All Questions
235
questions
0
votes
1
answer
39
views
Linux user logs bad encoding (Fedora 39)
. Hello guys, I have this weird formating in my user logs, anyone know where it is coming from ?
Thanks.
G�O`��NMESSAGE=17:19:31.502 › did-navigate-in-page�2�R��� ��\�Ek�D��F���Y$#+y���=��8@9 9�...
- 1
0
votes
0
answers
77
views
Omada Controller and rsyslog
I am totally new to rsyslog so please be gentle ;)
I have an Omada TP-Link controler, that manages all my clients AP across the region.
Everything works fine, I am trying to implement public Wi-Fi ...
0
votes
0
answers
46
views
TACACS+ accounting using linux client
Is it possible to log all commands executed in the Linux machine to a TACACS server?
- 31
0
votes
0
answers
752
views
How to configure rsyslog to use the imfile module?
I have Red Hat 9.2 with rsyslog v8.2102.0-113.el9_2.1.
I use default /etc/rsyslog.conf and a custom configuration called vums.conf located in /etc/rsyslog.d/.
module(load="imfile")
input(...
- 15
0
votes
1
answer
29
views
How to figure out why os stalled
I'm guesing it was either a disconnected ssd running the os, or the power supply unit , an uniterruptible power supply that is old. Because i was moving the ssd around within the desktop at the time, ...
- 115
2
votes
0
answers
210
views
Log file name based on application with syslog-ng
I'm using syslog-ng and currently my config only separates log files based on ip address and facility:
source s_network_udp {
syslog(transport(udp) port(514));
};
destination d_local {
file("...
- 93
0
votes
0
answers
368
views
How to Forward /var/log/yum.log to Remote Logging Server using rsyslog.conf?
Gents,
I am trying to find a way to forward /var/log/yum.log towards Remote Logging Server using rsyslog.conf in my RHEL7. But Not happening.
I have tried this approach but no luck -
$InputFileName /...
- 69
0
votes
1
answer
92
views
How to get log info to STOP going to console in Ubuntu 22
I have no idea what is causing this but I just did an update and upgrade and now I'm getting all kinds of info going to the terminal.
Here are some simple examples from sudo invocation, an anacron, ...
- 1,506
0
votes
1
answer
293
views
Does Windows have something like journald on Linux?
I have a Windows 10 installed as main OS on a machine. When I installed it fresh it would boot in like 5 seconds, but as time passed and new updates got installed, the boot times became slower and ...
- 1
0
votes
1
answer
92
views
How to disable gz backup history of logs?
In the /var/log directory from time to time different backup log files are saved, some ending in .1 .2 .3 and .gz. How can I configure the system to generate a single log without making backups but at ...
- 181
0
votes
1
answer
462
views
Find log files under multiple directories and compress each file with its own name and date
I have multiple directories like below and I want to compress each file in place.
/var/dir1/logs/logfile.log
/var/dir2/logs/logfile.log
/var/dir3/logs/logfile.log
I want to use find and tar with ...
0
votes
0
answers
1k
views
How to list users logged via remote desktop(xrdp) and ssh on Ubuntu
I'm using some shared Ubuntu machine and using the who, w, last commands doesn't print any users just my own user. Issuing reboot print a list of users logged in via xrdp.
Is there a command that can ...
0
votes
0
answers
95
views
journalctl entries are logged using the same time, in 5minute intervals
I have a service which queries a database every second and print out results to console. When I look at journalctl I get a couple hundred lines that all have the same timestamp, and then the next ...
- 33
0
votes
1
answer
1k
views
Changing security levels of Fortigate logs?
Tech newbie here.
I want to send Fortigate logs to a syslog server. Previously, I was receiving way too many unnecessary firewall logs, 90% of them with a security level of "notice." I have ...
user1703909
0
votes
2
answers
75
views
Prevent application (iscsiadm) logging to dmesg?
I have an issue where running sudo iscsiadm -m discovery -t st -p IP -l logs to dmesg across all terminals on the server.
The command is run from a java application, using:
Runtime.getRuntime()....
- 101
39
votes
1
answer
3k
views
Accidentally deleted log file of running process `python something.py 2>&1 | tee .log`. Is there a way to still save the output on the tmux-pane?
Accidentally deleted log file of running process python something.py 2>&1 | tee .log. The script is running in a tmux pane on zsh. The process is still running but not logging. The output ...
