Information: Forum is in read-only mode
For details and other support options see

OMFile Write to Stream Issue?

General discussions here

Moderator: alorbach

Google Ads

OMFile Write to Stream Issue?

Postby CycnuS » Tue Oct 25, 2016 7:17 pm

Hey guys,

Novice with Rsyslog.

What I am doing:
Running a Raspberry Pi, I have installed the Kali ARM distro, Snort, and am sending Snort alerts through Rsyslog to a logging server.

Issue I am having:
At random (i believe) points throughout the day, Rsyslog will just stop sending any data to the logging server until it is restarted. I have confirmed that during this time Snort is still alerting and writing these alerts to the local log.

Process for pre and post issue confirmation:
1) Confirm Rsyslog is running
2) Confirm Snort is running
3) wget from any device on my network
4) cd to /var/log/snort on the Snort sensor and confirm that the snort.log file has been updated with that alert. This is the device that sends via rsyslog to the logging server.
5) cd /var/log/devices/snortIP of the logging server and confirm that the .log file has been updated
6) Log into the GUI of the logging server and confirm that I can see the alert that was generated

This works for roughly 3-4 hours before failing. When it fails I still see the snort.log file updated with the appropriate alert, but I see nothing on the logging device. The only way to correct this behavior is to restart rsyslog.

I have attached the debug.log from rsyslog. I've gone through it and did not notice any issues, however this was my first time ever reviewing a rsyslog debug log. I have attached the log for your review, any help is much appreciated.
(348.09 KiB) Downloaded 48 times
Posts: 1
Joined: Tue Oct 25, 2016 7:03 pm

Urgent Question?

  • Pulling out your Hair?
  • Wasting Time and Money?
  • Deadline Approaching?

Google Ads

Return to General

Who is online

Users browsing this forum: No registered users and 0 guests