https://beardedmaker.com/wiki/index.php?action=history&feed=atom&title=RsyslogRsyslog - Revision history2026-05-13T08:34:38ZRevision history for this page on the wikiMediaWiki 1.27.4https://beardedmaker.com/wiki/index.php?title=Rsyslog&diff=158&oldid=prevBeard: Created page with "<pre> packages: rsyslog daemons: rsyslogd other: rsyslogd creates the socket /dev/log logfiles: boot.log - daemon startup during system init cron - cron and atd daemon..."2016-02-29T21:36:49Z<p>Created page with "<pre> packages: rsyslog daemons: rsyslogd other: rsyslogd creates the socket /dev/log logfiles: boot.log - daemon startup during system init cron - cron and atd daemon..."</p>
<p><b>New page</b></p><div><pre><br />
packages:<br />
rsyslog<br />
<br />
daemons:<br />
rsyslogd<br />
<br />
other:<br />
rsyslogd creates the socket /dev/log<br />
<br />
logfiles:<br />
boot.log - daemon startup during system init<br />
cron - cron and atd daemons<br />
dmesg - system hardware detection<br />
maillog - sendmail<br />
secure - network access such as sshd and xinetd<br />
wtmp - history of all login sessions<br />
rpmpkgs,yum.log - list of packages installed by rpm<br />
xferlog - ftp log<br />
Xorg.0.log,XFree86 - X windows<br />
lastlog - list of users and the time they last logged in. must use the 'lastlog' command<br />
messages - important messages generated during and after system init<br />
<br />
configs:<br />
/etc/rsyslog.conf - config file<br />
/etc/rsyslog.d/ - contains extra configs<br />
<br />
args:<br />
* = wildcard<br />
; = separator<br />
<facility>.<priority> /path/logfile - logs the specified item(s) into logfile. path can be a file or a socket via @host:port (default port 514)<br />
facility - where rsyslog should listen. can be comma separated.<br />
kern - listen to kernel messages<br />
news - listen to news daemon<br />
auth - login, getty, su, etc.<br />
security - same as auth<br />
authpriv - network login<br />
cron<br />
daemon - system daemons such as ftp<br />
lpr - printing system<br />
mail - sendmail<br />
mark - timestamps used my rsyslog. internal only<br />
syslog<br />
user - messages from user processes<br />
uucp - Unix to Unix Copy daemon<br />
local<0-7> - can be customized<br />
priority (in order of seriousness)<br />
debug - all messages<br />
info - normal messages<br />
notice - notice messages. not an error<br />
warning,warn - warning messages. might be error, but not system critical<br />
error,err - error messages. generic<br />
crit - critical messages. such as disk failure.<br />
alert - alert messages. must be dealt with immediately such as system database corruption<br />
emerg,panic - serious messages. things normally broadcast to all users.<br />
format<br />
=warning - only warning<br />
!=warn - not warning<br />
<br />
log server:<br />
on the server open /etc/rsyslog.conf and uncomment all lines with:<br />
$ModLoad<br />
$UDPServerRun<br />
$InputTCPServerRun<br />
on the client open /etc/rsyslog.conf and add a line similar to:<br />
auth.info @server:514<br />
<br />
log management:<br />
clear a log by writing to it via ">/log/file" with nothing before it. do not delete the file, permissions may get screwed up.<br />
it's best to save a backup of logs before clearing.<br />
<br />
logrotate:<br />
/etc/logrotate.conf - config file<br />
/etc/logrotate.d/ - contains extra config files<br />
logrotate would rename test.log to test.log.YYYMMDD<br />
<br />
args:<br />
rotate 4 - keep 4 weeks worth of backlogs<br />
postrotate - starts a script<br />
[script]<br />
endscript<br />
<br />
<br />
</pre></div>Beard