- 516
0
votes
1
answer
1k
views
How to Forward Windows Print Log to Syslog
I want to collect logs from various machine (windows and linux) to a centralized log server. The log server has been configured and is listening on port 514 tcp and udp for log in syslog protocol.
I ...
- 126
2
votes
1
answer
28
views
Automatically switch to new rotated log
On debian I monitor nginx logs with tail command:
tail -f /var/log/nginx/access.log
but since at midnight access.log is rotated (access.log is renamed as access.log.1 and new access.log is created), ...
- 25
1
vote
2
answers
476
views
Continue ddrescue from a corrupted log file
I ran ddrescue a few days ago in my 180GB partition, but after 3 days (and 99.91 % rescue and in phase 3 the last time I check) the system frozen, so I power off the computer by keeping pressed the ...
- 11
1
vote
0
answers
313
views
ufw logs BLOCKS from 2 sites while BLOCK logging is completely disabled for ALL sites
Logging is enabled. Only allow rules are logged. The very last line of my firewall rules is:
Anywhere DENY Anywhere
No logging is asked for, however two IPs repeatedly show ...
0
votes
1
answer
151
views
Debian 10 - OpenSSH-Server How to redirect user login info to a different logins file?
Debian 10 + OPENSSH-SERVER 7.9
I have a remote server that connect to my local server every minutes and in the local server's syslog, every minute I have:
Oct 11 18:22:01 localhost systemd[1]: Started ...
- 1
2
votes
1
answer
1k
views
Configuring journald.service to log its own debug_log messages
I have a Linux server that is rotating its logs every hour or so, and I'd like to understand why.
I noticed that journald itself contains debug logging, like this, that might explain it. But I checked ...
- 171
1
vote
1
answer
585
views
how to get print of ssh user logged in by password?
I want to know if it is possible to get the hash key fp from the ssh diaries for the ssh user login with a password, not a key. I see public key login keyprints recorded in the file, but no passwd ...
- 68
0
votes
1
answer
92
views
What could be a list of important configuration files and logs file on a Linux system that deserve to be monitored by a SIEM? [closed]
I am not a system engineer and not a security expert (I am more a software developer) but I am working on a project related to a SIEM installation (Wazuh). At the moment this installation have only a ...
- 7,201
0
votes
1
answer
1k
views
prevent kernel message which appears on terminal screen /dev/tty1
Kernel debug level message
watchdog : BUG: soft lockup - CPU#0 stuck for 22s!
appears in my console(/dev/tty1) and I am trying to prevent it.
I tried following 3 methods but none of them worked:
I ...
- 101
11
votes
1
answer
10k
views
How to stop journalctl showing audit logs and only keep it in a file?
I would like to have all auditd logs only in it's own log file and keep my journalctl view less polluted with events that most of the time, are generated by my own actions (single-user/personal ...
- 358
0
votes
0
answers
104
views
How to edit file inplace
I am writing some logs in a file using logging module
#filename : demo.py
import logging
#other imports as well
logging.basicConfig(filename="myfile.log",
format='%(...
- 101
-1
votes
1
answer
231
views
Is this kind of log system harmful to the hard disk?
Recently I'm learning the web development and I found the applications will write their running
logs into /tmp/appname/logs/a.log or /tmp/appname/logs/a.log.1 with the following format:
{"message&...
- 233
1
vote
1
answer
8k
views
How to get “failed login attempts since the last successful login” count as a variable?
When I log in to a server I see:
Last failed login: Fri Jul 17 12:47:01 CEST 2020 from 111.222.333.444 on ssh:notty
There were 2713 failed login attempts since the last successful login.
Last login: ...
- 41
1
vote
0
answers
24
views
squid - logfile based on source
According to some googled documents, I am trying to set up per-host logfile to exclude some requests from access log, but to keep these requests in different logfile. My related config in squid.conf:
...
- 11
6
votes
1
answer
20k
views
Journalctl shows logs from about last hour only
I have a problem with journalctl logs, which doesn't show me logs older than about one hour.
First log entry is from about one hour ago, instead of 2 days as requested.
$ date -u
Wed May 13 08:59:21 ...
- 175
0
votes
1
answer
1k
views
Write the output of xmllint to a log file, how?
With xmllint I check all XML files in the folder and if xmllint finds an invalid XML file there is an output.
My question: how can I write this output to a log file?
I found this command on the ...
0
votes
0
answers
2k
views
samba linux access log file location
experts!
