I try to log all my iptable logs to mysql instead just a logfile. The setup is as followed:
[Code].....
[red]Problem[/red] rsyslog logs everything correct, except it does not log to db, it logs to /var/log/messages. As I am brand new to the whole Linux experience, I don't get it. My /etc/rsyslog.conf is setup with $ModLoad onmysql.
After struggling and googling on the internet I can't manage it to work.I have stup rsyslog to receive the logging from my firewall and it puts it into the syslog file.ut I would like to have a separate logfile for these messages.I have created the firwall.log file with owner syslog, same as for the syslog file.I already have tried to use in the /etc/rsyslog.d/10-firewall.conf the following ::msg, contains, "firewalld" /var/log/firewall.logor
:msg, contains, "firewalld" -/var/log/firewall.logI don't know the difference between the "-" sign in the lines but I have seen also those kind of situations.
I also have put this line into the 50-default.conf file because I thought it wasn't seeing the 10-firewall.conf file but no work.I have added a $template HostMessages, "/var/log/%HOSTNAME%/logfile.log" in the /etc/rsyslog.conf file but neither it works.In the firewall I can see the Syslog facility is now on LOG_LOCAL0 and I can change it from LOCAL0, LOCAL1, LOCAL2, ... until LOCAL7What does these different numbers mean
Is there a tool already out there that will split error logs based on the virtual host they belong to? Or perhaps a somewhat simple way to write a script that can do this? I'll keep looking for a solution but I thought I'd ask in case someone here has one to offer.
View 2 Replies View RelatedI was wondering how could I specify for how long the logs will be kept. Rsyslog doesn't have such an option (at least I didn't find it).Do I have to use logrotate for this, or is there some other option?
View 1 Replies View RelatedI am searching that how i can configure syslogs/rsyslog to receive third party tools or softwares logs. For example i have a program that generates logs like when it is started and logs about its services, alerts if there are any alarms etc. I want to forward these logs using syslogs/rsyslog. Is their any possibility how can i achieve that
View 2 Replies View RelatedFor internal security reasons I need to prevent ourmcat logs from writing to the webserver local disk. We set up a separate logging server with rsyslog and need to pipe the log data to it.I am trying to work out how to configure tomcat to send all log data to the logging server via the rsyslog client (running locally) via a named pipe. We are on CentOS 5.6, Tomcat 6 and rsyslog 5.8.1. I need to know: 1) do we use the default logging library or log4j2) where is this configured in the tomcat config3) is there any code that would need to be written to achieve this
View 1 Replies View RelatedI think I miss something here(Ubuntu 9.10 server 64bit):
/etc/srg/srg.conf
Code:
##### SRG Example Configuration File #####
# Squid log file to process
# Defaults to access.log in the srg directory.
# e.g. log_file "/usr/local/squid/logs/access.log"
[Code].....
WARNING: Configuration file not found!
No logfile lines found to process!
Have any detail configuring RSyslog on ubuntu 10.04? with web interface view
View 2 Replies View RelatedIs there a way I can redirect messages from kernel ringbuffer to a logfile, e.g. with rsyslogd? With redirect I mean that the messages do no longer appear in dmesg, but only in the logfile.
In my case that should be iptables log messages.
I'm trying to run a logging server with encryption but rsyslog takes 100% of the memory on boot. This only happens when these two sets of lines are both in the rsyslog.conf
Code:
$ModLoad imtcp
$InputTCPServerRun 10514
and
Code:
$DefaultNetstreamDriver gtls
[Code]...
how to turn off all mysql logs because mysql is using too many resources. I turned slow queries log and there is no slow queries here is what I want to turn off the logs maybe this is causing mysql to high load ?
View 2 Replies View RelatedI had Configured a MySQL Master-Slave replication.It seems that the binary logs steals so much space of My storage.
i.)My Master
show master status;
+------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+------------------+
| mysql-bin.000144 | 475823 | | |
+------------------+----------+--------------+------------------+
1 row in set (0.00 sec)
ii.)My Slave.
mysql> SHOW SLAVE STATUSG;
*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event
Master_Host: 10.277.55.141
[code]....
