Questions tagged [syslog]
syslog is a standard (RFC 5424) for message logging. Use this tag for syslog logging related messages. For generic logging messages use [logging] instead
444 questions
1
vote
1
answer
45
views
Logging Cisco logs on remote linux syslog
Good evening,
I am running multiple cisco routers/switches and a virtualized debian install. In order to have proper forensic capabilities in cse of attack/breach/malfunction I wish to have remote ...
- 11
0
votes
1
answer
31
views
How to increase the number of log files: /var/log/mail.log* on macOS?
On my actual macOS, there are every day 7 flat files in /var/log of name mail.log* rotating at 23:00:
### 18:20 milky-way:/etc/asl # ls -al /var/log/mail.log*
-rw-r-----@ 1 root admin ...
- 1,085
1
vote
0
answers
40
views
How to filter out logs spit out from daemons?
I have a program that produces some erroneous logs that I don't to see for now. Therefore I write the below function to filter out those lines before writing to syslog using busybox syslogd
function ...
- 2,348
0
votes
0
answers
60
views
Configuring audit log and Syslog Collection over TLS
I have two RHEL 9.4 systems and I want to configure auditing on both systems. The one RHEL system will be used for a basic linux system for testing, and the other will be used for a Syslog server for ...
- 1
-1
votes
1
answer
255
views
syslog logging driver giving the error protocol wrong type for socket
I have a service defined via docker compose (see definition below). When I tried to start this service via docker-compose -f up --wait -d my_service, I get the error
Error response from daemon: ...
- 3
0
votes
1
answer
524
views
How do I change the date/time format in syslog-ng from `mmm [d]d hh:mm:ss` to `yyyy-mm-dd hh:mm:ss`?
I noticed that the default datetime format for logs in /var/log/messages is mmm [d]d hh:mm:ss, for example:
Jan 4 03:46:50 1.2.3.4 ntpclient[6952]: Failed resolving address to hostname pool.ntp.org: ...
- 159
0
votes
2
answers
458
views
How do I check which conf file was loaded by syslog-ng when starting?
I am running syslog-ng on debian.
How do I check which conf file was loaded upon startup?
Neither
systemctl status syslog-ng
nor
systemctl show syslog-ng
tell me.
- 159
0
votes
1
answer
296
views
rsyslog variable from mmnormalize as part of omfile filename
I have a log line that looks like this:
May 20 10:25:42 192.168.20.100 Timestamp="2024-05-20 10:25:42",LogId="535666280",NodeId="192.168.1.100",Facility="Packet ...
- 1,010
0
votes
0
answers
46
views
AuditD - tuning out parent and children
I'm reading over the AuditD readmes and I see how you can use filters but is there a way that you can tune out a parent and any activity they create along with their children processes?
For example, I ...
- 1,754
-1
votes
1
answer
282
views
How to preserve log contents across reboots?
As far as I can tell, syslogd in its default configuration throws away all log data on reboot. I have observed this data on Raspbian (Debian Linux-based) and on OPNsense (FreeBSD-based).
From my point ...
- 1,475
-1
votes
1
answer
181
views
Portable logging from Python?
I am writing a small plugin for Postfix using python and want to it to emit logging messages. I am not particularly familiar with python and was advised to use loguru. This was certainly easy when I ...
- 6,225
0
votes
1
answer
40
views
rsyslogd v3.x.x unexpectedly closes write connection to named pipe target
I've configured rsyslog to forward certain log messages to a named pipe /tmp/logger.pipe. I then have a separate process reading from the named pipe. Relevant section from /etc/rsyslog.conf
# Remote ...
- 1,013
2
votes
1
answer
588
views
pfSense (FreeBSD 14.0) - Prometheus Node Exporter gives log errors - fix or suppress in log
On pfSense, I've enabled Prometheus Node Exporter, but it gives the following log errors each 15 seconds:
Feb 15 09:53:57 vault node_exporter[25559]: ts=2024-02-15T08:53:57.164Z caller=collector.go:...
- 792
0
votes
2
answers
381
views
Root partition is running out of disk space due to too large syslog files
This is occurring while backing up whole drive with rsync. I'm trying to sync two large hard drives as a backup and I'm doing so exactly as described here using the Grsync GUI. While doing so I get ...
- 4,588
1
vote
0
answers
3k
views
PAM - Disabling "check pass; user unknown" syslog messages
TLDR: We use PAM with SSHD. CentOS and Ubuntu exist in the environment. For every SSHD failure of an unknown user, it creates two messages. One of the messages doesn't provide the unknown username and ...
