Linux Logging Configuration

From NovaOrdis Knowledge Base
Jump to navigation Jump to search

Internal

rsyslogd Configuration

The main rsyslogd configuration file is /etc/rsyslog.conf.

The configuration file contains global directives, rules and modules. A rule consists of filter and action. The filters can be facility/priority-based, property-based and expression-based.

For more details on rsyslogd configuration see

RHEL 7 System Administration Guide - Basic Configuration of rsyslog

rsyslogd Log Rotation Configuration

rsyslogd-managed log files can be automatically rotated. The logrotate package contains a cron task that rotates log files based on the configuration found in /etc/logrotate.conf and /etc/logrotate.d/. The cron job runs daily. The essential configuration is similar to:

# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# use date as a suffix of the rotated file
dateext

# uncomment this if you want your log files compressed
#compress

# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp {
    monthly
    create 0664 root utmp
	minsize 1M
    rotate 1
}

/var/log/btmp {
    missingok
    monthly
    create 0600 root utmp
    rotate 1
}

# system-specific logs may be also be configured here.

All entries in /etc/logrotate.conf apply to every log file managed by rsyslogd, including to those whose configuration is specified in individual entries or in /etc/logrotate.d. Individua log file handing can be specified in /etc/logrotate.conf, as it is the case for /var/log/wtmp and /var/log/btmp in the above example, or in separated files placed in /etc/logrotate.d. Comments must be placed on lines that begin with '#'. Details on the configuration file syntax can be obtained with:

man logrotate

Configuration directives:

daily | weekly | monthly | yearly

Specifies the rotation periodicity.

rotate <integer>

Specifies the number of rotation the log file undergoes before it is removed or mailed. If 0 is specified, old files are removed immediately.

Log Rotation Configuration File Syntax Verification

logrotate -d -f /etc/logrotate.conf

journald Configuration

More details about journald.