Syslog stops writing immediately after log rotation, after I start the system (but not after reboot), and at some other times, into my fast cgi application's log. It starts working after /etc/init.d/sysklogd restart.
Configuration:
I am using Ubuntu 8.04 lts server, Apache web server.
My (fast cgi) application uses code...
I have inherited ownership of a Debian server process that logs its error message to stdout/stderr. Currently its initscript has lines like:
start-stop-daemon [options] --exec $DAEMON -- $DAEMON_ARGS < /dev/null 2>&1 | logger $LOG_OPTIONS 2> /dev/null &
I have tried to abstract as much of that away as possible. The options specify a pid file, to make a pid file. A subsequent line tries to establish whether the process is up, though I think several conditions are not checked for. This script seems pretty ropey to me. I am trying to start again with the lsb-base one in /etc/init.d/skeleton though that is going to require a lot of modification. get the code change to use the syslog API however that is out of the question at least for now.
1.) Create a named pipe
2.) Start up a logger daemon that reads from the named pipe
3.) start up the server process that writes to the named pipe
It would be ideal for this if start-stop-daemon offered options to specify where the IO of the daemon process should be redirected to. However I am not about to offer to adopt that package (with ~400 bugs) so I doubt that will happen. Trying to specify the redirection on the command line does not work. In the case of the logger daemon start-stop-daemon seems to hang on the system call. In the case of the server process the pipe gets closed when start-stop-daemon exits, so the logger daemon exits. None of that seems surprising.So what I am doing now is to write simple wrapper scripts for the server and logger processes. Both wrapper scripts have this structure:
1.) sanity check the arguments
2.) exec program [suitable redirection of IO]
Then the start-stop-daemon can call the wrapper scripts as daemons. From my experiments so far this seems to work. However I feel a bit uncomfortable with this. It introduces several new wrapper scripts.I cannot think of any obvious security holes but I suppose race conditions are inevitable.
turn up the level of logging that my DHCP Server is writing to SYSLOG?I can't seem to find a syslog.conf file to edit.
View 1 Replies View RelatedI am looking for an open source syslog server which accumulate the each and every log of Windows, Solaris, Linux and network devices. Currently I am using Syslog-ng which is not fulfiling my requirement in Windows clients, as I need the logs of every action which user performed after logon.
View 2 Replies View RelatedDoes anyone have some material about statistics using ubuntu / linux server, or a text which generally describes the ubuntu server?I need urgent, i'm writing specialization work about administration apache and ftp server on ubuntu 10:10 server, so I need something for the conclusion.
View 7 Replies View Relatedtrying to replace syslog with syslog-ng. When I:
yum erase syslog,
wants to remove everything else that (presumably) has syslog as a dependency. how do I replace the dependency on syslog with a dependency on syslog-ng?
How to set up syslog server on Fedora 10 Linux server ?
View 1 Replies View RelatedIm trying to get syslog-ng to log ssh stuff to a own file (later i want it to be forwarded to a other server but thats a later problem.
The thing is that if i restart my syslog-ng server and login with ssh, it logs it. but when i login again it dont. But if i restart the syslog-ng daemon again it logs again, but only once.
Here is my config.
Code:
I noticed in my system that my root partition is getting full. I found a lot of old compacted syslogfiles. Had a look at etc/sysconfig editor eg cron but could not find a setting which allows to delete files older than a month. Where and how could I influence this ? I deleted manually all syslog files older than a month. Approx 6GB
View 9 Replies View RelatedI tried to install Syslog-ng-3.2.4 in Centos 5.6,when i need to start the deamon syslog-ng =>Failure and i have this message:
Code: [root@RelaisXXX etc]# service syslog-ng start Starting syslog-ng: Your configuration file uses an obsoleted keyword, please up Your configuration file uses an obsoleted keyword, please update your configurat
Error creating persistent state file; filename='/usr/local/var/syslog-ng.persist Starting Kernel Logger [FAILED]:
I�m installing fail2ban to improve the security of a home asterisk server which from time to time becomes the target of some sip account cracker and/or ssh brute force attack.For those not familiar with fail2ban, this utility monitors log files to find matches with user specified expressions to identify the presence of a brute force attack. Then configures iptables rules to block the offending IP.Here�s an example:
Code:
NOTICE[1734] chan_sip.c: Registration from '"613"<sip:613@xx.xxxx.xxx.xxx>' failed for 'yyy.yyy.yyyy.yyy' - No matching peer found
[code].....
I'm guessing its possible but I can't seem to find any documentation on how to do this.I've tried playing with entries at the top of my syslog.conf file like:
*.* @172.20.10.1 # 1 server, works file
*.* @172.20.10.1,172.20.20.11 # doesn't work
*.* @172.20.10.1 172.20.20.11 # nor this
*.* @172.20.10.1,@172.20.20.11 # nor this
*.* @172.20.10.1 @172.20.20.11 # nor this
What is the easiest way in Linux to convert syslog messages to XML?
View 1 Replies View RelatedI open "man vsftpd.conf", it says syslog_enable If enabled, then any log output which would have gone o /var/log/vsftpd.log goes to the system log instead. Logging is done under the FTPD facility. Default: NO So I add "syslog_enable=YES" to the /etc/vsftpd.conf, and add "ftpd.* /var/log/ftplog" into /etc/syslog.conf. But there is no log infomation in the ftplog file.
View 7 Replies View Relatedhow to configure syslog server in centos?
