Skip to content

Click on each book below to review & buy on Amazon.

As an Amazon Associate, I earn from qualifying purchases.

CompTIA Linux+ XK0-005 - 1.7 - Configure Common System Services: Syslog

Syslog is a standard logging protocol used in Linux systems to collect, process, and store log messages from various sources. It allows system administrators to centralize logs, monitor system activities, and troubleshoot issues. This guide will walk you through the configuration of syslog on a Linux system.

Configuration Files

  1. /etc/rsyslog.conf: This file contains the main configuration for the syslog service. It defines the rules and actions for processing log messages.

  2. /etc/rsyslog.d/: This directory contains additional configuration files that can be used to customize the syslog service further. These files are typically named with a .conf extension.

Configuration Directives

Here are some important configuration directives commonly used in syslog configuration files:

  • *.priority: Specifies the log priority level to filter messages. For example, *.info captures log messages with priority level "info" or higher. Example:

    *.info    /var/log/messages

  • /path/to/log/file: Specifies the destination file where log messages will be written. For example, /var/log/messages captures general system messages. Example:

    mail.*    /var/log/maillog

  • & destination: Specifies an action to be taken for log messages. The destination can be a file, remote server, or another service. For example, & /var/log/secure sends log messages to the /var/log/secure file in addition to the /var/log/kernel.log file in the example below:

    kern.warning    /var/log/kernel.log
& /var/log/secure

  • template(name,"template"): Defines a log message template with a specific format. Templates allow you to customize the structure and content of log messages. Example:

    template(name="MyTemplate" type="string" string="%msg%\n")
*.*    ?MyTemplate

Make sure to edit the syslog configuration files with administrative privileges using a text editor such as nano or vi.

Service Management

To apply the changes made in the syslog configuration, you need to restart or reload the syslog service. On most modern Linux distributions that use systemd, you can use the following commands to manage the syslog service:

  • To restart the syslog service:

    sudo systemctl restart rsyslog

  • To reload the syslog service without restarting:

    sudo systemctl reload rsyslog

Example

Let's say you want to configure syslog to store system logs in a separate file and forward critical messages to a remote syslog server. Here's how you can do it:

  1. Open the syslog configuration file with root privileges:

    sudo nano /etc/rsyslog.conf

  2. Find the section that controls system logs and add or modify the following line to store logs in a separate file:

    *.info;mail.none;authpriv.none;cron.none    /var/log/system.log

  3. Below the previous line, add the following line to forward critical messages to a remote syslog server with IP address 192.168.0.100:

    *.emerg    @192.168.0.100

  4. Save the changes and exit the text editor.

  5. Restart the syslog service for the changes to take effect:

    sudo systemctl restart rsyslog

After completing these steps, the syslog service will be configured to store system logs in the /var/log/system.log file and forward critical messages to the remote syslog server at 192.168.0.100.

Conclusion

Configuring the syslog service allows you to customize log message handling and storage according to your system's requirements. By editing the syslog configuration files and utilizing the available directives, you can fine-tune the logging behavior and ensure important log messages are properly captured and managed.

Remember to restart or reload the syslog service after making any changes to the configuration files to apply the modifications.

Syslog is a powerful tool that helps administrators monitor system activities, troubleshoot issues, and maintain a centralized log management system. Understanding its configuration options and being able to modify them is essential for Linux system administration.

Support DTV Linux

Click on each book below to review & buy on Amazon. As an Amazon Associate, I earn from qualifying purchases.

NordVPN ®: Elevate your online privacy and security. Grab our Special Offer to safeguard your data on public Wi-Fi and secure your devices. I may earn a commission on purchases made through this link.