Questions tagged [rsyslog]
Questions regarding rsyslog, a multi-threaded system and kernel logging daemon.
138
questions
44
votes
6
answers
27k
views
Is there a way to keep UFW logging out of dmesg?
There are comments in the /etc/rsyslog.d/20-ufw.conf file that give you the option to keep UFW-events from being logged to the kernel and message logs, which i have done.
I would really like to get ...
- 943
28
votes
2
answers
17k
views
Relationship of rsyslog and journald on Ubuntu 16.04
I am running what is a vanilla Ubuntu 16.04 server, and I'm trying to wrap my head around how logging is set up by default. I can see that both journald and rsyslog are installed and running, but it's ...
- 383
19
votes
2
answers
61k
views
difference between rsyslogd and syslogd
I was trying to implement some changes to syslogd on Ubuntu 10.04.02 LTS (Server edition). I found /etc/syslog.conf is not present on system, instead I have /etc/rsyslogd.d/*.conf. syslogd can be ...
- 3,123
18
votes
2
answers
148k
views
How do I configure rsyslog to send logs from a specific program to a remote syslog server?
I have a program which outputs to syslog with a given tag/program name. I'd like to be able to filter syslog traffic from that program and send it to a remote syslog server, leaving all other syslog ...
- 283
17
votes
1
answer
26k
views
syslog not showing log levels in messages
Here is sample output of my syslog messages in /var/log/syslog:
Nov 15 20:20:48 ubuntu winbindd[915]: [2011/11/15 20:20:48.940063, 0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db)
Nov 15 20:20:48 ...
- 325
14
votes
2
answers
12k
views
Accidentally deleted /var/log/syslog
I accidentally deleted /var/log/syslog and now I can't get rsyslog working.
I was googling, I tried everything I found. To be precise:
I created syslog with touch.
Then I set chmod and chown ...
- 443
13
votes
7
answers
24k
views
UFW is not logging how do I troubleshoot?
I have set logging to high.
I am not seeing any log messages.
I do see the empty ufw.log file.
No messages in dmesg
- 586
12
votes
1
answer
14k
views
Missing /dev/xconsole causes rsyslog to stop as well as all other services
I'm running Ubuntu-10.04.04LTS in Hyper-V environments. I found that SSH, HTTP or any other service else stopped because the rsyslog daemon had died with the message unable to find the /dev/xconsole ...
- 121
11
votes
3
answers
27k
views
could not load module rsyslog lmnsd_gtls.so
The rsyslog module is showing up in system log /var/log/syslog as message repeated. rsyslog was also showing 99% cpu use in top at one point, possibly unrelated.
tail /var/log/syslog
Dec 1 22:18:...
- 1,252
11
votes
1
answer
4k
views
What does the minus sign at the beginning of a log file directory mean?
I just started to learn linux with Ubuntu 18.04. When I was reading the config file for rsyslog: /etc/rsyslog.d/50-default.conf , I found that some of the log file directories are having minus signs ...
- 121
11
votes
2
answers
10k
views
Where do log messages go with journald and rsyslog
On Ubuntu 18.04 both journald and rsyslog are installed. Both serve the same purpose of collecting log messages and storing them. So we have two programs doing the same work here.
What I could find ...
- 998
10
votes
1
answer
21k
views
rsyslogd using 100% cpu on ubuntu 14.04
On my ubuntu 14.04 rsyslogd is using 100% of my CPU (both cores).
Even after some google searching I were not able to figure out why rsyslogd is using all of the cpu capacity all the time.
The ...
- 7,453
9
votes
2
answers
24k
views
Every few minutes rsyslog outputs - rsyslogd: action 'action 3' resumed (module 'builtin:omfile') [v8.32.0 try http://www.rsyslog.com/e/2359 ]
Since my update to 18.04.1 last week from 16.04.5 I've been seeing this in my syslog every few minutes:
Aug 19 19:22:02 localhost rsyslogd: action 'action 3' resumed (module 'builtin:omfile') [v8.32....
- 501
9
votes
2
answers
2k
views
asynchronous logging via rsyslogd(8) and write buffer increase
On a pretty high traffic web site running in virtual containers (VMware) and lacking local storage, we've managed to increase throughput (requests per second) significantly by switching from logging ...
- 2,833
8
votes
2
answers
17k
views
Purpose of "postrotate invoke-rc.d rsyslog rotate" when logrotating, and is this command outdated?
When using logrotate to keep log files rotating, I have seen
postrotate
invoke-rc.d rsyslog rotate > /dev/null
endscript
I know postrotate makes bash execute the following command ...
- 1,659
6
votes
1
answer
21k
views
Package rsyslog is not configured yet
Since upgrading to 12.04 from 8.04->10.04 I can no longer upgrade or install new packages.
