In my system, I see two syslog configuration files, /etc/rsyslog.conf and /etc/syslog.conf.. What is the use of each file? I know only that of /etc/syslog.conf...how about /etc/rsyslog.conf? what is its use?
View 1 Replies
I noticed in my system that my root partition is getting full. I found a lot of old compacted syslogfiles. Had a look at etc/sysconfig editor eg cron but could not find a setting which allows to delete files older than a month. Where and how could I influence this ? I deleted manually all syslog files older than a month. Approx 6GB
View 9 Replies View RelatedCan syslog be used to "watch" other log-Files from other software? I would like to get an info in messages if a logfile of squid is changed/something is added.
View 4 Replies View RelatedI am currently using Syslog-NG to make the log files in the format of: $R_YEAR$R_MONTH$R_DAY$R_HOUR and I need to be a little more granular.
I am wondering if there is a way to to divide the hour by 12, making a new log file every 5 minutes. We have been using LogRotate, but when Syslog-NG is restarted we have some data loss. Is this possible? Another solution I can think of would be to add $R_MINUTE (or whatever it is) and run a cron job every 5 minutes to concatenate the files.
I am looking for an open source syslog server which accumulate the each and every log of Windows, Solaris, Linux and network devices. Currently I am using Syslog-ng which is not fulfiling my requirement in Windows clients, as I need the logs of every action which user performed after logon.
View 2 Replies View RelatedI'm running Ubuntu Desktop 9.10. How do I get it to forward its logs to a syslog server (its running on a different machine)?
View 2 Replies View RelatedI was reading around the web and saw that someone mentioned that the default syslog configuration should be adjusted. Is that true?
View 3 Replies View RelatedI have been tol that for debugging purposes it is often useful to have a serial connection to a computer. I have some diskless workstations thats freezes during boot. I guess X has someting to do with this, but I'm not sure. Since the workstations are diskless, syslog is not stored locally so I cant se what is happening after the NiC stops working. When the worstation freezes, screen is going black, all lights on the keyboard turns on, lights on NiC is going black. It is not possible to ping the workstation.
View 1 Replies View RelatedI will be relocating to a permanent residence sometime in the next year or two. I've recently begun thinking about the best way to implement a home-based network. It occurred to me that the most elegant solution might be the use of VM technology to eliminate as much hardware and wiring as possible.My thinking is this: Install a multi-core system and configure it to run several VMs, one each for a firewall, a caching proxy server, a mail server, a web server. Additionally, I would like to run 2-4 VMs as remote (RDP)workstations, using diskless workstations to boot the VMs over powerline ethernet.The latest powerline technology (available later this year) will allow multiple devices on a residential circuit operating at near gigabit speed, just like legacy wired networks.
In theory, the above would allow me to consolidate everything but the disklessworkstations on a single server and eliminate all wired (and wireless) connections except the broadband connection to the Internet and the cabling to the nearest power outlets. It appears technically possible, but I'm not sure about the various virtual connections among VMs. In theory, each VM should be able to communicate with the other as if it was on the same network via the server data bus, but what about setting up firewall zones? Any internal I/O bandwidth bottlenecks? Any other potential "gotchas", caveats, issues? (Other than the obvious requirement of having enough CPU and RAM).Any thoughts or observations welcome, especially if they are from real world experience in a VM environment. BTW--in case you're wondering why I'm posting here, it's because I run Debian on all my workstations/servers (running VirtualBox as a VM for Windows XP on one workstation).
Is there a way to tail a log file and send each line as a syslog event to a remote server?
View 1 Replies View RelatedLDAP is endlessly not working, due to difficulties to simply configure it. I even cannot make the first steps of the installations ... It seems so difficult ... After many howto, wiki, reading, re-reading the errors are still there, always different, and not working.Is there an admin, coming from hell, that made running a LDAP server for sharing the basic configuratin files /var.. /etc... of a working LDAP Server in a tar.gz?
View 18 Replies View RelatedI have a 60GB partition with / and home on it. I logged on yesterday and it gave me a warning saying that I had only 1.9 GB of disk space left. I ignored it for a day and assumed that i had too many videos and pics.But the next day i had not added any files or downloaded any software but i had 0B left. I used the disk usage analyser and found that 33GBs came from /var/log. It was from two log files. syslog and daemon.log 16.5GB each!! I opened them up and i found that this line of text was repeated hnundreds of thousands of times.
Code:
Jul 22 19:32:36 aulenback-desktop ntfs-3g[5315]: Failed to decompress file: Value too large for defined data type
[code]...
Syslog is used to store simple log files or we can manage them too? Well, the thing is, that I need to run a software (like syslog) to collect my logs and put them in order and organize them so it makes them "understandable". I have been told that syslog can do the job and that it doesn't need a complex configuration to work.
View 12 Replies View RelatedI am trying to install Wheezy testing i386 using netinstall .iso disk.
After the disk partition stage and while in the 'Install the base system' stage I get the message;
Debootstrap error:
The following error occurred: The bzcat is not available on the system Check /var/log/syslog or see virtual console 4 the details.
I have over the past couple of months downloaded three daily builds of testing and the md5sums are good on all of them yet I have the same problem with each disk.
I have a weird performance issue with a centos 5 running a nfs server and a rh8 client. I think the fact that it is rh8 client should be downplayed. It is just that with rh8 client the performance degradation seems more clear. See test details below OS in server is Centos 5 x86_64 kernel 2.6.18-92.1.22.el5
1Gb connection between machines File to test over NFS is a 1GB file. First of all I wanted to measure how the network alone performs while using NFS. So in the server side I run a "cat" command on the 1GB file to /dev/null. Please note that the disk read speed is about 98MBs. At this point the file system has the 1GB file cached in memory. In the client side a "cat" on the same file gives me a speed of about 113MBs. It seems then that the bottleneck in this instance is the network and it is very close to nominal speed. So the network performance is really good. (BTW I know that the server got that file from cache because a vmstat or iostat shows no disk activity.)
