Linux Logging Configuration: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 81: Line 81:
  $UDPServerAddress *
  $UDPServerAddress *
  $UDPServerRun 514
  $UDPServerRun 514
Normally, [[iptables]] is configured to allow local host traffic, but you should check in case it doesn't.


=journald Configuration=
=journald Configuration=


More details about [[Linux_Logging_Concepts#journald|journald]].
More details about [[Linux_Logging_Concepts#journald|journald]].

Revision as of 03:35, 4 July 2017

Internal

rsyslogd Configuration

The main rsyslogd configuration file is /etc/rsyslog.conf.

The configuration file contains global directives, rules and modules. A rule consists of filter and action. The filters can be facility/priority-based, property-based and expression-based.

For more details on rsyslogd configuration see

RHEL 7 System Administration Guide - Basic Configuration of rsyslog

rsyslogd Log Rotation Configuration

rsyslogd-managed log files can be automatically rotated. The logrotate package contains a cron task that rotates log files based on the configuration found in /etc/logrotate.conf and /etc/logrotate.d/. The cron job runs daily. The essential configuration is similar to:

# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# use date as a suffix of the rotated file
dateext

# uncomment this if you want your log files compressed
#compress

# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp {
    monthly
    create 0664 root utmp
	minsize 1M
    rotate 1
}

/var/log/btmp {
    missingok
    monthly
    create 0600 root utmp
    rotate 1
}

# system-specific logs may be also be configured here.

All entries in /etc/logrotate.conf apply to every log file managed by rsyslogd, including to those whose configuration is specified in individual entries or in /etc/logrotate.d. Individua log file handing can be specified in /etc/logrotate.conf, as it is the case for /var/log/wtmp and /var/log/btmp in the above example, or in separated files placed in /etc/logrotate.d. Comments must be placed on lines that begin with '#'. Details on the configuration file syntax can be obtained with:

man logrotate

Configuration directives:

daily | weekly | monthly | yearly

Specifies the rotation periodicity.

rotate <integer>

Specifies the number of rotation the log file undergoes before it is removed or mailed. If 0 is specified, old files are removed immediately.

Log Rotation Configuration File Syntax Verification

logrotate -d -f /etc/logrotate.conf

Enable rsyslogd to Listen for UDP Traffic

Some applications, like HAProxy for example, do not write their logs on the filesystem, but send them over UDP to the local syslogd server. In order to receive this traffic, rsyslogd must be configured as follows, by adding the following lines to /etc/rsyslog.conf

$ModLoad imudp
$UDPServerAddress *
$UDPServerRun 514

Normally, iptables is configured to allow local host traffic, but you should check in case it doesn't.

journald Configuration

More details about journald.