If i remove all binary files up tp mysql-bin.000144 using "PURGE",will it affect my existing database/any data loss.
I have installed Mysql in Ubuntu 9, for the use of roundcube database.After installing iam getting the error like this
* Stopping MySQL database server mysqld [ OK ]
* Starting MySQL database server mysqld [ OK ]
* Checking for corrupt, not cleanly closed and upgrade needing tables.
So because of this in the roundcube configuration its giving the error message that MYSQL is not installed. So Kindly give me a idea how to solve this.
i was trying to allow remote access to mysql by following mysql was running perfectly until i got here :
Code:
/sbin/iptables -A INPUT -i eth0 -s 192.168.1.0/24 -p tcp --destination-port 3306 -j ACCEPT
i changed my.cnf bind-address line to : "bind-address = 127.0.0.1" and nothing
[code]....
Since Port 80 and 443 are the only ports I have open, how is it that an IPAddress can hit my server yet not appear in ANY logs ?
View 9 Replies View RelatedI'm a bit of a unix noobie trying to manage a small ubuntu server. I want to run a bash script automatically after an ssh user logs in. For example, after they log in and the default welcome message is displayed, I want to run a script that displays some server statistics since the last session. I made an alias to the script, and I could run it manually after I log in, but it's a bit of a hassle. Is there any way I could do this?
View 2 Replies View RelatedI have configured my Cisco ASa Firewall to send its logs to my ubuntu server in /var/log/cisco/ I see the logfiles populating in real time, but i can also see all the logs are also wtitten to /var/log/messages. How can i make sure i do not have a log redundancy? I dont want my firewall logs displayed in messages since there are now sent to /var/log/cisco.
View 1 Replies View RelatedI'm running a set of virtual machines (most in ESXi, one in VirtualBox on my desktop) to try and replicate an existing physical network structure with a Samba domain operating across multiple subnets. The layout is:
(ESXi)
* Router - Ubuntu 8.04, running dnsmasq, bridging my 2 virtual subnets (10.10.4.1/24 & 10.10.5.1/24) and my physical network
* PDC - Ubuntu 8.04, configured as a Samba PDC with PAM configured to use LDAP, SMBLDAP etc. on 10.10.4.11
* LDAP - Ubuntu 8.04, running Zimbra 5 mail server, acting as the LDAP backend for Samba on 10.10.4.12
* BDC - Ubuntu 8.04, configured as a Samba BDC with PAM LDAP etc.
* Client1 - Windows XP, joined to domain on 10.10.5.100
(Virtualbox)
* Client2 - Windows XP, joined to domain on 10.10.5.99
Watching /var/log/daemon.log, /var/log/samba/*, smbstatus -bd0 shows that Client1 successfully logs on to the BDC (10.10.5.2) but Client2 logs on to the PDC (10.10.4.11) instead. Both clients have the same subnet, DNS, WINS settings etc. I've seen the issue happen in our physical setup too but very infrequently and usually when there's been a network interruption between the BDC(s) and the LDAP server.
I am using my ubuntu server as my home router.Everything is working as expected with one exception.y DSL modem is a POS and every now and again it looses connection to the router. Sometimes it needs to be reset and sometimes it does not.Either way, when this happens my ubuntu server needs to reacquire an IP from my ISP. If it screws up when I'm at home it's no big deal, but if it happens when I'm not around my housemates have taken to hitting the reset switch on the server. I'm not a big fan of this so I wrote a script to ping my ISP's gateway. If it's unavailable it bounces the eth0 interface and tries to get an IP. I am running this script every couple of minutes in a cron job. Now I'm getting syslog entries like
Code:
Aug 9 20:31:01 portal CRON[9602]: (root) CMD (/opt/ChkAndFixNetwork.sh)
every few minutes. This is annoying and makes the logs useless for troubleshooting. I
[code]...
