issue with rsyslog in one of my centos 6.6 hosts:
[root at scan ~]# /etc/init.d/rsyslog start
Starting system logger: *** glibc detected *** /sbin/rsyslogd: double
free or corruption (fasttop): 0x00007f80cc3da880 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x75e66)[0x7f80c9210e66]
/usr/lib64/librelp.so.0(relpTcpDestruct+0x5f)[0x7f80c7f1a9bf]
2012 Jul 11
0
[CentOS 6.3] rsyslog 5.8.10-2 - PreserveFQDN directive ignored
Hello,
I recently upgraded a server from CentOS 6.2 to 6.3
I found a change in the behavior of rsyslog's configuration file that
I found particularly interesting.
The "$PreserveFQDN on" directive was not being recognized as the
config remained unchanged during the upgrade. This incorrect behavior
caused the host to syslog with only the host name and not it's fully
qualified
2013 Feb 19
1
remote logging with rsyslog
This is a similar post to one I've made on the rsyslog list that has received
no responses after four days, so I figured I'd try here since the problem
seems to be CentOS specific. This is also my second attempt to send it to
this list as the first seems to have never showed up.
I am trying to test remote logging between two CentOS 6.3 systems and unable
to get the client logs to show up
2016 Jan 21
1
CentOS 7 magically rebooted!
CentOS Linux release 7.2.1511 (Core)
Hi,
Last night our CentOS 7 server rebooted. Seemingly it's a very clean reboot. I can't find a shred of
evidence as to why it happened though.
Things I've checked:
* sa reports
* /var/log/{messages,secure,dmesg,cron}
* /var/log/audit/audit.log
* lastlog
The host is used for KVM virtualisation and connects via multipathing to our OmniOS SAN via
2011 Apr 16
0
Bug#623058: logcheck: tweak 'rsyslogd was HUPed' filter
Package: logcheck
Version: 1.3.13
Severity: minor
Tags: patch
Hi,
Logcheck reports messages of the form:
Mar 15 06:25:26 foohost rsyslogd: [origin software="rsyslogd" swVersion="5.7.6" x-pid="3301" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
I suggest the following tweak to /etc/logcheck/ignore.d.server/rsyslog:
diff -u
2019 Jan 21
2
libvirt 5.0.0 - LXC container still in "virsh list" output after shutdown
Hello.
Centos 7.6 with libvirt build from base "virt" repository:
libvirt-daemon-driver-lxc-5.0.0-1.el7.x86_64
libvirt-client-5.0.0-1.el7.x86_64
libvirt-daemon-5.0.0-1.el7.x86_64
libvirt-daemon-driver-network-5.0.0-1.el7.x86_64
libvirt-libs-5.0.0-1.el7.x86_64
+
systemd-219-62.el7_6.2.x86_64
Now lxc containers with type='direct' can be started, but can't be stopped :)