I have a syslog server which is logging locally and also receiving syslogs from another device. The other device doesnt allow you to change the facility. The facility it is using is "4 - security/authorization messages". Is there anyway to configure syslog so that it writes the sec/auth logs in different places for both the local machine and the remote machine?
View 1 Replies
how to configure syslog server in centos?
View 3 Replies View Relatedi want to use an ubuntu server (2.6.31-17-generic #54-Ubuntu SMP) as the central syslog server but the syslog messages does not show the priority and facility information in ubuntu. priority and facility are shown in aix by default and i have many aix servers can be used as the central syslog server, but i prefer using ubuntu if it can provide me these details.
View 3 Replies View Relatedhow does one configure a Ubuntu 10.4 machine to write its logs to a syslog server?
View 1 Replies View RelatedI am looking for an open source syslog server which accumulate the each and every log of Windows, Solaris, Linux and network devices. Currently I am using Syslog-ng which is not fulfiling my requirement in Windows clients, as I need the logs of every action which user performed after logon.
View 2 Replies View RelatedGot a Ubuntu system. Have a device on my LAN that can send Syslog messages.
I would like to:
1. Capture these specific syslog messages.
2. Keep them separate from any other syslog activity on the Ubuntu system.
3. View these syslog messages later.
I noticed there're lots of "usb 3-1: reset low speed USB device using uhci_hcd and address 2" warnings in two of our server's syslog. They occur roughly every 20min. The server is a Dell R710 with CentOS 5.4 X86_64 installed. I suspect it's the virtual CD device of the iDrac6 but not sure. How Can I identify which USB device triggering these warning? The related syslog is as following:
Code:
Apr 13 23:32:47 bak2 kernel: usb 3-1: reset low speed USB device using uhci_hcd and address 2
Apr 13 23:42:44 bak2 kernel: usb 2-3: USB disconnect, address 3
Apr 13 23:45:53 bak2 kernel: usb 2-3: new high speed USB device using ehci_hcd and address 4
[code]....
How to configure a syslog client on ubuntu I don't have a syslog.conf file in ubunut client.also how to transfer log from windows xp to syslog server
View 1 Replies View RelatedI have my system set up to where the router(dd-wrt) will send it's syslog messages to my Linux PC system. I am using shorewall as my firewall. I have two questions: How can I configure shorewall to allow the messages from my router? If I use my router IP address to allow the messages to come through the firewall, will this be a great security risk as anything from the internet can come through on that router ipaddress?
View 1 Replies View RelatedIs it possible to configure the RHEL 5.5 syslog to accept SNMP traps? That is I want to use a central logging server to pick up other systems syslogs, and SNMP messages from systems that cannot use remote syslog functions.
View 3 Replies View RelatedI'm not sure what to make of this. I have setup an Ubuntu 10.10 server with two software raids.md0 is a four disk raid5 - 3TBmd1 is a two disk mirror - 300GBI think I have a drive failing (and am going to replace it regardless, but I have to take an outage), what appears to happen is it comes on-line with one id (/dev/sda) then something happens AFTER the rebuild completes and the drive changes to another id (in this case /dev/sdh) and puts the array in a failed state.Is this some sort of protection mechanism to prevent degradation to the array? When setting this up, presumably before the disk started to fail, Ids seemed to jump from reboot to reboot and caused me all kinds of issues.Also, neither device appears to return info after the change.
Code:
bwoods@MediaServer:~$ cat /proc/mdstat
Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] [raid10]
[code]....
I have scalix (sendmail) installed on my server and it is working very good but I need to change the smtp listening port because I am thinking that my sendmail is being used as a spam engine.
what/how I need to configure in order to change the smtp port?
I have just configured CentOS server my new office. This is the first time I am using CentOS.
Whenever I am trying to change the webroot of the httpd server, it usually say "directory doesn't exist". whereas which can't be the case as it is home directory of the user.
To achieve this, what Do I need to do?
The second issue, I am facing that whenever I am adding new directories to public_html folder, it is not accessible. as the error page 404 is shown. I have changed the permissions to 0705 and ownership is also transferred to other user. What else is required to make new directories accessible by the web?
I've been trying to make install apache 2.1.8 and php 5.2.3 and work on them. After updating and installing some dependence files, apache and php could both be installed.
Then I tried to configure them. I added the following content to the end of Apache httpd.conf:
Code:
Then I run /path/to/apachectl start, and saw the message:
Quote:
Invalid command 'RewriteEngine', perhaps misspelled or defined by a module not included in the server configuration
Then I remembered that I didn't include the rewrite module while making install apache. So I removed the 2 lines I just added to httpd.conf.
But, after running /path/to/apachectl stop and start again, I could still see:
Code:
When I use firefox to open http://host_ip:8080/, I could see "It works!". But when I open http://host_ip:8080/hello.php (the file is already under htdocs), firefox said
Quote:
Failed to Connect
Why and how to solve it?
I noticed that for some stupid reason, the conf file wasn't updated at all and the 2 erroneous lines were still there.
trying to replace syslog with syslog-ng. When I:
yum erase syslog,
wants to remove everything else that (presumably) has syslog as a dependency. how do I replace the dependency on syslog with a dependency on syslog-ng?
