Debian :: Rsyslog Remote Logging Duplicates
Jul 30, 2015
I'm having issues setting up rsyslog to receive syslog from another server and only log to one file. I'm receiving the syslog from the remote side, however its putting the entries into more than one log file.
I configured /etc/rsyslog.conf to enable udp, and I have implemented a filter to log only from that IP address, and then stop processing more rules, but it seems to continue on.
I have found that the remote syslog events are using local0 and local1. There are two custom rsyslog config files in /etc/rsyslog.d that handle those two facilities. If I use that same if statement at the beginning of those custom config files, I can get it to work. Seems like a hack though.
Not working:
I put my if statement before the include statement, thinking I could stop it from hitting the custom rules.
Code:
Select all# /etc/rsyslog.conf Configuration file for rsyslog v3.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#################
#### MODULES ####
#################
$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
#$ModLoad immark # provides --MARK-- message capability
[Code] ....
This works:
A custom config file in /etc/rsyslog.d
Code: Select allif $fromhost-ip == '<my ip>' then /var/log/<my directory>/syslog.log
& ~
local0.* /var/log/<a log file for local0>.log
This is on a WD Mycloud device:
Code: Select allLinux WDMyCloud 3.2.26 #1 SMP Tue Jun 17 15:53:22 PDT 2014 wd-2.2-rel armv7l
The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright.
View 1 Replies
ADVERTISEMENT
Jan 30, 2011
I have a Asus RT-n12 router with DD-WRT v24-sp2 (12/19/10) mini(SVN revision 15943M NEWD-2 K2.6 Eko)I can not get my rsyslog on my linux pc to log messages from the router. I did a netstat -arn and got:
Code:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
[code]...
View 10 Replies
View Related
Feb 16, 2011
After struggling and googling on the internet I can't manage it to work.I have stup rsyslog to receive the logging from my firewall and it puts it into the syslog file.ut I would like to have a separate logfile for these messages.I have created the firwall.log file with owner syslog, same as for the syslog file.I already have tried to use in the /etc/rsyslog.d/10-firewall.conf the following ::msg, contains, "firewalld" /var/log/firewall.logor
:msg, contains, "firewalld" -/var/log/firewall.logI don't know the difference between the "-" sign in the lines but I have seen also those kind of situations.
I also have put this line into the 50-default.conf file because I thought it wasn't seeing the 10-firewall.conf file but no work.I have added a $template HostMessages, "/var/log/%HOSTNAME%/logfile.log" in the /etc/rsyslog.conf file but neither it works.In the firewall I can see the Syslog facility is now on LOG_LOCAL0 and I can change it from LOCAL0, LOCAL1, LOCAL2, ... until LOCAL7What does these different numbers mean
View 4 Replies
View Related
Jun 18, 2010
when i ping a remote machine to 172.16.1.55 then i get this result...how can get normal packets......
64 bytes from 172.16.1.55: icmp_seq=1 ttl=128 time=0.468 ms (DUP!)
64 bytes from 172.16.1.55: icmp_seq=2 ttl=128 time=0.448 ms
64 bytes from 172.16.1.55: icmp_seq=2 ttl=128 time=0.469 ms (DUP!)
[code]....
View 1 Replies
View Related
Oct 13, 2010
I saw rsyslog is now installed in Debian Lenny instead of syslog. I want to send local iptables log to remote server. I modified the file config /etc/rsyslog.conf like this :
# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
[code]...
View 1 Replies
View Related
Jan 3, 2010
I want to login to my company's server (remote) from my room. I have the server address, so I use this command to login :
Code:
#ssh root@X.X.X.X
It waits for a very long time and then returns with error connection timed out port 22.
I configured these settings in the remote server :
Code:
#/etc/init.d/iptables stop
Then I connect via ssh from my home but still the same error.
Then in the config file /etc/ssh/sshd_config, I uncomment the line : ListenAddress 0.0.0.0
I connect via ssh again from home but still the same error.
The connection is not denied in hosts.deny and hosts.allow.
How do I get the connection up and running?
View 5 Replies
View Related
Feb 2, 2009
For remote syslog logging of the general log files, I set:
Quote:
How do I setup the remote syslog logging of apache logs? Do I just add a line in the httpd.conf file to for example ?:
Quote:
View 2 Replies
View Related
Nov 12, 2009
I'm having trouble getting my pix firewall to log to syslog server. Here are the steps I took:
1) Added the following line to /etc/sysconfig/syslog:
SYSLOG_OPTIONS "-m 0 -r514"
**for some reason, without the 514, syslog doesn't listen
[code]....