View 3 Replies View RelatedI have the following BIND messages filling up my SysLog that I'm hoping someone can explain to me:
Code:
Dec 9 09:35:44 dns2 named[30103]: client 67.130.224.5#49551: query (cache) 'www.domain.com/A/IN' denied
Dec 9 09:35:47 dns2 named[30103]: client 67.130.224.5#64561: query (cache) 'www.domain.com/A/IN' denied
[code].....
I would expect this behavior if "domain.com and anotherdomain.com" wasn't a domain that I hosted. But this is a valid domain that this server should be answering for. In my named.conf I do have the
Quote:
allow-query { any; };
option on every zone. This is my slave server and I have the primary shut off so I can test this slave server. FYI: So far queriers still seem to be working. The pages for the sites are still coming up via the internet.
configure syslog server on ubuntu now i want to export logs of windows and ubuntu desktop to the syslog server
View 6 Replies View RelatedCan syslog be used to "watch" other log-Files from other software? I would like to get an info in messages if a logfile of squid is changed/something is added.
View 4 Replies View RelatedIn my system, I see two syslog configuration files, /etc/rsyslog.conf and /etc/syslog.conf.. What is the use of each file? I know only that of /etc/syslog.conf...how about /etc/rsyslog.conf? what is its use?
View 1 Replies View RelatedWe have several SLES, CentOS, Fedora server and use logmail to filter the logs on our central syslog-Server. The problem is, that the filtering take more and more time and the configuration gets more and more confusing. What program to use to analyse our central logfile? Something mysql based?
View 1 Replies View RelatedI am currently using Syslog-NG to make the log files in the format of: $R_YEAR$R_MONTH$R_DAY$R_HOUR and I need to be a little more granular.
I am wondering if there is a way to to divide the hour by 12, making a new log file every 5 minutes. We have been using LogRotate, but when Syslog-NG is restarted we have some data loss. Is this possible? Another solution I can think of would be to add $R_MINUTE (or whatever it is) and run a cron job every 5 minutes to concatenate the files.
I am facing an issue with my syslog server. The server is collecting remote log also. and the issue is no log messages are updated in /var/log/messages file. But other files are getting updated.
[root@Server1 ~]# cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
[code]....
I have a postfix mailserver that works fine except for the logrotate.
syslog.conf
mail.* -/var/log/mail.log
logrotate.conf
/var/log/mail.log {
[Code]....
So when cron does the logrotate, there is a new logfile but its empty. After i restart the syslogd it gets back to its normal logging.
What am i missing? All this works with CentOS, why is Ubuntu such a pain...
I have a dual-processor x86 box with CentOS 5 Linux 2.6.18-238.19.1.el5, mysql Ver 14.12 Distrib 5.0.77, and tons of storage space. I want to run a syslog solution on this box for a SOHO infrastructure. We've got routers, switches, Windows servers, other Linux boxes, etc. I've looked at syslog-ng, but it seems rather overkill, but I like the idea of storing logs in a MySql database. Is there anything I can yum install?
View 2 Replies View RelatedI have installed a Virtual machine.I use Virtual Box for the same. My host OS is Windows XP SP3. I have assigned it 500mb of Ram and it works fine. But my problem is that my Keyboard does not work in Ubuntu terminal whilst writing a source code.
When I use the arrow keys it gives me alphabets A B C D. And also when i press a . it acts as a backspace.I have a cordless Logitech Keyboard.I don't know why my keyboard isn't functioning inside the Terminal (& that to only whilst typing in source codes) I have tried changing the Character Encoding but thats not helping.
Under 11.3 32bit I could play my favorite station with vlc, but not with any other audio player. Under 11.4 32bit it stops playing after about a minute without any error reporting. Sometimes it starts up again, speeded up, then stops. Here's how I invoke it from the command line...
"vlc http://www.garnierstreamingmedia.com/asx/streamerswitch.asp?stream=205"
No other audio player works with it now and only vlc worked before. It's not my Internet connection because other stations play normally.
I am using fetchmail for fetching mail from server by using this command:
Quote:
fetchmail -d10 -F -K pop.gmail.com
it work fine but it stops working after a while or does not fetching emails every 10 sec it receives randomly one time 1 min one time 2 min one time 30 sec and so on.
I'm running Ubuntu Desktop 9.10. How do I get it to forward its logs to a syslog server (its running on a different machine)?
View 2 Replies View RelatedHow do clients handle offline syslog servers?Will the log files be buffered locally to be sent to the syslog server when it comes back online, or will any log data generated during downtime be lost in cyber space?
View 1 Replies View RelatedRHEL 5.4 i want to be able to do redistribution of inbound syslog messages to syslogd. as example, my syslog.conf has in it at the end:
*.* @192.168.5.5
*.* @192.168.5.6
my sysconfig/syslog file has "-r" as the only option for syslogd. any messages generated by the localhost will be sent to the two remote servers, but messages that come into this box (udp 514) only get logged locally and do not get sent out to the remote hosts.
you may ask why do i want to do this. because i have several syslog servers (for security purposes) and many of my net devices are configured to send syslog to all the syslog servers, hence each device is sending way too much duplicate udp-514. so i would like to minimize the udp-514 coming out of the devices, have all devices send to a central syslog server, and then central syslog server do distribution to the other syslog servers. others have also called this "syslog proxy". or, if not with syslogd, how to achieve this (preserving the original syslog message host info, etc)?
