Difference between revisions of "Rsyslog"

From ArchWiki
Jump to: navigation, search
Line 8: Line 8:
 
[[pacman|install]] the {{Pkg|rsyslog}} package which is available in the [[Official Repositories|official repositories]].
 
[[pacman|install]] the {{Pkg|rsyslog}} package which is available in the [[Official Repositories|official repositories]].
  
=== Activation under DAEMONS array ===
+
=== Activation ===
Then start rsyslog and stop syslog-ng (unless for some strange reason you want 2 log daemons running):
+
/etc/rc.d/rsyslogd start
+
/etc/rc.d/syslog-ng stop
+
 
+
Finally, add {{ic|rsyslogd}} to the {{ic|DAEMONS}} array in your {{ic|/etc/[[rc.conf]]}}, and disable/remove {{ic|syslog-ng}}:
+
DAEMONS=( ... !syslog-ng '''rsyslogd''' ... )
+
 
+
Now you have migrated over to rsyslog!
+
 
+
=== Activation under systemd ===
+
 
After installing {{Pkg|rsyslog}}, [[systemd]] will need to know about the service file packaged with {{Pkg|rsyslog}}:
 
After installing {{Pkg|rsyslog}}, [[systemd]] will need to know about the service file packaged with {{Pkg|rsyslog}}:
 
   # systemctl daemon-reload
 
   # systemctl daemon-reload
  
 
Then, enable the new service and disable your old logger (assuming [[syslog-ng]] here):
 
Then, enable the new service and disable your old logger (assuming [[syslog-ng]] here):
   # systemctl enable rsyslog.service
+
   # systemctl {enable|disable|start|stop|reload} rsyslog
  # systemctl disable syslog-ng.service
+
  # systemctl stop syslog-ng.service
+
  # systemctl start rsyslog.service
+
  
 
== Configuring hostname ==
 
== Configuring hostname ==

Revision as of 20:24, 12 January 2013

rsyslog is an alternative logger to syslog-ng and offers many benefits over syslog-ng. rsyslog is also the default logger for the latest versions of Red Hat Enterprise Linux, as well as many other Linux distributions. Many of rsyslog's benefits over syslog-ng can be found here: [1].

Installation

install the rsyslog package which is available in the official repositories.

Activation

After installing rsyslog, systemd will need to know about the service file packaged with rsyslog:

 # systemctl daemon-reload

Then, enable the new service and disable your old logger (assuming syslog-ng here):

 # systemctl {enable|disable|start|stop|reload} rsyslog

Configuring hostname

Rsyslog uses the glibc routine gethostname() or gethostbyname() to determine the hostname of the local machine. The gethostname() or gethostbyname() routine check the contents of /etc/hosts for the fully qualified domain name (FQDN) if you are not using BIND or NIS.

You can check what the local machine's currently configured FQDN is by running hostname --fqdn. The output of hostname --short will be used by rsyslog when writing log messages.

The /etc/hosts file contains a number of lines that map FQDNs to IP addresses and that map aliases to FQDNs. See the example /etc/hosts file below:

/etc/hosts
#<ip-address>	<hostname.domain.org>	<hostname>
#<ip-address>      <actual FQDN>                       <aliases>
127.0.0.1	localhost.localdomain somehost.localdomain	localhost somehost
::1		        localhost.localdomain somehost.localdomain	localhost somehost

localhost.localdomain is the first item following the IP address, so gethostbyname() function will return localhost.localdomain as the local machine's FQDN. Then /var/log/messages file will use localhost as hostname.

To use somehost as the hostname. Move somehost.localdomain to the first item:

/etc/hosts
#<ip-address>	<hostname.domain.org>	                        <hostname>
#<ip-address>      <actual FQDN>                                              <aliases>
127.0.0.1	somehost.localdomain localhost.localdomain	localhost somehost
::1		        somehost.localdomain localhost.localdomain 	localhost somehost