View 2 Replies
View Related
Jan 26, 2011
I have installed CentOS 5.5 along with the Samba package. I have it configured (i believe), but when I try to access a share, it is not accepting my UN/PW. I have copied the smb.conf file from a working computer over to this one, but it is still not accepting my login. Anyone know of any other files I should check?
I have moved a working smb.conf file to this new box, and both computers have the same UN/PW's
View 4 Replies
View Related
May 5, 2011
First of all - to refresh icon on desktop i've had to install gamin instead fam (after this, icons on desktop was refresh correctly). I don't know that have connection, but who knows. Anyway - my problem. Things marked as red are duplicated entries in menu. How to simple delete them? Menu are not refreshing too - i unmark "Inne" (Others) in alacarte, but it's still visible.
View 2 Replies
View Related
May 5, 2011
i am learning about the ability to utilize the rsyslog ability to be a server for the logging info from other machines. i have did it successfully, and i get logs from other machines through the network, but i don't know where i can set the server for my desire act on these logs that come from the network. i essence the question is: why the server put some logs at /var/log/messages, and others not ?
View 2 Replies
View Related
Apr 14, 2016
I am not referring to the bash history file. I am referring to the system log file. All of my console activity (letter for letter) is being stored in the system log. It's my understanding that version 4.1 of bash is where this behavior first started but was originally optional. I don't like it and I want to stop it. I am using a current version of jessie with bash 4.3 and I can find no way of turning it off
Monitoring the activities of users may be necessary .for admins in a business environment but this is a home computer and I consider this kind of tracking intrusive and unwanted.
I first noticed this with the journal system log and mistakenly though it had to do with journal so I removed the journal system and installed dsyslog which has the same behavior.
Perhaps debian should offer two versions of bash. It's my understanding that this is configured in a header before compiling.
View 4 Replies
View Related
Aug 18, 2011
I wanted to make my boot logging pretty hence used this shell script from As given in the instructions therein, I just copied the shell script in /etc/ directory with the name lsb-base-logging.sh and gave the shell script executable rights. ($ sudo chmod +x lsb-base-logging.sh) . After booting up with the new boot script I did not like it. (seemed more ugly than the default option). Now while I have removed the executable bit its still showing the ugly (or pretty as you look/feel it) modified bootup./etc$ ll lsb-base-logging.sh -rw-r--r-- 1 root root 1337 Aug 16 18:48 lsb-base-logging.shDo I need to completely remove the script for the default boot to come back.
View 1 Replies
View Related
Jan 14, 2010
My problem is that I can't disable checking mail after logging (communique "You have mail." or "No mail") in my system Debian 5."CheckMail" option in OpenSSH is now inaccessible.I tried to set "MAIL_CHECK_ENAB" option to no in /etc/login.defs but it doesn't work.I added "unset MAILCHECK" in /etc/profile but this doesn't work too.I tried to comment line "session optional pam_mail.so standard" in /etc/pam.d/login but it didn't help.
View 2 Replies
View Related
Mar 19, 2015
I have been using Debian for about 2 years now, I have decided to use my email through Evolution (actually both my live and Gmail accounts). Right now my problem lies with Gmail so I will just mention that...
Evolution simply does not accept my gmail password when I log in. I have gone through the whole "Evolution Setup assistance" many times, and whenever the setup is done, and I proceed to open up the program and actually log in to my email> I enter my password and click "ok", and then the same login screen simply flashes and asks me to enter my password again! This is the entire problem. I cannot go beyond the login screen, and evolution simply asks me to enter my password again, and again, while never logging me in. And yes, the password is correct as I use the very same one to log into gmail's web interface several times a day. Imap is also enabled in my gmail account.
I have used Gmail's imap and smtp configuration information from [URL]..... and it simply does not work, even though I put all the information into Evolution Correctly.
View 3 Replies
View Related
Mar 3, 2010
Has anyone gotten rsyslog to accept messages from remote hosts? I've tried half a dozen methods for getting it to capture syntax, all unworking.
View 8 Replies
View Related
Jul 19, 2010
I have upgraded to 10.04 or tried to at least. I have a server at OVH and it was running 8.04 desktop and I decided to upgrade it to 10.04 little relizing that OVHs kernels didn't work with 10.04 so after the reboot phase it ended up going into a netboot rescue mode.
I have got the latest kernel from the kernal.ubuntu area and installed it. Run grub-update, reboot... Nothing. So I decided to run apt-get install just to make sure there was nothing that needed to be installed.
The following is what I have got
Code:
Now from my research this means that I don't have a bootable system.
