Questions tagged [syslog]
Syslog is a standard for computer data logging. It separates the software that generates messages from the system that stores them and the software that reports and analyzes them.
146 questions
0
votes
0
answers
34
views
How to recover lost files from Windows 10? [duplicate]
I had manually backed up a folder with photos and videos into the C: SSD drive -> User -> Administrator -> Documents -> SAMSUNG BACKUP -> DCIM folder.
3 weeks ago, I took out a ...
1
vote
1
answer
99
views
`grep: /var/log/syslog: binary file matches` should I be worried?
I was just trying to grep syslog when I hit:
$ grep -E 'Sep.*EXT4' /var/log/syslog
[... some data ...]
grep: /var/log/syslog: binary file matches
EDIT: first attempt used cmp and strings, but that ...
- 113
0
votes
0
answers
119
views
How analyze router syslog
Router has https, VPN, PostgreSql and VNC ports open. I want to know user names and passwords used in attacks by countries and ip addresses.
Currently free kiwi syslog server from solarwinds.com in ...
- 179
0
votes
0
answers
171
views
How to configure AlientVault OSSIM to collect Windows security event logs and send email
I'm completely new to AlienVault OSSIM and I want to start using OSSIM to collect Windows security events from domain controllers e.g. failed login attempts, bad password attempts, account lockouts, ...
- 101
0
votes
0
answers
299
views
Omada Controller and rsyslog
I am totally new to rsyslog so please be gentle ;)
I have an Omada TP-Link controler, that manages all my clients AP across the region.
Everything works fine, I am trying to implement public Wi-Fi ...
0
votes
0
answers
43
views
Why does netcat -v send extra X packets?
I'm using netcat 1.218 on Ubuntu 22.04 to generate test syslog packets, and I noticed an odd behavior I can't explain. When I use the -v flag, netcat sends 2 additional packets containing the letter ...
- 1,295
0
votes
0
answers
212
views
Explanation for log source sending truncated syslog
I'm attempting to send syslog from an authentication platform to a syslog server. The Authentication platform can only be configured to send syslog on UDP/514.
The log source is sending the events in ...
- 13
0
votes
1
answer
81
views
Thousands of network messages in systemlog
Our Ubuntu server kernel log is being spammed by the following messages:
Feb 5 12:08:32 Server kernel: [2071471.605255] BANDWIDTH_OUT:IN= OUT=eno1 SRC=192.168.48.2 DST=192.168.48.139 LEN=312 TOS=0x10 ...
- 15
0
votes
0
answers
1k
views
How to configure rsyslog to use the imfile module?
I have Red Hat 9.2 with rsyslog v8.2102.0-113.el9_2.1.
I use default /etc/rsyslog.conf and a custom configuration called vums.conf located in /etc/rsyslog.d/.
module(load="imfile")
input(...
- 15
2
votes
0
answers
314
views
Log file name based on application with syslog-ng
I'm using syslog-ng and currently my config only separates log files based on ip address and facility:
source s_network_udp {
syslog(transport(udp) port(514));
};
destination d_local {
file("...
- 213
0
votes
0
answers
446
views
How to Forward /var/log/yum.log to Remote Logging Server using rsyslog.conf?
Gents,
I am trying to find a way to forward /var/log/yum.log towards Remote Logging Server using rsyslog.conf in my RHEL7. But Not happening.
I have tried this approach but no luck -
$InputFileName /...
- 69
2
votes
0
answers
55
views
SFTP user login details real-time filtering
I have enabled the SFTP login log into the default logfile /var/log/syslog and tried to filter the login time of each user and insert it into the database.
But the filtering is not worked as I ...
- 121
1
vote
1
answer
258
views
rSyslog stopped sending only SOME data
I have configured a remote logging from one of my servers to the central log server via rsyslog TCP/SSL
Everything worked fine until yesterday where most of the files just stop being transmitted while ...
- 153
1
vote
1
answer
572
views
REDHAT machine + rsyslogd eating up 10+ GB
we notice about this problem recently
we found that rsyslog service is eating memory and some times its up to 10G
we have different kind of redhat machines as version 7.6 and 7.9
is it possible to ...
- 931
1
vote
0
answers
721
views
net.core.netdev_max_backlog - what's the impact when set too HIGH?
I'm working on optimizing and right-sizing my EC2 syslog-ng servers and have some carryover settings in our ansible playbook for kernel settings that were used on "in-house" data center ...
- 11
2
votes
1
answer
11k
views
Rsyslog forward logs cannot connect Permission Denied
Have configured Rsyslog to ship logs to a remote location through an SSH tunnel.
However rsyslog complains with "Permission denied":
rsyslogd[28412]: cannot connect to 127.0.0.1:10601: ...