The second test is reading from disk with no caching involve. In the server I flushed the 1GB file from the memory. For instance by reading another 5GB file and I repeat the same thing as above in the client (a cat on the 1GB file). Now, the server has to go to disk.(vmstat or iostat shows the disk activity). However the performance, now, is about 20MBs, I was expecting something closer so 90MBs. (since the reading speed in the server in the first test showed 98MBs).
This second test was repeated for ext2, ext3, xfs with no significant differences. A similar test using a RH8 NFS server and client gets me close to 60MBs for a 1GB file not cache by the file system in the serverSince network speeds and disk read speeds are not the bottlenecks ... what or where is the limiting factor then?
trying to replace syslog with syslog-ng. When I:
yum erase syslog,
wants to remove everything else that (presumably) has syslog as a dependency. how do I replace the dependency on syslog with a dependency on syslog-ng?
How to set up syslog server on Fedora 10 Linux server ?
View 1 Replies View RelatedIm trying to get syslog-ng to log ssh stuff to a own file (later i want it to be forwarded to a other server but thats a later problem.
The thing is that if i restart my syslog-ng server and login with ssh, it logs it. but when i login again it dont. But if i restart the syslog-ng daemon again it logs again, but only once.
Here is my config.
Code:
My employer has started the process of certification with Return Path, and I've been roped in to setting up DKIM, SPF, SenderID etc. so that we are compliant with the certification requirements. Our current e-mail server is qmail, and I'm really not too keen on messing about with the configuration files there. As a safer alternative, I've decided to set up a smarthost relay that only does the DKIM signing. I tried and gave up on Postfix - struggled with understanding the configuration files - and eventually found Exim.
Now, I've got the relaying working perfectly so far. I am NOT running an open relay, my smarthost is configured to only accept SMTP connections from the existing mailserver, and not publicly accessible anyway. The problem I'm having is figuring out exactly where in exim's configuration file I am supposed to configure the DKIM signing options. I've read the official exim documentation and I'm fairly sure about the syntax, I just can't figure out where the options go.
I have been reading the official Openldap configuration files, plus a bunch of other websites but I cannot find the literal meaning for the following short names:
dc
dn
ou
uid
cn
I tried to install Syslog-ng-3.2.4 in Centos 5.6,when i need to start the deamon syslog-ng =>Failure and i have this message:
Code: [root@RelaisXXX etc]# service syslog-ng start Starting syslog-ng: Your configuration file uses an obsoleted keyword, please up Your configuration file uses an obsoleted keyword, please update your configurat
Error creating persistent state file; filename='/usr/local/var/syslog-ng.persist Starting Kernel Logger [FAILED]:
I�m installing fail2ban to improve the security of a home asterisk server which from time to time becomes the target of some sip account cracker and/or ssh brute force attack.For those not familiar with fail2ban, this utility monitors log files to find matches with user specified expressions to identify the presence of a brute force attack. Then configures iptables rules to block the offending IP.Here�s an example:
Code:
NOTICE[1734] chan_sip.c: Registration from '"613"<sip:613@xx.xxxx.xxx.xxx>' failed for 'yyy.yyy.yyyy.yyy' - No matching peer found
[code].....
I'm guessing its possible but I can't seem to find any documentation on how to do this.I've tried playing with entries at the top of my syslog.conf file like:
*.* @172.20.10.1 # 1 server, works file
*.* @172.20.10.1,172.20.20.11 # doesn't work
*.* @172.20.10.1 172.20.20.11 # nor this
*.* @172.20.10.1,@172.20.20.11 # nor this
*.* @172.20.10.1 @172.20.20.11 # nor this
What is the easiest way in Linux to convert syslog messages to XML?
View 1 Replies View RelatedI open "man vsftpd.conf", it says syslog_enable If enabled, then any log output which would have gone o /var/log/vsftpd.log goes to the system log instead. Logging is done under the FTPD facility. Default: NO So I add "syslog_enable=YES" to the /etc/vsftpd.conf, and add "ftpd.* /var/log/ftplog" into /etc/syslog.conf. But there is no log infomation in the ftplog file.
View 7 Replies View Relatedhow to configure syslog server in centos?
View 3 Replies View Relatedhow to get image of server with all configuration files and data. Without data loss.
View 5 Replies View Relatedhow to write shell script(awk/sed or any other) to edit value of parameters in configuration files on same server or remote server.
View 3 Replies View RelatedFor my project, it's absolutely necessary to have a read-only root partition system. I have a writable /opt/project partition.But, I also need to start x server. startx This tries to write to some temporary files and fails as / is readonly. Is there any how-to on how to move this temporary files to the writable portions of the file system.
View 3 Replies View RelatedI have the following BIND messages filling up my SysLog that I'm hoping someone can explain to me:
Code:
Dec 9 09:35:44 dns2 named[30103]: client 67.130.224.5#49551: query (cache) 'www.domain.com/A/IN' denied
Dec 9 09:35:47 dns2 named[30103]: client 67.130.224.5#64561: query (cache) 'www.domain.com/A/IN' denied
[code].....
I would expect this behavior if "domain.com and anotherdomain.com" wasn't a domain that I hosted. But this is a valid domain that this server should be answering for. In my named.conf I do have the
Quote:
allow-query { any; };
option on every zone. This is my slave server and I have the primary shut off so I can test this slave server. FYI: So far queriers still seem to be working. The pages for the sites are still coming up via the internet.
