Newest 'rsyslog' Questions - Stack Overflow

Questions tagged [rsyslog]

Rsyslog is enhanced syslogd with lot of enhanced features

0
votes
0answers
9 views

How to change syslog tag or use my custom tag in rsyslog?

How do I change default syslogtag like "propname[pid]" to my own label in order to distinguish log from different equipment? I want to collect a log from different equipment to a log server. I need ...
0
votes
0answers
19 views

rsyslog regex Expression-based Filters

I want to use a regex to filter the IP address and trigger template name 'DynFile', or 'HostnameDynFile'. Can anyone please advise? template (name="DynFile" type="string" string="/opt/log/%FROMHOST-...
0
votes
0answers
6 views

How to build rsyslog in Docker

I am trying to compile rsyslog with some extra outputs enabled and change where it looks for config and where it writes the PID. I have created this Dockerfile which gets through the configure step. ...
2
votes
1answer
50 views

The %procid% sometimes blank in rsyslog template

I'm trying to configure rsyslog to output in RFC5424 format. This means that the PROCID must be output in the syslog header. If there's no header, it should output a single dash (-) in its place. ...
0
votes
0answers
20 views

How to use parameter in omprog for bash script?

Can someone explains the following from rsyslog doc please? "In the following example, logs will be sent to a program log.sh located in /path/to. The program will receive the command line arguments ...
0
votes
0answers
16 views

rsyslog 8.34.0: could not load module '/usr/lib/rsyslog/omuxsock.so'

My project requires forwarding log using rsyslog to a socket. rsyslog provides omuxsock output module for the same. When I try to use it using standard example, I see below error. rsyslogd: could not ...
0
votes
0answers
35 views

Data flow from Nginx access log -> Rsyslog or Syslog -> Fluentd -> Kinesis

I am working on passing nginx access logs to Fluentd to aws kinesis to AWS S3 via kinesis firehose. nginx logs will be pushed to AWS Glacier during log rotation. I am at the initial steps where I ...
0
votes
0answers
15 views

How can I send a .log file from one Debian to another Linux OS?

I'm currently working on a project that involves a Honeypot which is generating events on a .log file. I want to send these events to a remote server. What is the easiest way to do this? I've been ...
0
votes
1answer
41 views

Enable Rsyslog with TLS to Graylog2

My problem is that I cannot get logs from my remote app to log to a Graylog2 input using TLS. The remote app was logging just fine before I attempted to enable TLS with self-signed certs so I am ...
0
votes
0answers
45 views

Modify rsyslog output when relaying

I am using a server with rsyslog to send logs to Loggly (action(type="omfwd" ) from a variety of network devices. Unfortunately some devices are not showing up correctly - my switch with hostname ...
0
votes
0answers
13 views

Rsyslog restarts automatically after parsing each set of logs using mmgrok module

I'm trying to parse apache logs using Rsyslog and mmgrok module. Input is from Apache Nifi over tcp and outputs the result to a file. When the number of records per Nifi flowfile is less, Rsyslog ...
0
votes
1answer
28 views

rsyslog config to merge multiple lines coming via imuxsock

I have a web service that writes its output to stdout and is managed by systemd. The systemd config sends stdout to syslog. The problem I have is that multiline messages are split into multiple syslog ...
0
votes
0answers
15 views

imtcp imtcp framing error in received tcp message from peer

I am trying to set datetime format for the remote server but I keep getting error whenever I set the following template: $template temp1,"%timegenerated:::date-rfc3339% %HOSTNAME% %msg%\n" and I set ...
0
votes
1answer
48 views

Problem with installing rsyslog(Debian).The repository is not signed [closed]

I want to install rsyslog version 8.39.0 in Debian uname -a Linux ads-web 3.16.0-4-amd64 #1 SMP Debian 3.16.43-2+deb8u2 (2017-06-26) x86_64 GNU/Linux I do everything according to the ...
1
vote
1answer
45 views

Fastest way to send logs from Kafka to Elasticsearch

I am looking for the fastest log shipper which can directly transfer my logs to elasticsearch from kafka. I can name some ways to do this: Kafka -> Elasticsearch Kafka -> Logstash -> Elasticsearch ...
1
vote
1answer
37 views

Setup rsyslog to send log to remote syslogserver but not to messages/syslog

I am running an ELK-Stack as a central syslogserver and I set up rsyslog to send logfiles, which are not logging into /var/lib/messages by default, to it. The setup is working very well but since I ...
1
vote
1answer
25 views