- 191
1
vote
2
answers
653
views
Rsyslog: relay messages from UDP input only
Considering a docker container which receives logs on UDP and forwards to a central logging server using TLS, I was wondering if I could be satisfied with one queue or if I needed several.
Indeed, ...
- 13
0
votes
1
answer
2k
views
Changing security levels of Fortigate logs?
Tech newbie here.
I want to send Fortigate logs to a syslog server. Previously, I was receiving way too many unnecessary firewall logs, 90% of them with a security level of "notice." I have ...
user1703909
1
vote
1
answer
611
views
Why would vsftpd be logging to syslog even though logging is disabled in vsftpd?
I have all logging disabled in /etc/vsftpd but for some reason it is still logging to /var/log/syslog and I can't figure out why.
root@unraid:/etc# cat /etc/vsftpd.conf
# vsftpd.conf for unRAID
# ...
- 468
1
vote
1
answer
3k
views
Rsyslog logs readable by all users
I have an rsyslog instance in a RHEL8 linux server that is used to collect logs from other systems. That works fine, and it stores all the logs in the /var/log directory with following format /var/log/...
- 113
0
votes
1
answer
688
views
filebeat works from file but not from syslog with checkpoint module
I'm trying send CheckPoint Firewall logs to Elasticsearch 8.0.
I have machine A 192.168.1.123 running Rsyslog receiving logs on port 514 that logs to a file and machine B 192.168.1.234 running ...
- 261
0
votes
0
answers
396
views
Configuring rsyslog output format strings
I'm setting up rsyslog for an application and using the following configuration:
$FileCreateMode 0644
if $programname == 'proxy' then /var/log/proxy/log
& stop
This generates log entries like the ...
- 101
0
votes
1
answer
120
views
"-" symbol into rsyslog.conf file
I see into my "rsyslog.conf" a "-" symbol before the path, what is it?
Example:
mail.info -/var/log/mail.info
mail.err /var/log/mail/err
Thank's
- 1
0
votes
1
answer
47
views
Regex char class - more elegant solution
I have two barracuda FWs with different log structure and a Logstash grok filter plugin that needs to parse them.
values only log entry
+02:00 Info blabla Detect: FWD|TCP|bond0.777|1.1.1.1|53329|...
0
votes
1
answer
8k
views
Getting logger to log to rsyslog in alpine
I installed rsyslog on my Alpine-based system to replace busybox syslogd. After completely disabling syslogd in openrc, enabling ryslog at boot and rebooting, all services correctly started logging to ...
- 579
1
vote
1
answer
738
views
gnome-shell spamming on /var/log/syslog
Moved from https://stackoverflow.com/questions/66061925/gnome-shell-spamming-on-var-log-syslog because it was closed there without a solution; and it's also currently happening to me (I am running ...
- 249
1
vote
1
answer
477
views
Logs missing and empty message when forwarding syslog from macOS
I have tried the syslog forwarding configuration as mentioned in splunk document, But on the syslog server I not getting all logs generated in macOS and also there is no Syslog content (message) in ...
- 11
2
votes
0
answers
422
views
Rsyslog fills up disk - unexpected behaviour
I have a rsyslog that forwards messages to elasticsearch. It worked well for over a year but recently the disk starts to fill mysteriously until it reaches 100%.
When I restart the process the disk ...
- 121
0
votes
1
answer
587
views
SYSLOG-NG: Sending same log to two different index in elasticsearch
I'm trying to send the same log flow to two different elasticsearch indexes, because of users with different roles each index.
I use a file for destination too. Here is a sample:
2021-02-12T14:00:00+...
- 101
1
vote
0
answers
649
views
How to disable logging from a given module on linux (Ubuntu)?
I have some issue on my Ubuntu 20.4 system where the mceusb module is filling up the kern.log and syslog file with messages like:
mceusb 2-2:1.0: Error: urb status = -71/d
This completely filled up ...
- 111
0
votes
1
answer
644
views
Testing syslog-ng on CentOS 8
I am relatively new to Linux and networking but was tasked with the following at work:
I built up a CentOS VM machine ( using VirtualBox) on which I had to install Splunk Heavy Forwarder and syslog-ng....
1
vote
1
answer
2k
views
understanding syslog logs format
Im geting syslogs from multiple servers, and Im having trouble to understand some syslog logs, here is one example
<189>12593340: 16596512: Jul 6 20:31:09: %PARSER-5-CFGLOG_LOGGEDCMD: User:...
- 45
6
votes
1
answer
3k
views
How to get SSH logs and send to remote syslog server in macOS?
On Linux, I can get sshd logs such as:
sshd Accepted publickey for user from xxx.xxx.xxx.xxx port xxx ssh2: RSA SHA256:.....
and send them to a remote syslog server by adding a file in /etc/rsyslog.d/...