We had recently got some problem with our server(local server) and we recently upgraded from Ubuntu server 8.04 to 10.04 and we were not able to access awstats logs from web.So can any one say a method to get back the logs from the server?
View 1 Replies View RelatedI have configured my Cisco firewall to redirect all its logs to my Ubuntu 9.1 server (no UI.)
Now, my /var/log/messages is getting all the firewall logs + all other logs.
I'm wondering if there is a way to redirect the logs from my Cisco Firewall (coming from UDP port 514) to another file.
We have a backup program that works with HP's ultrium tapes that whenever it's failing it's sending an error to the root's system logs. Now if I run mutt as root I can see the system logs and it's very easy to pinpoint any backup error messages.
Is there any way to copy all these system messages to another user as well so that someone with no root access could run mutt as well and check for these logs daily?
I was just checking some of the generated logs from Samba.
Code:
Quote:
I've looked over my smb.conf and it doesn't look like I even have any printer sharing enabled.
Quote:
How PC1 was refused a connection when it looks like I don't have any printers being shared throught Samba?
This is just on a home LAN.
I've suddenly stopped getting emails from logwatch which runs on an Ubuntu server daily using cron.After a good day or so of troubleshooting, I was able to establish that it was the 'Service = named' line in my logwatch.conf file, which was stopping the emails from coming through. If I commented out this line, the logwatch emails come through with no issues, uncomment, and I don't get an email. I don't get any error from logwatch itself when I run it, even with '--debug high', leading me to think that my email configuration is setup ok, at least. Furthermore, I tried running logwatch with '--output file --format html' and logwatch produces a valid html file.
I then thought: "Could I have a entry in my Bind/named log files which could be rejected by my ISP's smtp server?". So, (to the best of my knowledge) I cleared out the log files in /var/log that contained messages from named. I then ran logwatch (including the named service in my logwatch.conf file) and I got an email through, with a pretty much empty named section, which is exactly what I anticipated. Great! - it's fixed.
So, the cron.daily ran early this morning, but still no email in my inbox when I got up. I then tried to run 'logwatch --Range today' and lo and behold, I got a logwatch report email, which included a named section, with log entries in there. So it seems that something that's been logged by named overnight to my logfiles (i.e. '--Range yesterday') has caused issues again with logwatch's ability to send reports through my ISP's smtp servers.
I am new to web server support. I have a request from my management to modify the logging slightly. Effectively I need to redirect a custom string from our http response into the apache access logs. When a user navigates to our site they receive a "dye" number that is associated with them. This number follows them to whatever cluster they are directed too. The string is formatted as such, com-company-dye: d0a2#6dfce. I need that that header dye to appear in the access logs so we can use that dye number as a key for troubleshooting issues though out our various monitoring systems.
View 3 Replies View RelatedThe attached log file includes two crashes/reboots within the past day or so I have recently started trying to set up / manage a Linux (Ubuntu 10.04.2 LTS) server in our data center (all other servers are Windows boxes). The server periodically hangs and becomes unresponsive and I'm at a loss to find anything in any log that indicates a specific cause. Sometimes it's up for hours, sometimes days (14 days at longest). Plugging a monitor in to the machine after a hang shows nothing at all. In an effort to troubleshoot the problem we've tried disabling APIC, more out of "educated desperation" than anything else. Unfortunately we are limited in some of the troubleshooting we can do, as we have a single client website hosted on the box (the reason we set it up) so anything that involves significant downtime is a problem.
As this is our first attempt at setting up a linux box, we are using a "well equipped" desktop grade machine but not what I would call "server grade" hardware. This is a standalone box, not a VPS. We are using a hardware, not software, RAID array and have plenty of memory in the box.
