rsyslog sending logs to vector. Able to receive system logs but not custom application logs #22703
Unanswered
manoharBattala
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Here is my rsyslog configuration
#################
MODULES
#################
module(load="imuxsock") # Provides support for local system logging
UDP syslog reception (uncomment if using UDP for Vector)
module(load="imudp")
input(type="imudp" port="514")
TCP syslog reception (uncomment if using TCP for Vector)
#module(load="imtcp")
#input(type="imtcp" port="514")
Kernel logging support
module(load="imklog" permitnonkernelfacility="on")
###########################
GLOBAL DIRECTIVES
###########################
$RepeatedMsgReduction on
#module(load="imfile")
Input from custom log file
#input(type="imfile" File="/var/log/custom_app.log" Tag="myapp" Facility="local0")
action(type="omfile" file="/var/log/custom_app.log")
Set the default permissions for all log files
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog
Where to place spool and state files
$WorkDirectory /var/spool/rsyslog
Forward all logs to Vector server (UDP)
. @192.168.1.12:514 # Forwarding all logs to Vector server
#action(type="omfwd" target="192.168.1.12" port="514" protocol="udp" queue.type="linkedlist" queue.saveOnShutdown="on"queue.resumeRetryCount="-1")
Optionally, forward only logs from the 'myapp' tag (custom log file)
local0.* @192.168.1.12:514 # Forward logs tagged 'myapp' to Vector server
Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
=========================================
I tried sending below log using logger able to recive by vector
"java API is working"
And able to receive system logs like below
{"appname":"sudo","facility":"authpriv","host":"","hostname":"","message":"oracle : TTY=pts/0 ; PWD=/var/log ; USER=root ; COMMAND=/usr/bin/grep -i java custom_app.log","severity":"notice","source_ip":"***","source_type":"syslog","timestamp":"2025-03-20T19:58:45Z"}
but not able to receive my application logs
{"appname":"sudo","facility":"authpriv","host":"DESKTOP-2B46BBL","hostname":"DESKTOP-2B46BBL","message":"oracle : TTY=pts/0 ; PWD=/var/log ; USER=root ; COMMAND=/usr/bin/grep -i java custom_app.log","severity":"notice","source_ip":"192.168.1.8","source_type":"syslog","timestamp":"2025-03-20T19:58:45Z"}
Here is my vector configuration
sources:
syslog:
type: syslog
address: "0.0.0.0:514"
mode: udp
encoding:
codec: "plain"
sinks:
file_sink:
type: "file"
path: "/var/log/vector/syslog_output.log"
inputs:
- syslog
encoding:
codec: "json"
Please help i am new to vector. NO prior experience with syslog
Beta Was this translation helpful? Give feedback.
All reactions