I do get a large number of errors, but the first is the resyslog:
root@sub:~# apt-get -f install
Reading ...
- 524
6
votes
2
answers
3k
views
Rewriting logs received via syslog from another machine
I have Machine A, which is a pfsense installation, that sends logs via syslog to a Ubuntu box. The Ubuntu Box will have to rewrite the logs, to replace for instance host names and change format a bit. ...
- 22.8k
6
votes
2
answers
8k
views
No /var/log/syslog file after moving /var/log to tmpfs
To avoid useless write to my SSD I've moved /var/log (and /tmp) to RAM via /etc/fstab:
cat >> /etc/fstab <<'EOT'
tmpfs /tmp tmpfs defaults,size=1g ...
- 161
6
votes
1
answer
17k
views
how to configure rsyslog to send file from specific program to specific location on remote server
I want to configure rsyslog on a centralised server so that all the logs of clients are stored at one place now the problem I'm having is I dont know how to implement rsyslog so that it creates logs ...
- 4,255
5
votes
2
answers
20k
views
How to include millisecond in syslogs?
I have configured rsyslog.conf file in /etc to include my own logs as syslogs in a file at /var/logs.
But after opening the file I got this:
Jun 5 10:09:09 lab-Altos-G330-Mk2 slog[19689]: Hello1
Jun ...
- 151
5
votes
1
answer
11k
views
How to set size for system log
My server dumps because of huge system log files. I've heard that we could limit the size of system log by adding such a line size 100m into the file /etc/logrotate.d/rsyslog to do so.
Now my /etc/...
- 1,308
5
votes
1
answer
14k
views
rsyslog not rotating at fixed file size
I am trying to create a separate log file for a application in Linux. So far I have created a .conf script to separate log in custom log file based on program name and it's working correctly.
But, I ...
- 51
4
votes
2
answers
22k
views
How do I setup OpenVPN to rotate logs?
I would like to rotate my openvpn logs. How can I accomplish this?
- 7,309
4
votes
3
answers
646
views
Why doesn't chkrootkit test syslogd?
When I scan my machine with chkrootkit I notice that it always says for one of them:
Checking `syslogd'... not tested
Why is this not tested for? Should this be ...
user364819
4
votes
1
answer
1k
views
Both journald and rsyslog are running
Since the migration to Ubuntu 15.04 both journald and rsyslog are installed and running.
I'm wondering if this is by design or if rsyslog might not have been uninstalled by accident?
Can I uninstall ...
- 740
4
votes
3
answers
16k
views
rsyslog template date/time format with seconds
My current template configuration of rsyslog looks like this:
/etc/rsyslog.d/00-samba-audit.conf
template(name="sambalog" type="string"
string="%$year%-%$month%-%$day% %$hour%:%$minute% %HOSTNAME% %...
- 361
4
votes
1
answer
22k
views
rsyslog filter by tag
I would like to create a rsyslogd config file that filter the syslog for specific tag and outputs this tag to a specific file.
I create a rule file under /etc/rsyslog.d
# Log kernel generated UFW ...
- 73
4
votes
2
answers
22k
views
Rsyslog filter for logging router events (syslog server)
I am trying to configure rsyslog (Ubuntu 12.04 Server) to log events from a router. I found this old ubuntu forum post which got me most of the way there.
So far I am able to get the events logged ...
- 5,409
4
votes
1
answer
5k
views
How to use rsyslog?
I've been scouring forums for a few hours and cannot find a concrete explanation on how to use rsyslog. I really just need the basics.
I have a log file logFile.log and I want to forward the logs to ...
- 2,915
4
votes
1
answer
2k
views
Rsyslog doesn't log TCP after upgrade from 10.04 to 12.04
I was using Ubuntu 10.04 until last week for storing the log informations of a external device with rsyslog.
After upgrading to Ubuntu 12.4 the logging of TCP doesn't works any more. There are just ...
- 41
4
votes
1
answer
1k
views
Default to adm group for upstart logs
This bug suggests that on 12.04, the default permissions for upstart logs do not allow rsyslogd to read them:
https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/1074564
That is the logs need to ...
- 383
4
votes
0
answers
439
views
Syslog full of spam, slowing down PC
I recently upgraded my Desktop and Laptop to Ubuntu 21.04 and my logs are completely filled with message from gnome-shell, kernel and other programs.
I have appropriate filers in /etc/rsyslog.d/30-...
3
votes
4
answers
6k
views
rsyslogd using 197% CPU for the past few days
I'm running Natty server on the rackspace cloud and rsyslogd as been churning away usin 197% CPU (quad core machine I believe) for the past few days. Is there anything I can do to figure out what is ...
- 133
3
votes
1
answer
4k
views
Moving log location for Tomcat 9 on Ubuntu 18.04
On a fresh instance in AWS of Ubuntu 18.04, I have installed tomcat9 through apt. I'm replacing a 14.04 Ubuntu install where i was running tomcat7. Due to the nature of my application, I have a very ...
