LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 10-15-2010, 09:33 AM   #1
ponce
Senior Member
 
Registered: Aug 2004
Location: Pisa, Italy
Distribution: Slackware
Posts: 2,460

Rep: Reputation: 888Reputation: 888Reputation: 888Reputation: 888Reputation: 888Reputation: 888Reputation: 888
rsyslog, sysklogd alternative


I've tried, for fun, to do an rsyslog.slackbuild: I'll be very glad if you people want to have a look an test it, as I'm planning to submit it to slackbuilds.org.

http://ponce.cc/slackware/testing/rsyslog/

I'm using it happily since some time on our debian hosts for remote secure logging via gnutls, it has a lot of features plus it's backward compatible with sysklogd (it's an alternative to the one installed in standard slackware).

Inspiration source, last days talks in this topic

Last edited by ponce; 10-15-2010 at 09:38 AM.
 
Old 10-15-2010, 11:52 PM   #2
rfernandez
Member
 
Registered: Mar 2010
Location: Brazil
Distribution: Slackware64
Posts: 264

Rep: Reputation: 40
Just tested it here and everything went fine; the system didn't even notice the change, and better, an updated system log tool. I liked it a lot.

However, one thing was annoying me: every single message from the kernel were being printed to console stdout and the system here boots into init 3. To fix this, I just added a backward compatibility with klogd -c 3 behaviour: on rsyslog.conf, just added

$klogConsoleLogLevel 3

And everything is back to normal. :-)

Last edited by rfernandez; 10-15-2010 at 11:55 PM. Reason: bad grammar
 
1 members found this post helpful.
Old 10-16-2010, 06:24 AM   #3
ponce
Senior Member
 
Registered: Aug 2004
Location: Pisa, Italy
Distribution: Slackware
Posts: 2,460

Original Poster
Rep: Reputation: 888Reputation: 888Reputation: 888Reputation: 888Reputation: 888Reputation: 888Reputation: 888
thanks, added to default rsyslog.conf
 
Old 10-20-2010, 12:16 PM   #4
BrZ
Member
 
Registered: Apr 2009
Distribution: Slackware
Posts: 496

Rep: Reputation: 81
How is it going?
 
Old 10-20-2010, 01:03 PM   #5
ponce
Senior Member
 
Registered: Aug 2004
Location: Pisa, Italy
Distribution: Slackware
Posts: 2,460

Original Poster
Rep: Reputation: 888Reputation: 888Reputation: 888Reputation: 888Reputation: 888Reputation: 888Reputation: 888
fine, it seems: this is my desktop at work
Code:
==> /var/log/cron <==                                                                                                                                                                                                                          
Oct 20 10:47:01 myhost crond[1516]: FILE /var/spool/cron/crontabs/root USER root PID 12727 /usr/bin/run-parts /etc/cron.hourly 1> /dev/null
Oct 20 11:47:01 myhost crond[1516]: FILE /var/spool/cron/crontabs/root USER root PID 13469 /usr/bin/run-parts /etc/cron.hourly 1> /dev/null
Oct 20 12:47:01 myhost crond[1516]: FILE /var/spool/cron/crontabs/root USER root PID 13634 /usr/bin/run-parts /etc/cron.hourly 1> /dev/null
Oct 20 13:47:01 myhost crond[1516]: FILE /var/spool/cron/crontabs/root USER root PID 13700 /usr/bin/run-parts /etc/cron.hourly 1> /dev/null
Oct 20 14:47:01 myhost crond[1516]: FILE /var/spool/cron/crontabs/root USER root PID 15245 /usr/bin/run-parts /etc/cron.hourly 1> /dev/null
Oct 20 15:47:01 myhost crond[1516]: FILE /var/spool/cron/crontabs/root USER root PID 15361 /usr/bin/run-parts /etc/cron.hourly 1> /dev/null
Oct 20 16:47:01 myhost crond[1516]: FILE /var/spool/cron/crontabs/root USER root PID 15495 /usr/bin/run-parts /etc/cron.hourly 1> /dev/null
Oct 20 17:47:01 myhost crond[1516]: FILE /var/spool/cron/crontabs/root USER root PID 15650 /usr/bin/run-parts /etc/cron.hourly 1> /dev/null
Oct 20 18:47:01 myhost crond[1516]: FILE /var/spool/cron/crontabs/root USER root PID 15761 /usr/bin/run-parts /etc/cron.hourly 1> /dev/null
Oct 20 19:47:01 myhost crond[1516]: FILE /var/spool/cron/crontabs/root USER root PID 15797 /usr/bin/run-parts /etc/cron.hourly 1> /dev/null

