I am writing my own syslog collector, but im stuck with calculating the severity of the message. The PRI value is calculated:-
Code:
(Facility * 8) + Severity
But from the context of a collector, neither Facility or severity would be known? You need to know either severity or Facility to calculate facility or severity?! The RFC goes in to no more detail about calculating the severity value, other tan this expression.
I am looking for an open source syslog server which accumulate the each and every log of Windows, Solaris, Linux and network devices. Currently I am using Syslog-ng which is not fulfiling my requirement in Windows clients, as I need the logs of every action which user performed after logon.
View 2 Replies View RelatedI configured syslog.conf to send logs to kiwi syslog server. After resetting (/etc/init.d/syslog restart),the server got log the message: "syslog 1.4.2 restart". But am getting just resetting message, nor other syslog message (using code or using logger command). I have other computer that send all the syslog messages.
View 2 Replies View RelatedI have read many articles on hdparam to calculate the disk read and write speeds and some on interface and CPU limits. But is there a structured way of calculating the maximum throughput of a server including all the subsystems. Like storage, CPU, network, memory and so on? So that I can create a script that i can run on a newly installed Linux machine and calculate the maximum throughput .
View 4 Replies View RelatedMy monitor tools indicate that the percentage of swap used is more than the ideal , so I want to calculate which process is consuming from the swap. I tried the following but it didn't help be 100%
#ps -eo vsz,rss,pid,args | sort -n
How to accurately calculate which process consuming from swap, just the swap no ram + swap!
I am trying to update from ubuntu 10.04.1 to 10.10 using the do-release-upgrade command. I get this error:
Code:
An unresolvable problem occurred while calculating the upgrade: The package 'update-manager-core' is marked for removal but it is in the removal blacklist.
This can be caused by:
* Upgrading to a pre-release version of Ubuntu
* Running the current pre-release version of Ubuntu
* Unofficial software packages not provided by Ubuntu
The first two can't be correct right? So... If the third one is true. How can I find these packages? Or, is there any other way to upgrade to 10.10?
I'm interested in writing a generational garbage collector in C++. This is for a Python-like programming language project. I have used Boehm's garbage collector before, but I'm worried that it will have noticeable pause times (unacceptable for interactive programs). Since I can't really find any other C++ established GCs out there, I have been thinking of simply writing my own.
However, there are two essential ingredients I need for this:
- Some kind of write barrier mechanism that will notify my collector when something is written to a part of the heap
- A way for me to know the addresses and sizes of the stack, heap and global storage (the root sets)
how to implement write barriers (and how to get the stack, heap and global storage information) on the Linux platform? As an alternative, if you know of C++ GCs other than Boehm, I would also be interested.
After some years using OS X, I'm returning on Debian on my Macbook Pro in single boot.
I've bought a Samsung SSD (850 EVO 500Go) in order to replace the slow built-in HDD.
But I've earned about the need of repartition of writing operation on that kind of drives, and I'm concerned about swap partition.
I need swap (especially for Darktable, browsers and maybe Steam games), but I wonder if the usual swap partition (even with discard mount option) is really recommandable for SSD drives.
Actually, on Debian wiki and others, the usual recommandation is "if you have enough RAM, don't use swap or minimise swapiness to 1", but using of swap file is not mentioned.
Indeed, if I have only one "big" partition on the SSD drive and TRIM activated, the garbage collector (low level) built in chipet's SSD will optimize SSD life, but I don't know how the low level garbage collection works with multiple partition.
So there is my questions :
- Will SSD garbage collection will preserve the disc use even if I have a 2GB swap partition ?
- Will I'd use a swap file instead of swap partition (I don't really need to hibernate) ?
trying to replace syslog with syslog-ng. When I:
yum erase syslog,
wants to remove everything else that (presumably) has syslog as a dependency. how do I replace the dependency on syslog with a dependency on syslog-ng?
How to set up syslog server on Fedora 10 Linux server ?
View 1 Replies View RelatedIm trying to get syslog-ng to log ssh stuff to a own file (later i want it to be forwarded to a other server but thats a later problem.
The thing is that if i restart my syslog-ng server and login with ssh, it logs it. but when i login again it dont. But if i restart the syslog-ng daemon again it logs again, but only once.
Here is my config.
Code:
I noticed in my system that my root partition is getting full. I found a lot of old compacted syslogfiles. Had a look at etc/sysconfig editor eg cron but could not find a setting which allows to delete files older than a month. Where and how could I influence this ? I deleted manually all syslog files older than a month. Approx 6GB
View 9 Replies View RelatedI tried to install Syslog-ng-3.2.4 in Centos 5.6,when i need to start the deamon syslog-ng =>Failure and i have this message:
Code: [root@RelaisXXX etc]# service syslog-ng start Starting syslog-ng: Your configuration file uses an obsoleted keyword, please up Your configuration file uses an obsoleted keyword, please update your configurat
Error creating persistent state file; filename='/usr/local/var/syslog-ng.persist Starting Kernel Logger [FAILED]:
I�m installing fail2ban to improve the security of a home asterisk server which from time to time becomes the target of some sip account cracker and/or ssh brute force attack.For those not familiar with fail2ban, this utility monitors log files to find matches with user specified expressions to identify the presence of a brute force attack. Then configures iptables rules to block the offending IP.Here�s an example:
Code:
NOTICE[1734] chan_sip.c: Registration from '"613"<sip:613@xx.xxxx.xxx.xxx>' failed for 'yyy.yyy.yyyy.yyy' - No matching peer found
[code].....
