Improving the rsyslog documentation…

The current state of rsyslog documentation and its representation on our official website has been a subject of concern within the professional community. We are initiating a comprehensive project aimed at systematically addressing these issues. Over the coming weeks, stakeholders can expect a series of methodical changes, some of which may be significantly transformative.

The rsyslog documentation – an important part of the system. (image: Rainer Gerhards/AI)
Continue reading “Improving the rsyslog documentation…”

rsyslog: how to debug rsyslog.conf problems?

Trying to debug rsyslog.conf issues? This can be hard. Learn here why, and how you can avoid problems. Did you know? Upon startup, rsyslog reads its config file, usually located in /etc/rsyslog.conf. While doing so, it can include config snippets usually located in /etc/rsyslog.d. But no matter if given directly inside the rsyslog.conf, or inside a snippet, the overall config is just a single text document made up of the main config file and the snippets. This is important to note when debugging rsyslog problems.

Some Distributions (here: Ubuntu) and users split the rsyslog.conf file in too many snippets. This often causes hard-to-debug problems. (Screenshot: Rainer Gerhards)
Continue reading “rsyslog: how to debug rsyslog.conf problems?”

First Syslog Open Online Meeting a Success

Yesterday, we held the first open meeting for the (r)syslog community. It was announced on very short notice, but we still had more than 10 participants. Even more important, we had some great discussions. So I call the concept a “success” and plan for more to come.

For everyone who could not attend, here is the meeting recording:

Please accept YouTube cookies to play this video. By accepting you will be accessing content from YouTube, a service provided by an external third party.

YouTube privacy policy

If you accept this notice, your choice will be saved and the page will refresh.

Continue reading “First Syslog Open Online Meeting a Success”

Experiment: an open online meeting for rsyslog folks

I am thinking quite a while about doing online seminars or meetings for folks interested in rsyslog. After some prep work, I decided to do an experiment and invite all of you to the rsyslog community’s first open online meeting. It will be held at 2020-09-29 at 3p UTC (5p CEST, 11a EDT, 8a PDT). The meeting URL is https://meet.rainer-gerhards.de/syslogOpenMeeting. Meeting language is English.

Foto of Rainer Gerhards preparing a Video Conference
Rainer Gerhards preparing a Video Conference.

This is more than a community experiment. I have worked on setting up a decent self-hosted Jitsi Meet server (some background info in German). The meeting is also meant as one of the first test runs for this system. So it definitely helps if you are a bit adventurous when you attend.

Continue reading “Experiment: an open online meeting for rsyslog folks”

rsyslog 8.2008 released – packages delayed

While we have released rsyslog 8.2008 today, binary packages are not yet updated. They will follow follow “a bit” later.

Image of rsyslog being build via SUSE OBS
A rsyslog build via SUSE Open Build Service. This time the rsyslog package build process is delayed due to problems with upgrades to the package build process. (Image: Rainer Gerhards)

The rsyslog project usually publishes binary packages for many distributions alongside the regular (source) scheduled stable releases. So far, this was a mostly manual process. In the past couple of week, we have worked on a CI system for package build as well as additional automation. We have not yet fully reached our goals, but things look pretty well.

Continue reading “rsyslog 8.2008 released – packages delayed”

rsyslog: integrating Windows Event Log (via UDP)

This tutorial tells how to integrate data from Windows event log into our rsyslog configuration. We will do this integration via the UDP syslog protocol so that we finally can show this in a real case. No advanced topics are covered. We use CentOS 7 and Windows Server 2012 (because it still is in more widespread use). This is part of a rsyslog tutorial series.

Continue reading “rsyslog: integrating Windows Event Log (via UDP)”

rsyslog: relay messages only (no local storage)

This tutorials tells how rsyslog is configured to accept syslog messages over the network via UDP. No advanced topics are covered. We use CentOS 7. This is part of a rsyslog tutorial series.

Scope

We will configure LC to only relay messages received via UDP but not store them locally.  Locally-generated messages will still be stored inside local log files. They, too, will be forwarded to LR. This is a very common use case. We still do not configure any sender to connect to LC.

To do all of this, we need to modify only LC local configuration. As such, our base lab scenario will remain in the following configuration:

Note that we still do not configure any system to actually send data to LC. This will be done the next tutorial. Note that if you did not complete the last tutorial, it may be wise to have a look at it. We will work with the configuration it generated. Continue reading “rsyslog: relay messages only (no local storage)”

rsyslog beginner’s tutorial series

This multi-step tutorial series targets rsyslog beginners. It covers typical configuration steps which are done with minimal effort. I found that for beginners it is often very important to provide precise instructions for their specific environment. As such, I focus on CentOS 7, which is quite popular in enterprise environments.

Final setup at end of basic tutorial set.

If you do not usually use CentOS 7, I still suggest to download and install it on two lab machines. This permits you to follow the tutorial in exact steps. Once you know what you do, it should be fairly easy to translate that to other distributions like Ubuntu.

Note: I am currently writing the tutorials, so they will grow for the time being. The basic set will have around 10 tutorials (I already have the full outline).

Available Tutorials

For best experience, read tutorials in given order:

  1. Overview of lab environment (not yet done)
  2. configure a TCP syslog server
  3. forward messages to remote server (via TCP syslog)
  4. configure a UDP syslog server
  5. rsyslog: relay messages only (no local storage)
  6. rsyslog: integrating Windows Event Log (via UDP)

Note that if you are interested in a specific topic, you can also pick tutorials out of the order. Be warned, though, that there is some inter-dependency between the tutorials. For example, for forwarding messages, a server is needed. The forwarding tutorial as such assumes that the server was properly created. In suggested sequence, this is ensured.

There exist also some utility tutorials to help you understand the operating environment. They are linked to from the appropriate places.

Additional Info

Why is this tutorial series created and hosted here? Find the answer in this article. If you are interested in contributing to the effort, please let me know. Feedback of any kind is also very welcome. You can also use the comment fields to provide it.