Rsyslog and Docker

Few years ago I decided to write my own hadret.rsyslog Ansible role. I had two main goals in mind while writing it — first, I wanted to have a turn-key remote logging support, and second, I [...]

🔗 https://chbk.co/n1Edn

#linux #debian #docker #rsyslog

sending linux log to sunos Syslog file #syslog #rsyslog #solaris

https://askubuntu.com/q/1474776/612

Quick fix: install #rsyslog. You need to force it's imuxsock plugin to provide /dev/log (under systemd it will by default listen at /run/systemd/journal/syslog) to kick systemd-journald out of the loop. Than you get all you charon logging messages in syslog 🥳

Sorry for the long posts, but it took a while (hours!) to understand how everything is connected (including reading some neutron-vpnaas source code) - maybe it helps someone else getting faster out of this trap. 😅

(5/5)

rsyslog - how to install rsyslog-imdocker module? #log #logging #rsyslog

https://askubuntu.com/q/1465490/612

That feeling when some code your were responsible for years ago is giving you a hard time because you didn’t also have it use other code you were responsible for years ago. And you don’t want to make a PR lest you get sucked back in. #chef #rsyslog #freebsd #subtootingOneself

Why does UFW keep logging to syslog even when I turn it off through rsyslog settings? #ufw #syslog #rsyslog

https://askubuntu.com/q/1461597/612

Interessant. Auf #debian wird irgendwie alles doppelt und dreifach geloggt. What the fuck.

Also #rsyslog ist meiner aktuellen Erkenntnis nach total überflüssig, weil das #journald komplett übernimmt.

Viel witziger finde ich aber, dass #rsyslog by default irgendwie alles einmal nach /var/log/syslog schreibt und dann noch mal "themengenau" nach /var/log/xyz.log 🤯

Naja. rsyslog fliegt dann erstmal raus... old garbage.

At the end I've won! It turned out I used the old style of #rsyslog conf. Handy all those examples. But now I can send via #rsyslog #tls to the rsyslog server, pass it through to the #elk #stack 💪

I think it is amazing when I try to configure #rsyslog to accept #tls via #gtls via #imtcp with #certs on a #ubuntu server. Then when I configure a rsyslog client without any certs configuration, I see this loglines on the rsyslog with certs passing. Weird. Next attempt is to deliver from rsyslog with certs to #logstash with certs. As last option switch to #filebeat

Interesting #rsyslog behavior today sending logs to @Graylog. Two identical Debian VMs with the same version of rsyslog. Instance 1 could read log files outside of /var/log, instance 2 could not sue to permission issues. I tried all the ACL suggestions I found on the interwebs and the only was that worked was to change the $PrivDropToGroup setting in /etc/rsyslog.conf from "syslog" to a group that could read those files outside of the /var/log directory. Posting here in case this helps someone in the future.

@Butcher
Zum Thema "unnötiges Logging vermeiden" habe ich auf meinen 3 #RaspberryPi Log2Ram installiert. Habe hier https://github.com/jliebich/RaspberryPiNotes/blob/master/log2ram.md was dazu geschieben. Außerdem lohnt es sich den Unterschied von #journalctl und #rsyslog zu verstehen, Mehr dazu hier: https://github.com/jliebich/RaspberryPiNotes/blob/master/logs.md

Ubuntu 14.04 LTS rsyslog time travel (https://nfsec.pl/root/5843) #ubuntu #rsyslog #linux #bug_from_2015_and_we_have_2016 #twittermigration

@Iaintshootinmis @tazwake

And this is the way to enable actual timestamps #ISO8601 on any system that uses #RSyslog:

Comment OUT (you read that correctly) the “ $ActionFileDefaultTemplate” line in /etc/rsyslog.conf

#
Use traditional timestamp format.
To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

I will not investigate which genius thought the default time format was a good idea, because kumbaya.

в підготовці ведикий допис із детальною підказкою з налаштування rsyslog, — сервера й клієнтів. ще не готове, але читабельна чернетка вже є онлайн. комусь тут це взагалі цікаво?

#linux #rsyslog #linux #українською
@rada

#Drupal Syslog module overview
#rsyslog #syslog #linux
https://www.drupal.org/docs/8/core/modules/syslog/overview

Забавное из мира #linux:
Есть лог, куда пишет #rsyslog. Например, он весит 400кб. Мы делаем truncate -s 0 /var/log/some_log.pipe, после этого команда ls показывает, что размер файла равен 0.
Но как только rsyslog запишет туда хотя бы байт, размер лога, показываемый утилитой ls, возвращается к предыдущему значению - 400кб!

#openSUSE Tumbleweed gets four snapshots this week and brings #rpm, #kde Plasma, #rsyslog, #systemd, #AppStream and more https://news.opensuse.org/2021/10/29/vb-plasma-systemd-update-in-tw/

I'm reading about some of the most boring and surprisingly complex #Unix things: #rsyslog

What I want to remark upon isn't so much all of the things rsyslog does but the fact that some guy, for the last 15 years, has nearly single-handedly decided that his life calling was apparently to make sure that we could all have system log files.

https://github.com/rsyslog/rsyslog/commits/master

How does that happen? Why does someone decide that the most boring software is now their life's work?

Registros centralizados en Linux con #Rsyslog

https://www.ochobitshacenunbyte.com/2018/10/29/registros-centralizados-en-linux-con-rsyslog/

vía @davidochobits #linux #sysadmin

#linux

#HowTo Create a Centralized #Log Server with #Rsyslog in #CentOS/#RHEL7
➡https://www.tecmint.com/create-centralized-log-server-with-rsyslog-in-centos-7/amp/