Linux Logging Configuration: Difference between revisions
Line 81: | Line 81: | ||
$UDPServerAddress * | $UDPServerAddress * | ||
$UDPServerRun 514 | $UDPServerRun 514 | ||
Normally, [[iptables]] is configured to allow local host traffic, but you should check in case it doesn't. | |||
=journald Configuration= | =journald Configuration= | ||
More details about [[Linux_Logging_Concepts#journald|journald]]. | More details about [[Linux_Logging_Concepts#journald|journald]]. |
Revision as of 03:35, 4 July 2017
Internal
rsyslogd Configuration
The main rsyslogd configuration file is /etc/rsyslog.conf.
The configuration file contains global directives, rules and modules. A rule consists of filter and action. The filters can be facility/priority-based, property-based and expression-based.
For more details on rsyslogd configuration see
rsyslogd Log Rotation Configuration
rsyslogd-managed log files can be automatically rotated. The logrotate package contains a cron task that rotates log files based on the configuration found in /etc/logrotate.conf and /etc/logrotate.d/. The cron job runs daily. The essential configuration is similar to:
# rotate log files weekly weekly # keep 4 weeks worth of backlogs rotate 4 # create new (empty) log files after rotating old ones create # use date as a suffix of the rotated file dateext # uncomment this if you want your log files compressed #compress # RPM packages drop log rotation information into this directory include /etc/logrotate.d # no packages own wtmp and btmp -- we'll rotate them here /var/log/wtmp { monthly create 0664 root utmp minsize 1M rotate 1 } /var/log/btmp { missingok monthly create 0600 root utmp rotate 1 } # system-specific logs may be also be configured here.
All entries in /etc/logrotate.conf apply to every log file managed by rsyslogd, including to those whose configuration is specified in individual entries or in /etc/logrotate.d. Individua log file handing can be specified in /etc/logrotate.conf, as it is the case for /var/log/wtmp and /var/log/btmp in the above example, or in separated files placed in /etc/logrotate.d. Comments must be placed on lines that begin with '#'. Details on the configuration file syntax can be obtained with:
man logrotate
Configuration directives:
daily | weekly | monthly | yearly
Specifies the rotation periodicity.
rotate <integer>
Specifies the number of rotation the log file undergoes before it is removed or mailed. If 0 is specified, old files are removed immediately.
Log Rotation Configuration File Syntax Verification
logrotate -d -f /etc/logrotate.conf
Enable rsyslogd to Listen for UDP Traffic
Some applications, like HAProxy for example, do not write their logs on the filesystem, but send them over UDP to the local syslogd server. In order to receive this traffic, rsyslogd must be configured as follows, by adding the following lines to /etc/rsyslog.conf
$ModLoad imudp $UDPServerAddress * $UDPServerRun 514
Normally, iptables is configured to allow local host traffic, but you should check in case it doesn't.
journald Configuration
More details about journald.