- 261
2
votes
1
answer
5k
views
How can I get my Cygwin SSH server to log into a file?
On proper Linux systems, the SSH server typically logs into a file, e.g. /var/log/auth.log or /var/log/syslog etc. But - that doesn't exist on my Cygwin system; and merely editing /etc/sshd_config ...
- 10.2k
0
votes
0
answers
970
views
How to get syslog in common event format (CEF)?
I want /var/log/syslog in common event format(CEF). Is there any way to convert a syslog into CEF?
- 101
0
votes
1
answer
71
views
configure dockerd to log userid or username of the user who is launching the container
I updated docker daemon config to enable debug mode for dockerd daemon on Linux. And also using rsyslog I managed to create a separate debug log file. Now I want to log the userid/name of the user ...
0
votes
1
answer
123
views
How to save syslog severity <132> to a different file?
We have an old appliance that sends syslog with severity <132> to its management server.
To capture said events the previous team created a tcpdump script and ran it via crontab to capture the ...
- 349
0
votes
1
answer
88
views
Have "individual" logging instead of logging everything to "journalctl" on CentOS 7
On my CentOS 7 system, no output are written to the well known log files and I'm forced to use journalctl to view anything that happening.
For example, there is no data in /var/log/messages, nor /var/...
0
votes
1
answer
536
views
Rsyslog filtering messages based on time
I want to filter logs so that only messages from 13:00-14:00 can go through, how can I do that? I know I can access message content with $msg, but how can I do that for time?
- 5
1
vote
1
answer
14k
views
How to read from syslog?
I can write to syslog via:
logger "foo bar baz"
but how do I read from syslog? my only guess is:
tail -f /var/log/syslog
but that doesn't seem right from my testing.
Note: also looking for a way ...
- 1
1
vote
1
answer
1k
views
Usbrip read from external syslog file
I want to examine usb violations with the usbrip tool (usbrip github) but the source log file which i want to read from is not the local system syslog file. Instead i have an external file.
When i ...
- 21
1
vote
1
answer
550
views
syslog-ng starts and runs fine manually... starts but doesnt create logs when using systemd
Redhat 7.6 with latest syslog-ng (3.22)
ive searched and tried all the old remedies. Nothing has worked to resolve this.
My syslog-ng.conf file has a bunch of ports and a bunch of destinations. When ...
- 23
0
votes
1
answer
296
views
How to append host IP address and host MAC addres to every log message?
I have several log agents with iptables logging rules and default rsyslog config. Rsyslog sends the logs to the central server.
Iptables rule:
iptables -A INPUT -j LOG --log-prefix "INPUT:DROP:" --...
- 3
0
votes
1
answer
736
views
How to know when Rsyslog has read all lines in a file, and have read 100% of a file
I have to pull log files, static files. Let's imagine I have 100 events (100 lines) in a file. Rsyslog has to forward those logs to a server. Once Rsyslog has read the last line, I want to shutdown ...
- 21
1
vote
1
answer
318
views
Debian 9 /var/log/ message, syslog,dmesg are these safe to post to a forum?
On a very stock Debian 9 VPS, running a multiplayer game system with very expensive scripting in it. I am having a problem with that multiplayer server, and one the server developers is asking me to ...
- 35
0
votes
0
answers
2k
views
Rsyslog won't forward with JSON template
so I'm trying to use rsyslog to accept udp traffic on port 514, apply a json template, and then send it out over udp to port 10514 (this is so my logstash installation can pick it up). I'm running ...
- 301
0
votes
1
answer
79
views
Using Syslog-kafka got some python syntax erro
I need to send message to my kafka cluster, I do the same like this https://syslogng-kafka.readthedocs.io/en/latest/installation.html
, and /etc/syslog-ng/conf.d/kafka.conf like
destination ...
1
vote
1
answer
2k
views
Forward logs via rsyslog to Datadog without agents?
I'm trying to forward my container logs ( apache2 access.log on Febian container) to datadog but it didn't work. I followed this [tutorial][1].
This is rsyslog.conf file:
# /etc/rsyslog.conf ...
- 11
0
votes
1
answer
2k
views
How to setup blacklist rule of elastalert
I have syslog messages of following type. I want to capture all such messages which contains "errors" in message field of syslog.
<30>Apr 9 04:27:13 ip-172-31-26-235 POSTMETHOD_fx-control-...
- 169
1
vote
0
answers
601
views
Log correlation with syslog-ng patterndb
I'm trying to play with syslog-ng and patterndb and I am having trouble with log correlation.
The documentation on how to do it is here : https://www.syslog-ng.com/technical-documents/doc/syslog-ng-...
- 11