- 171
3
votes
1
answer
12k
views
How can I configure logrotate without having `/etc/logrotate.d/rsyslog`?
I am trying to configure log rotation on my Ubuntu machine so that logs are rotated every day and kept for 14 days. Most tutorials I find, such as this one, mention that I should modify /etc/logrotate....
- 819
3
votes
1
answer
5k
views
Redirect iptables logging to another logfile
I have followed the recipe by @Gilles in this answer. I succeeded, but the problem is that the iptables logging now goes into 3 log files, syslog, kern.log and iptables.log.
Ideally, I want the ...
- 203
3
votes
1
answer
6k
views
How to start up rsyslog automatically?
Check current status of rsyslog
$ chkconfig --list rsyslog
rsyslog 0:off 1:off 2:off 3:off 4:off 5:off 6:off
Start up rsyslog at some levels
$ sudo chkconfig --level 35 ...
3
votes
1
answer
24k
views
Rsyslog not forwarding specific log file to remote server
I am going insane trying to get rsyslog to send a specific logfile to a remote server over UDP.
This is the rsyslog.conf file for the sending server:
# /etc/rsyslog.conf Configuration file for ...
- 153
2
votes
1
answer
6k
views
How to specific "alert" or "info" with logger command in Ubuntu 16.04?
I am using a software F, installed on PC named A (192.168.6.5) (running Windows) for receiving log (rsyslog) from a remote Ubuntu 14.04 server B (192.168.6.6). In F, I can see logs from B with types ...
- 297
2
votes
1
answer
704
views
Could rsyslog be purging log files?
Today I found a lot of log files empty, these were:
/var/log/auth.log
/var/log/syslog
/var/log/daemon.log
/var/log/kern.log
/var/log/mail.log
/var/log/user.log
/var/log/mail.info
/var/log/mail.warn
/...
- 261
2
votes
1
answer
3k
views
Replacing rsyslog with syslog-ng depends sylog-ng-core
I am trying to replace the default syslog by syslog-ng.
syslog-ng is our standard and we want to use that syslog agent.
root@VirtualBox:~# apt-get install syslog-ng
Reading package lists... Done
...
user185396
2
votes
1
answer
4k
views
vsftpd cant log in with syslog_enable=YES
Hi guys I want to send my ftp logs to a syslog server, so I tried to enable syslog. But when I set syslog_enable to YES I cant use my FTP Server at all. I am getting this error message:
500 OOPS: ...
- 403
2
votes
1
answer
457
views
How do I find a package that contains a given module?
How do I find which package contains a given module ? I had a missing module in /usr/lib/ , and was trying to figure out which package would fix the problem using apt-get
The error was in /var/log/...
- 1,252
2
votes
3
answers
3k
views
How to stop Dovecot from logging to syslog
I'm running Ubuntu 16.04 with the packaged Dovecot for imap and Roundcube for its web interface. Everything's working dandy except I can't get Dovecot to stop logging imap logins and imap logouts to ...
- 2,453
2
votes
1
answer
1k
views
Setup an extra, non-root syslog server as a systemd service
I want to create a systemd service, which would start an extra instance of syslog (I assume rsyslogd, as this seems to be what's installed on my Xenial?). I want it to listen on specified socket (...
- 351
2
votes
1
answer
81
views
Sporadic messages output to console after logging in
Coming right from a fresh install of Ubuntu 14.04 Minimal/Netboot (plus some small utilities like acpid, wicd-curses, etc.), after logging in, I occasionally get floating messages (the kind typically ...
- 255
2
votes
2
answers
3k
views
Setting a size limit for current syslog
Based on other threads, the only way to set a size limit on current syslog (/var/log/syslog) seems to be via rsyslog which is a bit tricky. I ended up replacing the line below in /etc/rsyslog.d/50-...
- 21
2
votes
0
answers
3k
views
How to enable /var/log/debug in Ubuntu 20.04?
How to enable debug logging that will be written to in /var/log/debug?
There is a piece of configuration related to debug in /etc/rsyslog.d/50-default.conf:
#
# Some "catch-all" log files.
#
...
- 21
2
votes
0
answers
670
views
Logrotate not doing his job, hdd full because of logs
I have a small microSD ( 3GB ) on a ARM Samsung Artik, with Ubuntu installed.
I have installed syslog-ng and Logrotate to manage my logs, because otherwise my memory get filled quickly.
My problem ...
2
votes
1
answer
2k
views
Systemd service script not logging during shutdown
Background
NetworkManager doesn't run dispatcher.d/pre-down.d scripts, so I have created a systemd-service script. It is working well during startup and shutdown, but during shutdown it doesn't write ...
user767376