The following is the response I got from OVHs team
Code:
View 3 Replies
View Related
Jan 13, 2011
Have any detail configuring RSyslog on ubuntu 10.04? with web interface view
View 2 Replies
View Related
Aug 17, 2010
I am trying to install rsyslog 5.4.0 with relp on CentOS 5.5 (vmware). My installation steps:
yum install gcc.i386
liblogging-0.7.1:
./configure
[code]...
View 1 Replies
View Related
Apr 9, 2010
We want to begin centralizing our system logs to a dedicated server, using a daemon that is flexible and offers more features. After some research, I decided to give rsyslog a whirl (versus syslog-ng).roblem has come down to compilation errors which, unfortunately, I've not been able to resolve otherwise (rsyslog forums) and it appears this is a larger problem with the product. So before I begin making another decision, I wanted to get some input from others here.Here is a snippet of the errors:
Code:
/usr/local/src/rsyslog/rsyslog-5.4.0/runtime/queue.c:1291: undefined reference to `ATOMIC_SUB'
[code]...
View 3 Replies
View Related
Aug 25, 2010
I was wondering how could I specify for how long the logs will be kept. Rsyslog doesn't have such an option (at least I didn't find it).Do I have to use logrotate for this, or is there some other option?
View 1 Replies
View Related
Aug 14, 2010
I am trying to install rsyslog 5.4.0 with relp on CentOS 5.5 (vmware). My installation steps:
yum install gcc.i386
liblogging-0.7.1:
./configure
make
make install
[Code].....
/usr/local/lib/rsyslog/omrelp.so exists with permission 755 owned by root. I read some similar posts but older version of centos, rsyslog, librelp and rebuilding the packages could not help.
View 7 Replies
View Related
Jun 23, 2010
I know it's possible i did it once but i can't do it again...
I wanna try to fix the GRUB or whatever the problem is. The error messages after login are: Nautilus can't be used & the panel encountered a fatal error.
View 7 Replies
View Related
Sep 11, 2010
When I start a screen session over SSH, I can edit and save files from within the screen session before I log out of the SSH session. But after I log out and log back in, I find that the screen session has lost write privileges, so that I can no longer edit or create any files, even within my home directory. How do I prevent this from happening?
View 1 Replies
View Related
Mar 16, 2009
I've all of a sudden been getting permission denied for almost everything I try to do. Upon logging in, I get a huge amount of "/dev/null: Permission denied"
The only way I can manage to get to the terminal is by Ctrl-C. It never brings up the command line, unless I do that.
If I try to startX, I get errors, also saying permission denied, and then one that says
Code:
I also get many "failed" errors when booting, most of them saying that a file could not be found/located.
Check the thread link at the top for other information in the first post.
I could reinstall Debian, but the computer I am using is a Libretto 110CT (64MB RAM), which has only a PCMCIA drive, for which I have a USB port replicator. There is no CD drive.
It was also a custom install fitted for the computer, so I'd rather not have to set everything up again, nor would I know how to exactly, as I've never done it before.
View 7 Replies
View Related
Jul 25, 2011
I got a new dsl modem/router today and now for some reason I can't login into an ssh session using putty and windows using the hostname of the debian box. I can login using the ip though. Also, it seems I can still access the debian box via samba/windows explorer using the host name.
View 3 Replies
View Related
Jan 17, 2011
Open office Calc all the googles i can read all have removing the duplicates from the spreadsheet. I want to do the exact opposite. I want to keep the dupes and remove the others.
View 1 Replies
View Related
Jun 15, 2010
I'm trying to run a logging server with encryption but rsyslog takes 100% of the memory on boot. This only happens when these two sets of lines are both in the rsyslog.conf
Code:
$ModLoad imtcp
$InputTCPServerRun 10514
and
Code:
$DefaultNetstreamDriver gtls
[Code]...
View 2 Replies
View Related
Jun 6, 2011
How do i find the file /etc/rsyslog.conf so i can modify it.
View 1 Replies
View Related
Jun 7, 2011
I have been trying to create an rsyslog config for a software package that I use. I want to use the local7 facility for this package, and split the messages according to priority across several files. I would like the config to be a file which can just be dropped into rsyslog.d without having to modify the rsyslog.conf or 50-defaults.conf. I created a file called 40-test.conf, in which I have the following:
local7.none /var/log/messages
local7.none /var/log/syslog
local7.=info -/var/log/test.info
local7.=debug -/var/log/test.debug
local7.=notice;local7.=warning -/var/log/test.notice
local7.=err -/var/log/test.error
I am getting the correct local7 messages in the correct 'test' files, but i am also still getting local7 messages in /var/log/messages and /var/log/syslog, so it seems the local7.none has no effect. Is this the correct method of achieving what I want? What am I doing wrong?
View 3 Replies
View Related
