Why does syslog create a user.log instead using syslog.log?

Asked Nov 15 '16 at 16:27

Active Nov 15 '16 at 16:27

Viewed 329 times

I have experienced something a bit weird for me. I have filebeat monitoring my rsyslog (syslog.log) file and sending it to my logstash.

I have noticed that after restarting filebeat where syslog is running, syslogs creates a new file user.log under /var/log/user.log where my logging is going to. However, filebeat expects that syslog.log is the one updated, since that file is not updated nothing is shipped by filebeat towards my logstash...

So my question is that, why does rsyslog daemon create this other file user.log?

Any hint is appreciated!

Thanks in advance!

regards

asked Nov 15 '16 at 16:27

ndarkness

1

Because someone has configured rsyslog to log to that file. – Michael Hampton Nov 15 '16 at 16:45
How do you mean? I have also syslog.log and only when restarting filebeat, then rsyslog creates user.log – ndarkness Nov 16 '16 at 08:13
You will need to paste your rsyslog configuration. It's located in /etc/rsyslog.d/. – Luiz Guilherme Littig Berger Nov 18 '16 at 16:32

Why does syslog create a user.log instead using syslog.log?

0 Answers0