Caveats / Background:
I am relatively new to Linux in general. I spend much more time writing code than managing servers. I'm comfortable with working on the box, but I'm not really a sysadmin guy. I'm comfortable with the command line but have more experience with OS X (BSD). I am unsure of all of the tools / information / Logs that may be available, though I try to be thorough in checking what I do know. I did not physically configure the hardware so I'm not sure of all of the specs but I can get any info I need to troubleshoot. I may be skipping very basic steps or missing obvious places to look for information without knowing it.
A little more detail:
Real memory: 8GB
Ubuntu 10.04.2 LTS
Hardware RAID 10
Managing sites with Webmin version 1.550
Server is in a remote data center. Hands on-troubleshooting is difficult. We have attempted two Linux setups at this point. The first was on a hardware config identical to this one, but with no actual pieces of hardware reused. That attempt was using CentOS and we were attempting to set up CPanel. We scrapped that install because of this same problem (periodic crashing / hanging). The second attempt (this one) is showing the same behavior. The only thing I can really see in common are the hardware configuration (though CentOS & Ubuntu may have more in common than I think).
The box will run fine for hours, days, or even weeks, and then just stop responding entirely. I check all of the logs I know to check (primarily messages, syslog and kern.log) but I don't see anything that seems like an error to me. I do see lines that I don't understand that may or may not be problems, such as:
Code:
rsyslogd: [origin software="rsyslogd" swVersion="4.2.0" x-pid="814" x-info="http://www.rsyslog.com"] rsyslogd was HUPed, type 'lightweight'.
Most of our syslog entries seem to be logs of webmin related cron jobs running. My gut tells me that there is possibly some component in our configuration Linux does not like or needs a driver update (maybe the raid card for example), but I'm unsure of how to do more to track down or determine what that might be. Guess and check is expensive. Another thought I've had is that one or more of the cron jobs that are running are tripping something up, but it doesn't appear to be reproducible on demand and, again, I'm at a loss on how to test that theory any further. The same cron job does not appear to be running each time the server goes down. This is a portion the log just prior to our last hang:
Code:
Aug 8 11:00:01 linhost01 CRON[10771]: (www-data) CMD ([ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache2/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null)
[code].....
Currently Im having a syslog server that consolidate firewall logs on port 514 udp. Im also having a IDS device that I wish to push its logs to this particular syslog server so that I can retrieve my IDS logs on this server as well.
Is it possible to do so?Having syslog listening on port 514 for both firewall and IDS logs? If it is possible will the logs be recorded in a single log file?Or will it be recorded in a separate log file ie. firewall.log, IDS.log etc?? I wish to have them in separate individual log files or else there will be hard time segregating the log entries in a single file. Can anyone advice on how to achieve this??
I am trying to get mysql to start at boot without any success.
The mysqld scripts works fine when run from the command line, but it does not work when i use the links created by chkconfig. I checked the boot.log and found that mysql starts but then it stops or gets shutdown. This is the log message:
Starting mysqld daemon with databases from /data/mysql [ OK ]
Starting cups: [ OK ]
STOPPING server from pid file /var/run/mysqld/mysqld.pid
starting DenyHosts: /usr/bin/denyhosts.py --daemon --config=/usr/share/denyho
sts/denyhosts.cfg
090727 04:35:47 mysqld ended
The same init script works fine in Ubuntu.
I am trying to grep a particular string from the files of 2 different servers without copying and calculate the total count of its occurence on both files. File structure is same on both servers and for reference as follows:
Code:
27-Aug-2010 10:04:30,601|919122874903|phtunes_app|1282243292627|NotifySmsReception|DMGenerateLogInterceptor - ExternalTransactionID:SDP-DM-26713018, TransactionStatus:Requested
27-Aug-2010
[code]....
I've got this log file and I need to get all sorts of information from it...
24 - [02/Sep/2010:00:01:16 +0200] - 10.1.53.62 - 200
23 - [02/Sep/2010:00:01:26 +0200] - 10.1.53.62 - 200
19 - [02/Sep/2010:00:01:56 +0200] - 10.1.53.62 - 200
[code]....