I have a linux smb installation, and, as well as apache logs every access (what ip, when, requests what resource), I wonder if smb does the same:
I'd like to have a log file that reflects ...
- 123
1
vote
1
answer
771
views
iptables logging how to increase max log prefix?
I have many iptables rules that will log offending packets. My logs go to /var/log/iptables.log but the logs appear in 24-hour time: Mar 13 00:13:55 kernel: DROPPED Attempted ping, I would like them ...
- 372
1
vote
1
answer
5k
views
How to log some, but not all, lftp transfers
I have an lftp script file that I use for mirroring some directories over sftp, so I run the command using something like lftp -f mirror_dirs.lftp. I would now like to log the transfers to a specific ...
0
votes
0
answers
272
views
log tcp contakting connection with nftables
I Want to log TCP contracting Connexion using nftables(iptables)
I tried to write tcp flags in Rule, but when I acces to webpage of destination IP address I get just this Info in my logfile :
...
- 71
1
vote
0
answers
52
views
How to check for screen activation in system logs
I have a Debian 10 (Buster) installed, and I was wondering how to check in the system logs when the screen was activated.
The way I configured the OS is that I have turned off in the power manager ...
- 11
1
vote
1
answer
11k
views
How to read from syslog?
I can write to syslog via:
logger "foo bar baz"
but how do I read from syslog? my only guess is:
tail -f /var/log/syslog
but that doesn't seem right from my testing.
Note: also looking for a way ...
- 1
2
votes
1
answer
3k
views
Docker logs is missing log entires which are showing in docker attach
I am working on a software running inside a docker container where the produced logs are mandatory in order to evaluate it later on.
My problem is that the command docker logs is missing some log ...
1
vote
0
answers
2k
views
How to find out what killed my desktop environment (and possibly X Server)?
I ran into a problem this morning. I have a computer that is used for machine learning and nothing else. I use python to run tensorflow to train some models that I made.
The problem is that I couldn'...
- 21
1
vote
1
answer
39
views
Check Mount Directory
I have raspberry pi and have microsd with raspbian from which the system is loading and the HDD on which I write logs. I encountered such a problem that sometimes the disk falls off and the logs begin ...
- 11
0
votes
1
answer
178
views
Linux Log File doesn't appear
I have deleted a Log file from a linux server that was occupying 30 GB of memory , but after deleting the memory still occupied and don't know what is the problem , like if the log file was not ...
3
votes
1
answer
1k
views
How can I set quotas for /var/log/journal?
On Ubuntu, /var/log/journal grows too large. I am told I can safely delete /var/log/journal/* but I'd rather have a quota set.
How do I do this?
- 2,208
0
votes
0
answers
23
views
Linux - How to make grep show the next line too [duplicate]
I am using grep to see a log of one of our systems.
When I type "cat server.log | grep PPHI245" it shows the output below:
But, when I type just "cat server.log" it shows the output below:
Look ...
- 123
0
votes
1
answer
1k
views
Application log under Linux
What is the appropriate way for applications (for example Node) to log under Linux? With Windows there is the event log which applications can write to.
Should we just create log files under var/log ...
- 143
1
vote
0
answers
516
views
Reading log files using logstash which rotates every day
I am reading a log file using file input plugin in logstash and sending this logs to elastic search. Log file is rotated at every 00:00. When I rotate log file, the file is zipped and moved to a ...
- 21
1
vote
0
answers
563
views
Log correlation with syslog-ng patterndb
I'm trying to play with syslog-ng and patterndb and I am having trouble with log correlation.
The documentation on how to do it is here : https://www.syslog-ng.com/technical-documents/doc/syslog-ng-...
- 11
1
vote
1
answer
178
views
couldn't parse date : nxlog
While debugging my log parsing in Nxlog, i got the below error
2019-03-31 01:57:31 DEBUG couldn't parse date: Mar 30, 2019 4:53:56 AM
I have used the below command to parse date :
Exec $time = ...
- 21
0
votes
0
answers
1k
views
rsyslogd vs auditd? Are they alternatives or complement each other?
I see that both auditd and rsyslogd services are running (on my OpenSuse Leap 15 box). A quick google didn't give a good answer.
Are these services doing the same job? i.e. Could i get rid of one of ...
- 19
0
votes
1
answer
188
views
How do I keep 110 files before allowing linux to rotate the logs?
I'm trying to find out whether it is possible to configure linux to keep 110 copies of the audit log files. The setting is under /etc/audit/auditd.conf num_logs = 99
From reading, I understand that ...