Redirect docker log messages into different syslog file (froward by logspout)

I have set up a host with some docker container, where logspout is used to forward all the logging to syslog: docker run --name="logspout" -d \ --restart=unless-stopped \ --volume=/var/run/docker....
0
votes
0answers
26 views

Replacing msg in logs in rsyslog.conf

I am using a legacy version of rsyslog, specificaly version 5.8. I would like to replace all instances of a word in the the logs with a new word such as 'XXXX' For example, scan every log line and if ...
1
vote
1answer
45 views

RegEx for Formating Rsyslog Logs to work with Arcsight Template

I have been trying to get rid of spaces or characters to be read by the arcsight connector I have tried to use the template with regex expression with no luck - the problem is the arcsight parses ...
0
votes
0answers
15 views

No recognition of a facility (local4) from one machine to another

882/5000 Hello I have 2 virtual machines. One must serve as a log concentrator the other sends me his logs. However, I only need to send a certain specific type (consul logs an open source solution ...
0
votes
1answer
51 views

How to get the status of the rsyslog connection with the server on the client side?

I am currently using rsyslog to send messages to my server. I am trying to know the status of the connection with my server. I saw that there was a plugin "impstats" (stackoverflow topic) but it does ...
0
votes
0answers
15 views

rsyslog send via TCP log lines contains keyword

I want to send to a remote TCP server the log lines that contain the keyword "INFO". I create a new file /etc/rsyslog.d/30-test.conf with this content *.* @@127.0.0.1:4444 I restart rsyslog ...
0
votes
1answer
76 views

Is there a way to tell mongod to log to syslog on another server?

I want to write mongo logs to syslog on another machine. Reading the mongodb docs, it looks like the only way to use syslog is by writing to the local syslog. systemLog: destination: syslog ...
0
votes
0answers
39 views

Rsyslog regex, include all after first “_”

I need regex file name of docker service: docker_service_name and rename it to contain everything after first "_" to become: service_name This now work with rsyslog ERE: %programname:R,ERE,1,...
0
votes
1answer
18 views

Why does rsyslog isequal filter fail?

I want to log everything from the rsyslogd executable (daemon) to a file. # /etc/rsyslog.conf if $syslogtag isequal 'rsyslogd' then /tmp/foo.log if $syslogtag isequal 'rsyslogd:' then /tmp/foo.log ...
0
votes
0answers
32 views

How to enable a java application to send syslog on multiple syslog server using log4j plugins?

I don't want to have multiple syslog appenders in my log4j.xml for different hosts.Is it possible that we can create multiple syslog appenders on using log4j plugin or any other way ? My requirement ...
0
votes
1answer
30 views

Random UDP message received needs to be parsed to python file through rsyslog omprog

I'm setting up a python script that will parse the inputs received via UDP from another server. Since the message or number of messages can be received randomly, I'm trying to rsyslog omprog to parse ...
0
votes
0answers
12 views

Setting up Remote server ip in rsyslog.conf in sysklogd format

In rsyslog i want to configure the remote machine using sysklogd format. Right now i am using legacy format to achieve that e.g it looks something like this: *.* @172.19.46.246:618 How do i do the ...
1
vote
0answers
27 views

Unable to change log format for remote server in rsyslog.conf

I started working on rsyslog like yesterday so i am very new to this. I am facing a problem. In my rsyslog.conf file i set the file format like this: $ActionFileDefaultTemplate RSYSLOG_FileFormat ...
0
votes
0answers
11 views

How to discard messages by content through different ports?

I have configured Rsyslog to receive data by different ports and by each port the data is stored in a different file. The problem is that I can't discard messages that are received on a port because ...
1
vote
1answer
40 views

rsyslogd re_match causes segmentation faults

When I have a rule if ($msg contains "foobah" OR re_match($msg, '(authmgr|cli)\[[0-9]+\]:') ) then { rsyslog ends up throwing a segmentation fault. Even when I comment out the line containing the ...
0
votes
0answers
33 views

Rsyslog filter logging by pod annotations

I am setting up Rsyslog to collect logs from some containers on kubernetes and what i am trying to do is to only collect logs from specific containers with some specific annotations like this "...
0
votes
0answers
10 views

Rsyslog statistic count

I have a doubt that refers to rsyslog statistic full. The docs give the following description: full – number of times the queue was actually full and could not accept additional messages If a ...
0
votes
0answers
27 views

