I've told PostgreSQL to log to syslogd and to tag its messages with "postgresql". These messages appear in /var/log/syslog with that tag.
Now I'd like those messages not to appear in /var/log/syslog but in /var/log/example/postgresql/. I thought I could do that by creating the file /etc/rsyslog.d/25-postgresql.conf with this single line (plus some comments, in real life):
:msg,contains,"postgresql" /var/log/example/postgresql/postgresql.log
Restarting rsyslog doesn't result in postgresql messages going to that file, however: they still go to /var/log/syslog.
Any suggestions what I've done wrong?
Related
I am having about 15 servers that send their syslog to a common logserver, all servers are redhat7.7, so the rsyslog is a recent version (8.24).
The normal log get transfered to the common server OK, but then there are some application logs that are watched with the imfile module, and my problem is that only some of them are transfered correctly, but others are not transfered, or there are days, where logs are missing for hours, and then are OK the rest of the day.
How can I debug this problem, I can show a small portion of the custom log definition:
$InputFileName /var/log/log-compression.log
$InputFileTag log-compression-log
$InputFileStateFile stat-log-compression-log
$InputFileSeverity info
$InputFileFacility local2
$InputRunFileMonitor
There are about 20 such sections, and some of them work, and others not, and the syntax is exactly the same, it is deployed with ansible.
I am running an ELK-Stack as a central syslogserver and I set up rsyslog to send logfiles, which are not logging into /var/lib/messages by default, to it.
The setup is working very well but since I made the configuration the external logfiles actually show up in the messages file, which is blowing it out of proportion and makes debugging normal systemlogs difficult.
I want the logs to be send to the syslogserver but not into the messages file.
This is my current configuration:
111-elk-syslog.conf:
*.* ##IP_OF_THE_SYSLOGSERVER:514
101-external-log.conf
$ModLoad imfile
$InputFileName PATH_TO_LOGFILE
$InputFileTag FILE_TAG
$InputFileStateFile FILE_TAG
$InputFileFacility local3
$InputRunFileMonitor
I know, using filebeat, I could circumvent this but rsyslog is working very well in my enviroment and this application is the only one logging so much, that this is an actual problem.
I don't understand in detail your setup, but it may help to know that in general in rsyslogd if you don't want further handling of a message that you have matched, you simply repeat the filter on the next line by using &, and the action stop. For example, you might try
*.* ##IP_OF_THE_SYSLOGSERVER:514
& stop
Why is it that when I type 'mongod -f \pluralsight\mongod.conf' (path of my conf file) in terminal, I get the following flush spam in my log file? :
Is this normal?
Here is my configuration file in case you need it.
I recently installed MongoDB and I just don't want a file that is logging that my storage is being flushed, seems like poor data management. I'm not sure what is available to me to address this, or if this is normal and permissible, or if maybe there's something I'm doing wrong when I started this project.
I figured it out, it's because in my mongod.conf file I had the verbose property set to "verbose=vvvvvv". I set it to "verbose=vvv" so it shows less info on logged.
I need to send ContxtBroker log to syslog but the other method I could find is via imfile, which is very inaccurate in timing.
Is there any way for sending ContextBroker logs directly to syslog?
The orion context broker only outputs its log information to its log file (which defaults at /tmp/contextBroker.log), and currently we don't have any intention of changing this behavior, sorry.
You could always implement a process that reads from the log file, parses the log contents and forwards the log message to syslog. Doesn't seem too difficult ...
On Centos 6.2, trying to get the kernel log redirected to the serial console, I came across an issue where agetty seems to be respawning every few keypresses.
That is, I get a login prompt in the middle of typing (after logging in).
In order to investigate the issue further, I'm looking for the location of agetty logs, but to no avail. Where and how can I see log messages for respawned agetty process?
The "diagnostics" section of the "agetty" command manpage states:
Depending on how the program was configured, all diagnostics are written to
the console device or reported via the syslog(3) facility. Error messages are
produced if the port argument does not specify a terminal device; if there is
no utmp entry for the current process (System V only); and so on.
The syslog facility by default writes the "/var/log/messages" file, but it can be configured to write another file by editing its configuration file "/etc/syslog.conf".
Finally, if the error you get is "respawning too fast", you should check your "/etc/inittab" file, as described here.