==> /var/log/debug <==                                                                                                                                                                                                                         
Oct 19 11:09:05 myhost kernel: sd 6:0:0:0: [sdb] Mode Sense: 16 24 09 51
Oct 19 12:38:51 myhost kernel: sd 7:0:0:0: [sdb] Mode Sense: 16 24 09 51
Oct 19 13:21:26 myhost kernel: sd 8:0:0:0: [sdb] Mode Sense: 16 24 09 51
Oct 19 13:25:31 myhost kernel: sd 9:0:0:0: [sdb] Mode Sense: 16 24 09 51
Oct 19 13:27:52 myhost kernel: ISO 9660 Extensions: Microsoft Joliet Level 3
Oct 19 13:27:52 myhost kernel: ISO 9660 Extensions: RRIP_1991A
Oct 19 13:40:40 myhost kernel: ISO 9660 Extensions: Microsoft Joliet Level 3
Oct 19 13:40:40 myhost kernel: ISO 9660 Extensions: IEEE_P1282
Oct 19 13:47:24 myhost kernel: sd 10:0:0:0: [sdb] Mode Sense: 16 24 09 51
Oct 20 09:38:16 myhost kernel: sd 14:0:0:0: [sdc] Mode Sense: 16 24 09 51

==> /var/log/maillog <==

==> /var/log/messages <==                                                                                                                                                                                                                      
Oct 20 17:45:01 myhost rsyslogd: -- MARK --
Oct 20 18:05:02 myhost rsyslogd: -- MARK --
Oct 20 18:25:02 myhost rsyslogd: -- MARK --
Oct 20 18:41:44 myhost /usr/sbin/gpm[1614]: *** info [mice.c(1766)]:
Oct 20 18:41:44 myhost /usr/sbin/gpm[1614]: imps2: Auto-detected intellimouse PS/2
Oct 20 19:05:02 myhost rsyslogd: -- MARK --
Oct 20 19:08:17 myhost kernel: usb 1-1: USB disconnect, address 16
Oct 20 19:25:02 myhost rsyslogd: -- MARK --
Oct 20 19:45:02 myhost rsyslogd: -- MARK --
Oct 20 19:52:44 myhost sshd[15808]: Accepted publickey for myuser from 1.2.3.4 port 59987 ssh2

==> /var/log/secure <==                                                                                                                                                                                                                        
Oct 18 09:01:46 myhost su[3666]: + /dev/pts/5 myuser:root
Oct 19 14:34:36 myhost xscreensaver[10264]: FAILED LOGIN 1 ON DISPLAY ":0.0", FOR "myuser"
Oct 20 11:23:12 myhost su[13270]: Authentication failed for root
Oct 20 11:23:12 myhost su[13270]: FAILED su for root by myuser
Oct 20 11:23:12 myhost su[13270]: - /dev/pts/5 myuser:root
Oct 20 11:23:15 myhost su[13273]: Successful su for root by myuser
Oct 20 11:23:15 myhost su[13273]: + /dev/pts/5 myuser:root
Oct 20 18:41:49 myhost login[1633]: ROOT LOGIN  on '/dev/tty6'
Oct 20 19:52:53 myhost su[15836]: Successful su for root by myuser
Oct 20 19:52:53 myhost su[15836]: + /dev/pts/20 myuser:root

