Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [syslog]

syslog is a standard for logging messages about the operation of a system.

syslog is a standard that defines the format of messages about a system's operation. They are further categorized by facility (user,mail,kern), etc and a severity (critical, emergency, informational, etc). These messages are usually then processed by a network monitoring system to take appropriate action. For example, on an emergency message, staff could be paged to resolve the issue, whereas long term analysis could be done on informational messages to properly maintain sytems.

667 questions
11
votes
1 answer

Tool for testing syslog

Does anyone know of a tool or a script that I could use to send messages to syslog? I'm trying to troubleshoot a syslog configuration, and I'm having trouble eliminating possibilities. What I would like to do is something like this: ./testScript -f…
Rich
  • 1,353
  • 7
  • 28
  • 39
8
votes
5 answers

Linux: how to send new lines in log files to remote syslog?

We have several applications which are generating their own plain-text log files, which I would like to forward to a remote syslog server for centralized logging. I do not have access to root on these machines, nor can I reconfigure syslog to…
Michael Martinez
  • 2,715
8
votes
3 answers

Add a local application to syslog excluded from /var/log/messages

I have an application which logs to syslog facility local1. I would like to configure syslog to send all local1 messages to a log file separate from /var/log/messages -- that turned out to be easy. But the messages are also going to…
Josh
  • 9,218
8
votes
5 answers

Does this log indicate the server reboooted?

I have a webserver I think rebooted at some point .. mostly because apache wasn't serving sites and it usually does that when someone starts it and doesn't enter the SSL cert's password ... and a reboot/start fixed the problem. Looking around in…
erik
  • 99
  • 1
  • 1
  • 2
7
votes
1 answer

How old is the "severity" paradigm in logging?

Years of sysadmin left syslog's severity levels, as described by The BSD Syslog Protocol, clearly imprinted in my mind. You know the drill: Emergency, Alert, Critical, Error, Warning, Notice, Informational and Debug. This left traces elsewhere, such…
Daniel C. Sobral
  • 5,823
4
votes
4 answers

Can remote logging with syslog-ng hang my application?

I want every server to send logs to /var/log and and copy to a remote syslog-ng server. I've heard anecdotes how logging remotely can hang your application if the network has problems. Should I be concerned about my app hanging when logging…
where's the fire
  • 101
  • 2
  • 5
3
votes
3 answers

How do I setup a syslog server for my network?

I would like to setup a syslog server to forward all log file from all of my VMs and servers. I really don't much about what is out there. So I turn to the community, Something on Linux is fine, what I want more is alert ability like emails telling…
AtomicPorkchop
  • 1,985
2
votes
4 answers

What is SysLog, A product or a standard?

I have a customer who is using syslog running under Linux. We don't have any Linux infrastructure or skills in our org, so I found a Windows product called WinSysLog. I was wondering, is Syslog a standard, so all products based on syslog run on…
JL.
  • 1,303
1
vote
1 answer

Strange error message in syslog

My server was blocked during the weekend, from exactly this Saturday at 00:00 CET, for unknown reasons, and the last syslog message is a bit weird: Nov 18 23:58:58 ns kernel: [16705160.366491] [UFW BLOCK] IN=eth0…
ABu
  • 499
1
vote
0 answers

Let Lemp and Lamp stack send Access/Error log to Graylog2

I have two servers running, one with Apache and one with Nginx (Both Ubuntu based) they are allreading sending syslogs to my graylog2 node but i want Nginx to provide me with the Access log and and then the Lamp stack to provide me with the full…
Daniel Guldberg Aaes
  • 421
1
vote
2 answers

How can I have /var/log/messages use the FQDN instead of the short hostname?

I've noticed even when I type "hostname" at the CLI the FQDN is displayed, however the only file that seems to be using the short name is /var/log/messages. I'd prefer it to use the FQDN however I can't seem to figure out how to do this.
Pheezy
  • 251
1
vote
1 answer

(rsyslog) Forwarding a specific log only

I've been trying to configure rsyslog to forward /var/log/syslog to a remote server. I was able to do this using the below configuration. $InputFileName /var/log/secure $InputFileTag hostname-secure $InputFileStateFile…
071414
  • 11
1
vote
1 answer

Why isn't /var/log/maillog written with sync option by default?

Some syslog implementations on linux (sysklogd, rsyslog) include the following line in their default configuration: mail.* -/var/log/maillog As far as I know the dash sign means that it is not required to do sync() after a log message is written…
Zizzencs
  • 947
  • 1
  • 10
  • 22
1
vote
3 answers

Adding a new facility to syslog

The docs give a fixed list of facilties for syslog, but it's clearly possible to have more (http isn't on the list). Do I just describe it in the conf file and start using it or is is more involved? (It's an ecommerce system and I want to log the…
Michael Lorton
  • 211
  • 2
  • 5
1
vote
2 answers

Determine which programs are logging to a specific syslog facility

Is there any way to determine which daemons are logging to a specific syslog facility? (spec. rsyslog) What I am specifically looking for is who logs to the auth.* severities. A 2001 audit for netbsd syslog. atrun(8) cron.err pid fatal…
mikewaters
  • 1,215
  • 1
  • 15
  • 27
1
2