Linux blog post

Rsyslog

The service for logging in Linux systems, called Rsyslog, is an enhanced version of the early Syslog service, which is automatically installed and started by default.

1. Start the service

[[Email protected] log]# service Rsyslog start

2. Configuration files

[Email protected] log]# more/etc/rsyslog.conf

Basic format:

Facility.prioritylog_location

[Email protected] log]# more/etc/rsyslog.conf |grep-v ^# |grep-v ^$

$ModLoad imuxsock.so# provides support for local system logging (e.g. via Logger command)

$ModLoad imklog.so# provides kernel logging support (previously do by RKLOGD)

$ActionFileDefaultTemplate Rsyslog_traditionalfileformat

*.info;mail.none;authpriv.none;cron.none/var/log/messages

authpriv.* //* represents any basic, none is no level, no record/var/log/secure

Mail.*-/var/log/maillog//-indicates that the operation has been written to disk without waiting for disk synchronization.

Cron.*/var/log/cron

*.emerg *

Uucp,news.crit/var/log/spooler

local7.*/var/log/boot.log

PLR@10.40.0.100 means that messages are stored on the specified remote server using the UDP protocol.

user @@10.40.0.200 means that the message is stored on the specified remote server using the TCP protocol.

3. Log storage location

[Email protected] log]# Ls/var/log

Anaconda.ifcfg.log Cups messages-20170108 spooler-20170101

Anaconda.log DMESG Nprobe spooler-20170108

Anaconda.program.log Dmesg.old Ntopng Tallylog

Anaconda.storage.log Dracut.log Ntpstats Wpa_supplicant.log

Anaconda.syslog dracut.log-20130101 Pm-powersave.log wtmp

Anaconda.xlog GDM PPP xferlog

anaconda.yum.log                                     xferlog-20161218

audit                                    redis                xferlog-20161225

boot.log              lastlog             &NBS P; salt                XFERLOG-20170101

btmp Maillog Samba xferlog-20170108

btmp-20170101 maillog-20161218 Secure Xorg.0.log

Cento maillog-20161225 secure-20161218 xorg.0.log.old

Consolekit maillog-20170101 secure-20161225 Yum.log

Cron maillog-20170108 secure-20170101 yum.log-20140610

cron-20161218 Messages secure-20170108 yum.log-20150101

cron-20161225 messages-20161218 Spooler yum.log-20160101

cron-20170101 messages-20161225 spooler-20161218 yum.log-20170101

cron-20170108 messages-20170101 spooler-20161225

4. Real-time monitoring log information

[Email protected] log]# tail/var/log/messages-20170108-f

Jan 8 03:01:23 37-test puppet-agent[17734]: Caching Catalog for 37-test

Jan 8 03:01:24 37-test puppet-agent[17734]: Applying configuration version ' 1483815681 '

Jan 8 03:01:59 37-test puppet-agent[17734]: (/stage[main]/common/exec[hot_fix_for_fms_audio_config]/returns) Executed successfully

Jan 8 03:01:59 37-test puppet-agent[17734]: (/stage[main]/common/exec[hot_fix_for_courswarebussiness.php]/returns) Executed successfully

Jan 8 03:01:59 37-test puppet-agent[17734]: (/stage[main]/common/exec[hot_fix_for_fms_video_config]/returns) Executed successfully

5, the source of log messages-facility

Rsyslog uses the facility concept to define the source of log messages to facilitate the classification of logs.

-kern Kernel messages

-user User-level messages

-mail mail system messages

-daemon system service messages

-auth Authentication system messages

-LPR Printing system messages

-syslog log system itself message

-authpriv Permission system messages

-cron Scheduling scheduled task messages

-news News System News

-UUCPUUCP system messages

-FTPFTP Service messages

6, priority/serverity level (log priority, rank)

-emergency System is no longer available

-alert must be dealt with immediately

-critical Critical Error

-error Error

-warning Warning

-notice Normal information, but more important

-informational Normal information

-debugDebug Information

Linux blog post