Can't run rsyslog as service with brew

I'm currently playing with the TICK Stack of InfluxData and trying to enable the Log Viewer in the Chronograf using the telegraph syslog input plugin. For this I'm following the tutorial "Get your ...
0
votes
0answers
26 views

Liblognorm json parser rule

Currently i am writing json log normalizer for rsyslog log messages. Actually, it is more complicated but I will make the list short. I am using liblognorm json normalizer rule and I have a problem ...
1
vote
0answers
17 views

rsyslog log file with wildcards

configure rsyslog to monitor direcory files when log file name changed I have a service that creates a new log file each hour with the hour in the file name i.e: ecs-agent.log.2019-03-26-08 Each ...
0
votes
0answers
30 views

How to forward log files in subdirectories with wildcard using rsyslog?

I have a few log files on the following stature: /var/lib/aaa/bbb/*/*.log The aaa and bbb directories are constant, While the * are changes. For example: /var/lib/aaa/bbb/ccc/blabla.log /var/lib/...
0
votes
0answers
53 views

remote logging using rsyslog server is not working

I have 2 linux machines, both of them have rsyslog. I need to send logs from client machine to server machine. I have done these steps but still I am not able to send the message. What am I doing ...
0
votes
0answers
13 views

rSyslog - file categorising based on port

My company are moving to a new SIEM type product. Annoyingly for me, the one we're going with have collectors that sit on top of rsyslog, and don't work with syslog-ng. As such, we have to change our ...
0
votes
0answers
20 views

rsyslog imfile to reread full file on timestamp change

I'm using rsyslog 8.36.0 version on CS6.0 . I have an application which writes to a file "/tmp/1". This file gets overwritten everytime the application runs (every 20mins/30mins). We want rsyslog to ...
0
votes
0answers
43 views

rsyslog writes logs from firewall to both /var/log/message and to specific file

I have configured my firewall to send its logs to a server on port 601. I have configured rsyslog.cong file on my server as follows: $ModLoad imtcp $InputTCPServerRun 601 $template DailyPerHostLogs,...
0
votes
0answers
11 views

Rsysog issue with logs ending with #015

Can anybody help me to resolve my issue? I have set up the rsyslog server where i am getting logs from other devices, my issue is: in my logs there is #015 mentioned at the end of every log Is there ...
0
votes
0answers
10 views

Why is syslog's “message” field duplicated?

I am trying to forward syslog messages to Logstash, then to Elasticsearch. On the source system, I created /etc/rsyslog.d/logstash.conf: *.* action(type="omfwd" target="elk.example.com" port="50513" ...
0
votes
0answers
37 views

Issue with Log Rotation via out channel ( rsyslog ) in RHEL

I am trying to achieve log rotation via out channel. I have modified the /etc/rsyslog.conf as mentioned below. #start log rotation via outchannel # outchannel definition $outchannel log_rotation,/var/...
0
votes
0answers
43 views

Sending logs from a syslog-ng client to a rsyslog server

I have a setup where logs from a syslog-ng client is sent to a rsyslog server. I want send logs via TCP. Following is the configuration of my syslog-ng client. destination d_remoteUdp { network("192....
0
votes
0answers
17 views

Can I stop rsyslogd from crashing (creating a core) on deprecated tilda?

The tilda ~ in rsyslogd.conf has been deprecated in favour of stop and I'm now seeing machines that have had rsyslog updated, but not their configuration updated, throwing cores: Shifting token ...
0
votes
1answer
10 views

LogDNA only stores the last month of logs

I am trying this logging solution for my whole infrastructure on AWS (ec2, rds, docker and so on). The solution is clean and works pretty great. Although, it seems to store only the last month of ...
1
vote
0answers
125 views

Rsyslog imfile permission denied

I'm trying to use rsyslog imfile to send logs contained in Jenkins log files to a Graylog server, I added root user to jenkins group but I've still permissions issues when rsyslog tries to read files. ...
1
vote
1answer
96 views

Unable to make multi-line rsyslog statements filter incoming syslogs to different files

I have tried this so many different ways. I have a incoming syslog feed to port 1522 from a proxy server. I am trying to match a part of the message/body "location=" and send each log from a certain ...
0
votes
0answers
8 views

SyslogAppender not using custom LayoutBase

Should the logback's SyslogAppender be able to use custom LayoutBase extension? I have VedLogLayout: public class VedLogLayout extends LayoutBase<ILoggingEvent> { private String version; ...