All Questions
235
questions
1
vote
0
answers
518
views
Reading log files using logstash which rotates every day
I am reading a log file using file input plugin in logstash and sending this logs to elastic search. Log file is rotated at every 00:00. When I rotate log file, the file is zipped and moved to a ...
- 21
1
vote
0
answers
568
views
Log correlation with syslog-ng patterndb
I'm trying to play with syslog-ng and patterndb and I am having trouble with log correlation.
The documentation on how to do it is here : https://www.syslog-ng.com/technical-documents/doc/syslog-ng-...
- 11
1
vote
1
answer
178
views
couldn't parse date : nxlog
While debugging my log parsing in Nxlog, i got the below error
2019-03-31 01:57:31 DEBUG couldn't parse date: Mar 30, 2019 4:53:56 AM
I have used the below command to parse date :
Exec $time = ...
- 21
0
votes
0
answers
1k
views
rsyslogd vs auditd? Are they alternatives or complement each other?
I see that both auditd and rsyslogd services are running (on my OpenSuse Leap 15 box). A quick google didn't give a good answer.
Are these services doing the same job? i.e. Could i get rid of one of ...
- 19
0
votes
1
answer
192
views
How do I keep 110 files before allowing linux to rotate the logs?
I'm trying to find out whether it is possible to configure linux to keep 110 copies of the audit log files. The setting is under /etc/audit/auditd.conf num_logs = 99
From reading, I understand that ...
0
votes
0
answers
625
views
How to get new generated file name on logrotate?
I want to get new file name generated by Logrotate and run a script on it.
Logrotate has an event called Postrotate() with a parameter called '$1' but it returns the original path file name for ...
- 101
2
votes
1
answer
2k
views
Is there any way to delete logs of a specific systemd service in linux?
After searching a bit, all I got is journalctl --vacuum-time.... However, this command doesn't delete service logs. So, how can I safely delete logs of a specific service from linux?
- 601
0
votes
0
answers
67
views
Linux log grows large, resets, does it again
Am running Ubuntu 18 and don't have a ton on their for apps. The hardware is setup with one 120gb SSD as root/boot and the rest of the drives as 2 pair of raid drives where media files, etc... reside.
...
- 113
1
vote
1
answer
2k
views
Redirecting the output of service in Ubuntu to Log files
I am on Ubuntu 16.04 and deployed a service in /etc/systemd/system.
The service file booster.service contains
[Unit]
Description = booster
After = network.target
[Service]
ExecStart =/opt/tech/...
- 11
0
votes
1
answer
267
views
Is it safe to remove read rights from all /var/log files for others?
Am I supposed to be able to revoke read access recursively to /var/log/ for others or will it break some applications which rely on being able to read from /var/log/ with other rights?
- 612
0
votes
3
answers
2k
views
How to record stdout and stderr with different tags in syslog?
I can redirect both stdout and stderr to logger this way:
./myprog 2>&1 | tee /dev/tty | logger
but I would like to be able to tag each log entry with "myprog-out" and "myprog-err" based on ...
- 233
2
votes
1
answer
4k
views
Log rotation with compression?
I'm running a process on Linux (CentOS 7) which produces a lot of output on stdout. Sending it all to a file will result in a file size greater than 1 TB. But happily the output is quite compressible -...
- 123
1
vote
1
answer
3k
views
The log files are empty
I found out that my /var/log/messages is empty!
Also my /var/log/auth.log is also empty!
Also it is not logging any messages.
My /etc/rsyslog.conf file is as follows:
# /etc/rsyslog.conf ...
- 181
3
votes
1
answer
3k
views
System logs written to an NFS mount
Today we had an issue with a Linux server that filled (100%) it's entire root (/) partition due to a misconfiguration in postfix that led to a huge /var/log/syslog file and yesterday we started using ...
- 145
1
vote
1
answer
360
views
Using "tee" to selectively log Ubuntu terminal output?
I need to log terminal output. But I only need some outputs which starts with a keyword (say starts with "error"). I use something similar to:
ls | tee "log.txt"
In this example command I do not ...
- 559