stop journald showing the message but forward to syslog - systemd

I want to forward the logs from my systemd service to syslog, but do not want to show them when doing the systemctl status <service>. If i use the parameter, StandardOutput=null in systemd service file, it do not show in status but also do not forward it to the syslog. I want to forward them to syslog without storing/showing in journald/systemctl status. How to achieve this?

Related

Send different logs with rsyslog

I'm currently using rsyslog to send logs from a Linux server to QRadar (IBM's SIEM).
However, the server sends a lot of logs and I would like to filter them directly in the rsyslog.conf file. But if I write someting else than
*.* #MyServerIp
no logs are sent. Can anyone help me ?
Thank you !

Jasmin Interceptor

I am just sharpening my skills on SMS services and now a days I am trying to configuring JASMIN for this purpose.
I have installed jasmin SMS and GUI interface PlaySMS on ubuntu 18.04. I am also successful using SMS service to send sms using SMPP and now I want to go into more details. I want to grep SMS attributes and set some set of rules before sending it to the provider. For this purpose I wanted to know how to use interceptor with JASMIN and to configure the same.
I have referred https://jasmin.readthedocs.io/ for this. But here, I am not getting such file https://jasmin.readthedocs.io/en/latest/interception/index.html
Here are some logs, which indicate successful connection with interceptor.
2020-05-11 15:01:50 INFO 8354 Interceptor configured and ready.
2020-05-11 15:01:51 INFO 8354 Authenticated Avatar: iadmin
As per reference link, I have also added some filter for MT route in jasmin. Here is the configuration for this.
#Order Type Rate Connector ID(s) Filter(s)
#102 StaticMTRoute 3.45000 smppc(smpptest) <TG (tag=21403)>
#101 StaticMTRoute 1.36000 smppc(smppclient1) <TG (tag=21401)>
#100 StaticMTRoute
Now, when I try to send sms, it's working but interceptor is not coming in picture any way.
If anyone can correct me with what is wrong with my configuration or any other idea to fulfill my need, please let me know.
Here I am also sharing my SMPP log.
SMPP Log :
2020-05-07 16:54:34 INFO 934 SMS-MT [cid:smpptest] [queue-msgid:af4e11d7-d83b-4988-9ee8-c0de955554b3] [smpp-msgid:8fcc3dab-d715-41fd-9cac-6f1bb2ec5b0a] [status:ESME_ROK] [prio:0] [dlr:SMSC_DELIVERY_RECEIPT_REQUESTED] [validity:none] [from:006542] [to:8965475636] [content:'Hi u there, good morning!! \x00admin']
2020-05-07 16:57:45 INFO 934 SMS-MT [cid:smpptest] [queue-msgid:1f58e285-a64d-4fb0-ae96-8f0f2ad6a4ee] [smpp-msgid:e6aa27cc-9b30-4878-8463-096f2949e0ae] [status:ESME_ROK] [prio:0] [dlr:SMSC_DELIVERY_RECEIPT_REQUESTED] [validity:none] [from:006542] [to:+21401896324] [content:'Hello , please hurry up, boss summons us ! \x00admin']
2020-05-07 16:59:42 INFO 934 SMS-MT [cid:smpptest] [queue-msgid:c112affd-7932-4f88-b20d-d5164fddbb72] [smpp-msgid:f0bbfdd2-ef91-4262-93b4-e5ba63cef259] [status:ESME_ROK] [prio:0] [dlr:SMSC_DELIVERY_RECEIPT_REQUESTED] [validity:none] [from:006542] [to:21401963874] [content:'Hello , please hurry up, boss summons us ! \x00admin']```
Try enabling the Interceptor
sudo systemctl start jasmin-interceptord
You can also view the status by checking the logs at
/var/log/jasmin/interceptor.log
Hope this helps
Have you created an interception rule as well as an interception file (a python file)?
Interceptor file example (/opt/jasmin-scripts/interception/mt-interceptor.py)
routable.pdu.params['source_addr'] = 'NewSource'
routable.lockPduParam('source_addr')
Interceptor rule example (in Jasmin SMS Gateway's CLI)
telnet <ip> <port>
mtinterceptor -a
type DefaultInterceptor
script python3(/opt/jasmin-scripts/interception/mt-interceptor.py)
ok
persist
quit
You might need to restart the Jasmin SMS interceptor as well
sudo systemctl start jasmin-interceptord

Nifi - Remote Process Group - PeerSelector

I have build a simple Process Group. It generates a FlowFile with some random stuff in it and sends it to the Nifi Remote Process Group.
This Remote Process Group is configured to send the FlowFile to localhost or in this case to my own Hostname (I have tried localhost as well).
After this the FlowFile should Appear at the "From MiNiFi" input Port and is sended to the LogAttribute. Nothing Special.
I configured to using RAW but with HTTP it neither works.
I am using the apache/nifi docker image and didn´t changed something in nifi.properties and authorizers.xml but of couse i provide you both:
nifi.properties
authorizers.xml
The Error occuring is this:
WARNING org.apache.nifi.remote.client.PeerSelector#40081613 Unable to refresh Remote Group´s peers due to Unable to communicate with remote Nifi cluster in order to determine which nodes exist in the remote cluster
I hope you can help me. I have wasted too much time with this Problem XD
In nifi.properties you have nifi.web.http.host=f4f40c87b65f so that means the hostname that NiFi is listening for requests on is f4f40c87b65f which means the URL of your RPG must be http://f4f40c87b65f:8080/nifi

How to disable systemd journald from listening to syslog socket

Overview:
In linux based embedded system with systemd , we have journal which takes care of logging and it is very advanced and handy. It by default listen to syslog socket and kernel message as well. Since we have rsyslog also running on the system syslog messages are getting duplicated both in systemd journal as well as rsyslog file.
Query:
Is there some way we could make the journal not to listen to syslog socket.
Note:
From my understand and observation there is no way to configure this in journald configure file.
If your system takes systemd as init system, then systemd-journald is launched by systemd by default.
Since you said "syslog messages are getting duplicated both in systemd journal as well as rsyslog file", that means journald is forwarding syslog to rsyslog, it's not both daemons are listening to syslog socket. Only journald is listening to that socket. Rsyslog gets the log forwarded to it by journald.
I think you can change the port number on which journal is listening
How to configure Journald
https://serverfault.com/questions/758244/how-to-configure-systemd-journal-remote

Specific logging with rsyslog and ELK

I have an rsyslog server and ELK stack running on the same server.
Our application is forwarding logs to rsyslog and is forwarding it to localhost.
We now want to split up our logging (frontend and backend logging).
Our frontend dev has added a tag [frontend] that will be added to the message.
Is it possible to filter this out in rsyslog and forward this to another logstash while keeping the backend logging?
i have this in my configuration at the moment but it keeps forwarding all messages to that logstash:
*.* ##localhost:5555
:msg, contains, "\[frontend\]" stop
*.* ##localhost:5544
:programname, contains, "backend" ~
We are sending the frontend logs through the backend so program name 'backend' is in every message we receive
did some more research and found a working solution:
*.* {
:msg, contains, "\[frontend\]"
##localhost:5555
}
*.* {:programname, contains, "backend"
##localhost:5544
stop
}

Resources