I'm guessing its possible but I can't seem to find any documentation on how to do this.I've tried playing with entries at the top of my syslog.conf file like:
*.* @172.20.10.1 # 1 server, works file
*.* @172.20.10.1,172.20.20.11 # doesn't work
*.* @172.20.10.1 172.20.20.11 # nor this
*.* @172.20.10.1,@172.20.20.11 # nor this
*.* @172.20.10.1 @172.20.20.11 # nor this
What is the easiest way in Linux to convert syslog messages to XML?
View 1 Replies View RelatedI open "man vsftpd.conf", it says syslog_enable If enabled, then any log output which would have gone o /var/log/vsftpd.log goes to the system log instead. Logging is done under the FTPD facility. Default: NO So I add "syslog_enable=YES" to the /etc/vsftpd.conf, and add "ftpd.* /var/log/ftplog" into /etc/syslog.conf. But there is no log infomation in the ftplog file.
View 7 Replies View Relatedhow to configure syslog server in centos?
View 3 Replies View RelatedI have the following BIND messages filling up my SysLog that I'm hoping someone can explain to me:
Code:
Dec 9 09:35:44 dns2 named[30103]: client 67.130.224.5#49551: query (cache) 'www.domain.com/A/IN' denied
Dec 9 09:35:47 dns2 named[30103]: client 67.130.224.5#64561: query (cache) 'www.domain.com/A/IN' denied
[code].....
I would expect this behavior if "domain.com and anotherdomain.com" wasn't a domain that I hosted. But this is a valid domain that this server should be answering for. In my named.conf I do have the
Quote:
allow-query { any; };
option on every zone. This is my slave server and I have the primary shut off so I can test this slave server. FYI: So far queriers still seem to be working. The pages for the sites are still coming up via the internet.
configure syslog server on ubuntu now i want to export logs of windows and ubuntu desktop to the syslog server
View 6 Replies View RelatedCan syslog be used to "watch" other log-Files from other software? I would like to get an info in messages if a logfile of squid is changed/something is added.
View 4 Replies View RelatedIn my system, I see two syslog configuration files, /etc/rsyslog.conf and /etc/syslog.conf.. What is the use of each file? I know only that of /etc/syslog.conf...how about /etc/rsyslog.conf? what is its use?
View 1 Replies View RelatedWe have several SLES, CentOS, Fedora server and use logmail to filter the logs on our central syslog-Server. The problem is, that the filtering take more and more time and the configuration gets more and more confusing. What program to use to analyse our central logfile? Something mysql based?
View 1 Replies View RelatedI am currently using Syslog-NG to make the log files in the format of: $R_YEAR$R_MONTH$R_DAY$R_HOUR and I need to be a little more granular.
I am wondering if there is a way to to divide the hour by 12, making a new log file every 5 minutes. We have been using LogRotate, but when Syslog-NG is restarted we have some data loss. Is this possible? Another solution I can think of would be to add $R_MINUTE (or whatever it is) and run a cron job every 5 minutes to concatenate the files.
I am facing an issue with my syslog server. The server is collecting remote log also. and the issue is no log messages are updated in /var/log/messages file. But other files are getting updated.
[root@Server1 ~]# cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
[code]....
Syslog stops writing immediately after log rotation, after I start the system (but not after reboot), and at some other times, into my fast cgi application's log. It starts working after /etc/init.d/sysklogd restart.
Configuration:
I am using Ubuntu 8.04 lts server, Apache web server.
My (fast cgi) application uses code...
I have a postfix mailserver that works fine except for the logrotate.
syslog.conf
mail.* -/var/log/mail.log
logrotate.conf
/var/log/mail.log {
[Code]....
So when cron does the logrotate, there is a new logfile but its empty. After i restart the syslogd it gets back to its normal logging.
What am i missing? All this works with CentOS, why is Ubuntu such a pain...
I have a dual-processor x86 box with CentOS 5 Linux 2.6.18-238.19.1.el5, mysql Ver 14.12 Distrib 5.0.77, and tons of storage space. I want to run a syslog solution on this box for a SOHO infrastructure. We've got routers, switches, Windows servers, other Linux boxes, etc. I've looked at syslog-ng, but it seems rather overkill, but I like the idea of storing logs in a MySql database. Is there anything I can yum install?
View 2 Replies View RelatedMy machine is dual booted with Fedora 14 and RHEL 6. (I have only installed Red Hat because I am studying for RHCE). Just now I tried to install the Banshee player on my Red Hat OS. I ran various scripts inside the directory to see what really happens and after I ran the 'Makefile.in' file my terminal froze. It displayed '/bin/ not found'Then i restarted my computer and I got the following messages:
init: Failed to spawn readahead-collector main process: unable to execute: no such file or directory
init: Failed to spawn rcS main process: unable to execute: No such file or directory
init: Failed to spawn readahead main process: unable to execute: No such file or directory
[code].....
I tried run level 1 and run level 3 but I get the same error messages.
PS: My Fedora 14 installation is working fine.
I'm running Ubuntu Desktop 9.10. How do I get it to forward its logs to a syslog server (its running on a different machine)?
View 2 Replies View Related