How to set up syslog server on Fedora 10 Linux server ?
View 1 Replies View RelatedIm trying to get syslog-ng to log ssh stuff to a own file (later i want it to be forwarded to a other server but thats a later problem.
The thing is that if i restart my syslog-ng server and login with ssh, it logs it. but when i login again it dont. But if i restart the syslog-ng daemon again it logs again, but only once.
Here is my config.
Code:
I noticed in my system that my root partition is getting full. I found a lot of old compacted syslogfiles. Had a look at etc/sysconfig editor eg cron but could not find a setting which allows to delete files older than a month. Where and how could I influence this ? I deleted manually all syslog files older than a month. Approx 6GB
View 9 Replies View RelatedI tried to install Syslog-ng-3.2.4 in Centos 5.6,when i need to start the deamon syslog-ng =>Failure and i have this message:
Code: [root@RelaisXXX etc]# service syslog-ng start Starting syslog-ng: Your configuration file uses an obsoleted keyword, please up Your configuration file uses an obsoleted keyword, please update your configurat
Error creating persistent state file; filename='/usr/local/var/syslog-ng.persist Starting Kernel Logger [FAILED]:
I�m installing fail2ban to improve the security of a home asterisk server which from time to time becomes the target of some sip account cracker and/or ssh brute force attack.For those not familiar with fail2ban, this utility monitors log files to find matches with user specified expressions to identify the presence of a brute force attack. Then configures iptables rules to block the offending IP.Here�s an example:
Code:
NOTICE[1734] chan_sip.c: Registration from '"613"<sip:613@xx.xxxx.xxx.xxx>' failed for 'yyy.yyy.yyyy.yyy' - No matching peer found
[code].....
I'm guessing its possible but I can't seem to find any documentation on how to do this.I've tried playing with entries at the top of my syslog.conf file like:
*.* @172.20.10.1 # 1 server, works file
*.* @172.20.10.1,172.20.20.11 # doesn't work
*.* @172.20.10.1 172.20.20.11 # nor this
*.* @172.20.10.1,@172.20.20.11 # nor this
*.* @172.20.10.1 @172.20.20.11 # nor this
What is the easiest way in Linux to convert syslog messages to XML?
View 1 Replies View RelatedI open "man vsftpd.conf", it says syslog_enable If enabled, then any log output which would have gone o /var/log/vsftpd.log goes to the system log instead. Logging is done under the FTPD facility. Default: NO So I add "syslog_enable=YES" to the /etc/vsftpd.conf, and add "ftpd.* /var/log/ftplog" into /etc/syslog.conf. But there is no log infomation in the ftplog file.
View 7 Replies View RelatedI installed ZTE MF 626 modem in my F10 with kernel 2.6.27.12-170, i run usb_modeswitch and so far things happened normally. Watching through /var/log/messages it says that F10 detects two port device for this modem: ttyUSB1 and ttyUSB2, and in the sequence it disable port ttyUSB1 BUT Network Manager still set this port.I mean, when i connect via wvdial appointing to ttyUSB2 i get connection, but Network Manager fails to do it appointing to ttyUSB1. How to change device port in Network Manager?
View 1 Replies View RelatedI have the following BIND messages filling up my SysLog that I'm hoping someone can explain to me:
Code:
Dec 9 09:35:44 dns2 named[30103]: client 67.130.224.5#49551: query (cache) 'www.domain.com/A/IN' denied
Dec 9 09:35:47 dns2 named[30103]: client 67.130.224.5#64561: query (cache) 'www.domain.com/A/IN' denied
[code].....
I would expect this behavior if "domain.com and anotherdomain.com" wasn't a domain that I hosted. But this is a valid domain that this server should be answering for. In my named.conf I do have the
Quote:
allow-query { any; };
option on every zone. This is my slave server and I have the primary shut off so I can test this slave server. FYI: So far queriers still seem to be working. The pages for the sites are still coming up via the internet.
configure syslog server on ubuntu now i want to export logs of windows and ubuntu desktop to the syslog server
View 6 Replies View RelatedCan syslog be used to "watch" other log-Files from other software? I would like to get an info in messages if a logfile of squid is changed/something is added.
View 4 Replies View RelatedIn my system, I see two syslog configuration files, /etc/rsyslog.conf and /etc/syslog.conf.. What is the use of each file? I know only that of /etc/syslog.conf...how about /etc/rsyslog.conf? what is its use?
View 1 Replies View RelatedWe have several SLES, CentOS, Fedora server and use logmail to filter the logs on our central syslog-Server. The problem is, that the filtering take more and more time and the configuration gets more and more confusing. What program to use to analyse our central logfile? Something mysql based?
View 1 Replies View RelatedI am currently using Syslog-NG to make the log files in the format of: $R_YEAR$R_MONTH$R_DAY$R_HOUR and I need to be a little more granular.
I am wondering if there is a way to to divide the hour by 12, making a new log file every 5 minutes. We have been using LogRotate, but when Syslog-NG is restarted we have some data loss. Is this possible? Another solution I can think of would be to add $R_MINUTE (or whatever it is) and run a cron job every 5 minutes to concatenate the files.
