Clik here to view.
log forwarding performance and OS bottleneck
How many logs/second can usually be handled by syslog servers? By syslog servers, I am referring to rsyslog, syslog-ng, splunk etc. The intent of the question is to find out at what logs/second rate...
View ArticleClik here to view.
using syslog-ng and patterndb, how do I specify an “empty” ruleset pattern?
In a similar vein to my previous question regarding syslog-ng’s patterndb patterns to match an empty description, I am now trying to match “–MARK–” messages. The messages look like this: -- MARK --...
View ArticleClik here to view.
Syslog-ng: how to change a message before sending to a remote host
I’m using syslog-ng 1.6.8 on SLES 10. From this machine, I need to forward all events to the remote host 10.30.38.115. But preliminary I have to change messages a little bit, adding “MyMark” prefix to...
View ArticleClik here to view.
syslog-ng mongodb plugin configuration
I am using syslog-ng‘s mongodb plugin and it works great, but I can’t find a way to customize the format of the saved log entries (“DATE”, “FACILITY”,…). Does anyone know how to do this? All...
View ArticleClik here to view.
syslog-ng not flushing the pipe to external program (SOLVED)
I have written a python script that takes log entries from syslog-ng and writes them to MongoDB (I couldn’t do it with afmongodb driver because I need to do some special processing). This is how it...
View ArticleClik here to view.
iptables logging to diferent file via syslog-ng
I have the following configuration in my iptables and syslog files: IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp...
View ArticleClik here to view.
Can a hostname be added to syslog-ng?
How can syslog-ng be configured to send both the hostname and the IP address. Currently, logs are sent with the IP address of the device/machine, but we want to add the hostname so I could keep my ip...
View ArticleClik here to view.
Syslog-ng duplicate log lines
I have a very annoying situation concerning apache access/error logs on a remote log server. Webserver: Stock apache logging with: ErrorLog "|/usr/bin/logger -p local7.err -t www.sitename.com"...
View ArticleClik here to view.
Almost-live copy of log from one server to another
We have an authentication daemon on a Debian 6.0 box generating logs at a rate of about 4-6 lines\entries every second. For legal reasons this log file has to be written to disk locally first, before...
View ArticleClik here to view.
Linux logger doesn’t write tags to log files?
I have a problem with logger command. After upgrading syslog-ng to 3.3th version (maybe it is not directly depend on it), logger (using command below) doesn’t log tag names: logger -t "BLABLA"...
View Article