==> /var/log/spooler <==                                                                                                                                                                                                                       

==> /var/log/syslog <==                                                                                                                                                                                                                        
Oct 20 09:40:23 myhost smbd[12399]:   matchname: host name/address mismatch: ::ffff:127.0.0.1 != localhost
Oct 20 09:40:23 myhost smbd[12399]: [2010/10/20 09:40:23.642651,  0] lib/util_sock.c:1626(get_peer_name)
Oct 20 09:40:23 myhost smbd[12399]:   Matchname failed on localhost ::ffff:127.0.0.1
Oct 20 09:40:24 myhost smbd[12401]: [2010/10/20 09:40:24.032992,  0] lib/util_sock.c:1505(matchname)
Oct 20 09:40:24 myhost smbd[12401]:   matchname: host name/address mismatch: ::ffff:127.0.0.1 != localhost
Oct 20 09:40:24 myhost smbd[12401]: [2010/10/20 09:40:24.033202,  0] lib/util_sock.c:1626(get_peer_name)
Oct 20 09:40:24 myhost smbd[12401]:   Matchname failed on localhost ::ffff:127.0.0.1
Oct 20 16:11:34 myhost kernel: sd 15:0:0:0: [sdb] Assuming drive cache: write through
Oct 20 16:11:34 myhost kernel: sd 15:0:0:0: [sdb] Assuming drive cache: write through
Oct 20 16:11:34 myhost kernel: EXT2-fs (sdb2): warning: mounting unchecked fs, running e2fsck is recommended
FYI, the 1.5 sysklogd, on my laptop at home with latest slackware64-current, is working fine too
 
Old 10-20-2010, 02:18 PM   #6
BrZ
Member
 
Registered: Apr 2009
Distribution: Slackware
Posts: 496

Rep: Reputation: 81
Thanks Ponce,

I got your scripts and it built fine. Today I compiled sysklogd from git and will wait until the first logrotate to try rsyslog.
 
Old 10-21-2010, 12:59 AM   #7
rfernandez
Member
 
Registered: Mar 2010
Location: Brazil
Distribution: Slackware64
Posts: 264

Rep: Reputation: 40
The coolest thing, I think, about rsyslogd is it's simplicity, compatibility and daily updated support. For example: My /var/log/syslog gets constantly unreadable because of iptables log messages, so, I just added some lines in the rsyslog.conf that are clearly explained at the rsyslog webpage and voilą, I have rsyslog to separate iptables messages into another file and keeps syslog lean and clean. :-)
 
Old 10-21-2010, 01:26 AM   #8
ponce
Senior Member
 
Registered: Aug 2004
Location: Pisa, Italy
Distribution: Slackware
Posts: 2,460

Original Poster
Rep: Reputation: 888Reputation: 888Reputation: 888Reputation: 888Reputation: 888Reputation: 888Reputation: 888
glad you like it: here Rainer explains how it's born and why it exists.

it's, relatively speaking, a little bit heavier (still having a nearly undetectable load, multi-cpu aware too) and it needs more space (we're talking of 2 megabytes of docs and another megabyte with the rest, uncompressed) than sysklogd but its nice features (easy filtering and redirecting, logging to database, remotely through secure connections and so on) can be useful in a lot of scenarios.

Last edited by ponce; 10-21-2010 at 11:10 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPv6 support on sysklogd ? tanniru Linux - Networking 1 07-15-2010 01:18 AM
boot hangs extremely because of sysklogd cccc Debian 4 07-16-2009 06:58 PM
Replacing sysklogd with syslog-ng mitrio Red Hat 1 01-21-2009 09:33 PM
etc/init.d/sysklogd start doesn't do anything! SaRS AeOL Linux - Newbie 1 05-28-2008 07:09 PM
Use Sysklogd to monitor externals Gibsonist Linux - Networking 2 03-17-2005 04:27 PM


All times are GMT -5. The time now is 06:33 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration