Data Structure
Networking
RDBMS
Operating System
Java
MS Excel
iOS
HTML
CSS
Android
Python
C Programming
C++
C#
MongoDB
MySQL
Javascript
PHP
Physics
Chemistry
Biology
Mathematics
English
Economics
Psychology
Social Studies
Fashion Studies
Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
How to Setup Rsyslog Remote Logging on Linux
Every Linux distribution comes with some logging systems to record system activities. This might be helpful during system troubleshooting. Rsyslog is an open source and is rocket-fast in terms of speed for system log process. It is available for several major Linux distributions including Debian and Red Hat based systems. Compared to SYSLOG protocol, It has several additional features such as content-based filtering of TCP for transporting and provides tons of configuration options. This article describes how to setup Rsyslog Remote Logging in simple steps.
Installation
If Rsyslog is not installed on your linux system, install using the following command −
$ sudo apt-get install rsyslog rsyslog-doc
The output should be like this −
Reading package lists... Done Building dependency tree Reading state information... Done rsyslog is already the newest version. The following NEW packages will be installed: rsyslog-doc 0 upgraded, 1 newly installed, 0 to remove and 265 not upgraded. Need to get 931 kB of archives. After this operation, 1,828 kB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://in.archive.ubuntu.com/ubuntu/ trusty-updates/main rsyslog-doc all 7.4.4-1ubuntu2.6 [931 kB] Fetched 931 kB in 1s (508 kB/s) Selecting previously unselected package rsyslog-doc. (Reading database ... 165966 files and directories currently installed.) Preparing to unpack .../rsyslog-doc_7.4.4-1ubuntu2.6_all.deb ... Unpacking rsyslog-doc (7.4.4-1ubuntu2.6) ... Processing triggers for doc-base (0.10.5) ... Processing 32 changed doc-base files, 1 added doc-base file... Setting up rsyslog-doc (7.4.4-1ubuntu2.6) ...
Rsyslog configurations are stored in /etc/ryslog.conf file and the files will be under /etc/rsyslog.d/ directory.
Configuration Structure
The structure of Rsyslog configuration files are in the following manner −
- Modules
- Configuration Directives
- Rule Line
Modules
Rsyslog has a modular architecture. It will enable functionality in a dynamic manner. The modules are categorized into the following manner −
- Input Modules – Used to gather messages from various sources.
- Output Modules – Used to write the messages to various places ( file, socket etc.. ).
- Parser Modules – Used to parse the message content.
Configuration Directives
Configuration directives are the configuration instructions for Rsyslog. These should be specified only one per a line which starts with dollar ($) symbol.
Rule Line
Each Rule line consists of two fields, they are divided as selector field and an action field. Again the selector field is divided into two fields, it should be like this −
- Facilities
- Priorities
A Sample Configuration
MODULES $ModLoad imuxsock $ModLoad imklog Directives # Set the default permissions for all log files. $FileOwner root $FileGroup adm $FileCreateMode 0640 $DirCreateMode 0755 RULES mail.info/var/log/mail.info mail.warn/var/log/mail.warn mail.err/var/log/mail.err daemon.*/var/log/daemon.log
Templates
It is the most important feature of Rsyslog which allows the user to log the messages in a desirable format. It can also be used to create dynamic file names to log the messages.
Check Rsyslog Configuration
Before checking Rsyslog configuration, make sure that you have restarted Rsyslog so that your changes can take immediate effect. To restart Rsyslog, use the following command −
$ sudo service rsyslog restart
Make sure Rsyslog is running. If this command returns nothing, then we can assume that, it is not running at all. Use the following command to check if the process is running –
$ ps -A | grep rsyslog
A sample output should be like this −
6738 ? 00:00:00 rsyslogd
Check the Rsyslog configuration, use the following command −
$ rsyslogd -N1
The sample output should be like this −
rsyslogd: version 7.4.4, config validation run (level 1), master config /etc/rsyslog.conf rsyslogd: End of config validation run. Bye.
Check Linux system logs for any Rsyslog errors. If there are errors you can find them in /var/log/messages. Some logs may also stored be in /var/log/syslog.
$ sudo cat /var/log/messages | grep rsyslog
Send Sample Data
Verify Rsyslog is sending data to logger by creating a test event. To send the data, use the following command –
$ logger Tutorialspoint
Check linux system logs to see if Rsyslog has recorded the test event, To verify it, use the following command –
$ sudo cat /var/log/syslog | grep Tutorialspoint
A sample output should be like this −
Feb 4 11:25:54 linux tp: Tutorialspoint Feb 4 11:32:25 linux tp: Tutorialspoint
Congratulations! Now, you know “How to Setup Rsyslog Remote Logging” on Linux. We’ll learn more about these type of commands in our next Linux post. Keep reading!
2K+ Views
