Unix & Linux Asked by user3427070 on December 2, 2020
I’ve got a server that’s using rsyslogd. When looking for commands run by specific users in /var/log/secure, I see that some commands appear to be cut off.
For example, you can see that the beginning of the JSON is cut off here:
Aug 19 16:31:28 server1.example.com journal: root[265681] : documentation","indices":[211,225]},{"text":"parsingJSON","indices":[226,238]},{"text":"GeoTagged","indices":[239,249]}]}},"entities":{"hashtags":[]}},{"created_at":"Thu May 10 17:41:57 +0000 2018","id_str":"994633657141813248","text":"Just another Extended Tweet with more than 140 characters, generated as a documentation example, showing that ["tru? https://t.co/U7Se4NM7Eu","display_text_range":[0,140],"truncated":true,"user":{"id_str":"944480690","screen_name":"FloodSocial"},"extended_tweet":{"full_text":"Just another Extended Tweet with more than 140 characters, generated as a documentation example, showing that ["truncated": true] and the presence of an "extended_tweet" object with complete text and "entities" #documentation #parsingJSON #GeoTagged https://t.co/e9yhQTJSIA","display_text_range":[0,249],"entities":{"hashtags":[{"text":"documentation","indices":[211,225]},{"text":"parsingJSON","indices":[226,238]},{"text":"GeoTagged","indices":[239,249]}]}},"entities":{"hashtags":[]}}] [login: alice]
The log is actually split into multiple pieces. The portion following the second colon appears to be 1024 characters max. The user's login name is only included in the last piece.
Answered by user3427070 on December 2, 2020
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP