Rsyslog
The service for logging in Linux systems, called Rsyslog, is an enhanced version of the early Syslog service, which is automatically installed and started by default.
1. Start the service
[[Email protected] log]# service Rsyslog start
2. Configuration files
[Email protected] log]# more/etc/rsyslog.conf
Basic format:
Facility.prioritylog_location
[Email protected] log]# more/etc/rsyslog.conf |grep-v ^# |grep-v ^$
$ModLoad imuxsock.so# provides support for local system logging (e.g. via Logger command)
$ModLoad imklog.so# provides kernel logging support (previously do by RKLOGD)
$ActionFileDefaultTemplate Rsyslog_traditionalfileformat
*.info;mail.none;authpriv.none;cron.none/var/log/messages
authpriv.* //* represents any basic, none is no level, no record/var/log/secure
Mail.*-/var/log/maillog//-indicates that the operation has been written to disk without waiting for disk synchronization.
Cron.*/var/log/cron
*.emerg *
Uucp,news.crit/var/log/spooler
local7.*/var/log/boot.log
PLR@10.40.0.100 means that messages are stored on the specified remote server using the UDP protocol.
user @@10.40.0.200 means that the message is stored on the specified remote server using the TCP protocol.
3. Log storage location
[Email protected] log]# Ls/var/log
Anaconda.ifcfg.log Cups messages-20170108 spooler-20170101
Anaconda.log DMESG Nprobe spooler-20170108
Anaconda.program.log Dmesg.old Ntopng Tallylog
Anaconda.storage.log Dracut.log Ntpstats Wpa_supplicant.log
Anaconda.syslog dracut.log-20130101 Pm-powersave.log wtmp
Anaconda.xlog GDM PPP xferlog
anaconda.yum.log xferlog-20161218
audit redis xferlog-20161225
boot.log lastlog  &NBS P; salt   XFERLOG-20170101
btmp Maillog Samba xferlog-20170108
btmp-20170101 maillog-20161218 Secure Xorg.0.log
Cento maillog-20161225 secure-20161218 xorg.0.log.old
Consolekit maillog-20170101 secure-20161225 Yum.log
Cron maillog-20170108 secure-20170101 yum.log-20140610
cron-20161218 Messages secure-20170108 yum.log-20150101
cron-20161225 messages-20161218 Spooler yum.log-20160101
cron-20170101 messages-20161225 spooler-20161218 yum.log-20170101
cron-20170108 messages-20170101 spooler-20161225
4. Real-time monitoring log information
[Email protected] log]# tail/var/log/messages-20170108-f
Jan 8 03:01:23 37-test puppet-agent[17734]: Caching Catalog for 37-test
Jan 8 03:01:24 37-test puppet-agent[17734]: Applying configuration version ' 1483815681 '
Jan 8 03:01:59 37-test puppet-agent[17734]: (/stage[main]/common/exec[hot_fix_for_fms_audio_config]/returns) Executed successfully
Jan 8 03:01:59 37-test puppet-agent[17734]: (/stage[main]/common/exec[hot_fix_for_courswarebussiness.php]/returns) Executed successfully
Jan 8 03:01:59 37-test puppet-agent[17734]: (/stage[main]/common/exec[hot_fix_for_fms_video_config]/returns) Executed successfully
5, the source of log messages-facility
Rsyslog uses the facility concept to define the source of log messages to facilitate the classification of logs.
-kern Kernel messages
-user User-level messages
-mail mail system messages
-daemon system service messages
-auth Authentication system messages
-LPR Printing system messages
-syslog log system itself message
-authpriv Permission system messages
-cron Scheduling scheduled task messages
-news News System News
-UUCPUUCP system messages
-FTPFTP Service messages
6, priority/serverity level (log priority, rank)
-emergency System is no longer available
-alert must be dealt with immediately
-critical Critical Error
-error Error
-warning Warning
-notice Normal information, but more important
-informational Normal information
-debugDebug Information
Linux blog post