I'm running kernel 2.6.37 on an ARM machine.
I started syslogd and klogd with:
klogd -c 7
syslogd -l 7
But only a small portion of printk() messages are logged to /var/log/messages compared with what I see in dmesg.
Am I missing something here?
Are there other ways to log kernel messages to a file?
Please check /etc/syslog.conf file for a proper settings. Enabling debug level 7 on syslogd doesn't guarantee all the log messages would be logged on to /var/log/messages. The file /etc/syslog.conf has the instructions on where to log these messages. The messages can be logged on to a local file , sent to a remote syslog server, displayed on local console based on sysogd.conf configuration. If you need all the log messages to be logged on to /var/log/messages file ensure you have the following line in /etc/syslog.conf
*.* /var/log/messages
Related
I installed an updated eclipse mosquitto broker on a Windows host for my home alarm and control MQTT network. Had a bit of trouble getting it to listen for remote clients, but got everything working with the existing clients.
The trouble is I can't get the service to log no matter what I put in mosquitto.conf. If I run it directly from a command prompt (mosquitto -v) it logs to the console, and always says 'Using default config'. Does this mean it can't locate the CONF file? I've tried several versions of mosquitto going back to my original 1.6 and they all do the same thing.
This setting:
log_dest file c:\projects#lab\mosquitto.log
is the problem. I see where it says that a Windows service defaults to 'log_dest none', but I assumed I could overwrite that.
I doubt # is valid in a path name.
Also mosquitto doesn't have a default config file name, you must pass it on the command line with -c option.
The service picks up mosquitto.conf from the install dir, but only when running as the service
Also just to be clear, -v overrides all logging options (including writing to a file). From the man page:
-v, --verbose
Use verbose logging. This is equivalent to setting log_type to all in the configuration file. This overrides and logging options
given in the configuration file.
I have a filebeat configured to send my k8s cluster logs to Elasticsearch.
When I connect to the pod directly (kubectl exec -it <pod> -- sh -c bash),
the generated output logs aren't being sent to the destination.
Digging at k8s docs, I couldn't find how k8s is handling STDOUT from a running shell.
How can I configure k8s to send live shell logs?
Kubernetes has (mostly) nothing to do with this, as logging is handled by the container environment used to support Kubernetes, which is usually docker.
Depending on docker version, logs of containers could be written on json-file, journald or more, with the default being a json file. You can do a docker info | grep -i logging to check what is the Logging Driver used by docker. If the result is json-file, logs are being written down on a file in json format. If there's another value, logs are being handled in another way (and as there are various logging drivers, I suggest to check the documentation about them)
If the logs are being written on file, chances are that by using docker inspect container-id | grep -i logpath, you'll be able to see the path on the node.
Filebeat simply harvest the logs from those files and it's docker who handles the redirection between the application STDOUT inside the container and one of those files, with its driver.
Regarding exec commands not being in logs, this is an open proposal ( https://github.com/moby/moby/issues/8662 ) as not everything is redirected, just logs of the apps started by the entrypoint itself.
There's a suggested workaround which is ( https://github.com/moby/moby/issues/8662#issuecomment-277396232 )
In the mean time you can try this little hack....
echo hello > /proc/1/fd/1
Redirect your output into PID 1's (the docker container) file
descriptor for STDOUT
Which works just fine but has the problem of requiring a manual redirect.
Use the following process:
Make changes in your application to push logs to STDOUT. You may configure this in your logging configuration file.
Configure file to read those STDOUT logs (which eventual is some docker log file location like /var/log etc)
Start your file as a DeamonSets, so that logs from new pods and nodes can be anatomically pushed to ES.
For better readability of logs, make sure you push logs in json format.
Im trying to filter out all syslog messages except those who are defined in my config and then send the message to an external syslog server.
I have Ubuntu 16.04 with rsyslog, and I have configured Nextcloud to log to the syslog daemon.
my message(from /var/syslog) I want to allow being sent to the external syslog server:
Jul 11 15:55:28 test-virtual-machine ownCloud[28466]: {files_antivirus} Infected file deleted. Eicar-Test-Signature File: files/eicar(3).com.ocTransferId993388412.part Acccount: admin
I have tried to modify the rsyslog.conf file (rest of the file is default):
nextcloud.* -/var/log/nextcloud.log
:msg, contains, "*Infected*" -/var/log/nextcloud3.log
nextcloud.* #remote-host:514
this is not working at all. Anyone have some inputs?
Thanks,
I have the following that is currently working...
In /etc/rsyslog.d/60-my-filter.conf
:rawmsg,contains,"TAG" -/var/log/tag.log
My guess from the above, that you need to replace ":msg" with ":rawmsg", but I am no expert. I would also try removing the spaces, or ':rawmsg,contains,"Infected" -/var/log/nextcloud3.log'
Also remove the nextcloud lines until you know you are getting the files formatted/filtered properly, and then try adding it back.
Hope this helps.
I am using rsyslog (rsyslog-7.4.7-7.el7_0.x86_64) on CentOS 7 (CentOS Linux release 7.1.1503 (Core)). We have some applications on it which is using syslog framework for logging. We have a lot of logs. At peak, it can be upto 50000 logs in one second.
Our system was earlier running on CentOS 6.2 (and rsyslog 5.8) and we never observed any drop. After doing some search, we found that there is rate limiting. We are getting messages like "imjournal: begin to drop messages due to rate-limiting" in /var/log/messages and then "imjournal: 130886 messages lost due to rate-limiting". We tried different ways to disable or tune it without success. We tried the following.
1) Changes in /etc/rsyslog.conf
$ModLoad imjournal # provides access to the systemd journal
$imjournalRatelimitInterval 1
$imjournalRatelimitBurst 50000
Some other info from rsyslog.conf as follows. Didn't change anything here
$OmitLocalLogging on
$IMJournalStateFile imjournal.state
We also saw that there is some rate limiting with imuxsock; but that we understand that that won't be used when OmitLocalLogging is ON
2) Changes in /etc/systemd/journald.conf
Storage=auto
RateLimitInterval=1s
RateLimitBurst=100000
Our application has modules in Java (using SLF4J and LOG4J) and modules in C/C++ (using syslog() call). For the C/C++ modules, we are missing DEBUG logs most of the time. But DEBUG logs of Java modules are apparently fine always.
Version of systemd is "systemd-208-20.el7.x86_64". The application and rsyslogd are on same machine.
With the latest update to systemd (219-19) on CentOS 7, the only way we were able to get our logging working again, without any rate limiting by journald or IMUXSock, was using the config changes below. This also decreased, but didn't completely eliminate the excessive CPU consumption by journald.
Add the following to /etc/rsyslog.conf after '$ModLoad imuxsock' and '$ModLoad imjournal':
$IMUXSockRateLimitInterval 0
$IMJournalRatelimitInterval 0
Set the following in /etc/systemd/journald.conf:
Storage=volatile
Compress=no
RateLimitInterval=0
MaxRetentionSec=5s
Restart journald and rsyslog to pickup the changes with:
systemctl restart systemd-journald.service
systemctl restart rsyslog.service
Prior to this last update to systemd, you could comment out '$ModLoad imjournal' in /etc/rsyslog.conf to resolve this, but that doesn't work any longer.
I have 3 files inside OpenSSH\var\log, they are:
lastlog
OpenSSHD.log
wtmp
I changed the sshd_config file's
LogLevel INFO
Then also I am not getting any logs, anywhere.
Can anybody help me to enable the log file.
Any help is appreciated.Thanks
On Windows OpenSSH ports write to system event log, which you can view using Event Viewer. Files in /var/log are not used