http://linuxexchange.org/tags/syslog/?type=rssquestions tagged <span class="tag">syslog</span>enMon, 11 May 2015 05:59:31 -0400http://linuxexchange.org/questions/3543/how-mmpstrucdata-and-mmrfc5424addhmac-works<p>I am trying to log messages with structured data . But it is showing null value for structured data. I am working with rsyslog 8.9.0.Can someone exlain me how these two modules mmpstrucdata and mmrfc5424addhmac will be effected?</p>LilyChadhaMon, 11 May 2015 05:59:31 -0400http://linuxexchange.org/questions/3543/how-mmpstrucdata-and-mmrfc5424addhmac-workslinuxexchangesyslogdebianlogslinuxhttp://linuxexchange.org/questions/3542/unable-to-get-structured-data-in-logged-messages-even-after-adding-mmpstrucdata-and-mmrfc5424addhmacrfc5424<p>I am trying to log messages with structured data . But it is showing null value for structured data. I am working with rsyslog 8.9.0.Can someone tell me either i need to load some module or modify source to get structure data SD-IDs in logged message.</p> <h1>Template:</h1> <p>"&lt;%PRI%&gt;%TIMESTAMP:::daterfc3339%%HOSTNAME%%syslogtag%%APPNAME%%PROCID% %MSGID% %msg% %STRUCTURED-DATA%n”</p> <p>getting message format as below: &lt;142&gt; 2015-01-29T06:43:53.081641-05:00 localhost login[2116]: login 2116 - [2116 : 2116 INFO]SERIAL Login from IP:127.0.0.1 user:admin -</p> <h1>configuration file --rsyslog.conf:</h1> <p>$ModLoad imuxsock # provides support for local system logging $ModLoad imklog # provides kernel logging support (previously done by rklogd) $ModLoad mmpstrucdata $ModLoad mmrfc5424addhmac</p> <p>GLOBAL DIRECTIVES</p> <p>$ActionFileDefaultTemplate RSYSLOG_DebugFormat <em>.</em> /var/log/debugfmt.log;RSYSLOG_DebugFormat</p> <p>After loading mmpstrucdata and mmrfc5424addhmac i am getting structured data null.</p>LilyChadhaMon, 11 May 2015 05:58:27 -0400http://linuxexchange.org/questions/3542/unable-to-get-structured-data-in-logged-messages-even-after-adding-mmpstrucdata-and-mmrfc5424addhmacrfc5424linuxexchangesyslogdebianlinuxhttp://linuxexchange.org/questions/2355/iptables-and-sudo-not-logging<p>I have Ubuntu 10.04.2LTS 32-bit Desktop Edition and it's the same on 3 different systems.</p> <p>iptables and sudo aren't logging and I need them to be.</p> <p>1) None of them have the auth.log in /etc which is used for logging sudo commands/login authorizations</p> <p>2) None of them have the syslog.conf file in /etc (but one does exist under /usr/share/logwatch/default.conf/logfiles/syslog.conf)</p> <p>3) I've looked in the "Log Viewer" in Gnome and in /etc</p> <p>I need to enable and monitor these loggings somehow.</p>RonThu, 14 Apr 2011 13:53:25 -0400http://linuxexchange.org/questions/2355/iptables-and-sudo-not-loggingiptablessysloglucidlogsubuntuhttp://linuxexchange.org/questions/1451/logging-to-filesystem-or-database<p>So I'm looking for best practices on logging. IO, resource consumption, etc.</p> <p>Which is the better way to go from a performance perspective. Log to database, or filesystem.</p> <p>Some of the applications can log straight to the database, apache being one. Some would have to be funneled from the syslog aggregation system to the database. </p> <p>So on the applications that can go directly to the database should I, or should I just keep the standard, and let the aggregate do the work of putting into the database.</p> <p>Thoughts?</p> <p>-Rob</p>rfelsburgTue, 07 Dec 2010 17:37:03 -0500http://linuxexchange.org/questions/1451/logging-to-filesystem-or-databaselogssyslogioperformanceapachehttp://linuxexchange.org/questions/437/syslog-to-rhel-from-network-devices<p>I am building some Red Hat Syslog servers to house the syslog output of network gear. So far I have gotten the devices to send syslog data to the server and the server records it. But, it is all going to the "messages" file. How do I send the specific syslog streams to a file that is specific to the system that sent it.</p> <p>Thanks...</p>The DocTue, 11 May 2010 01:13:16 -0400http://linuxexchange.org/questions/437/syslog-to-rhel-from-network-devicesredhatsyslog