rsyslog

From ArchWiki
Revision as of 20:24, 12 January 2013 by Axanon (Talk | contribs)

Jump to: navigation, search

rsyslog is an alternative logger to syslog-ng and offers many benefits over syslog-ng. rsyslog is also the default logger for the latest versions of Red Hat Enterprise Linux, as well as many other Linux distributions. Many of rsyslog's benefits over syslog-ng can be found here: [1].

Installation

install the rsyslog package which is available in the official repositories.

Activation

After installing rsyslog, systemd will need to know about the service file packaged with rsyslog:

 # systemctl daemon-reload

Then, enable the new service and disable your old logger (assuming syslog-ng here):

 # systemctl {enable|disable|start|stop|reload} rsyslog

Configuring hostname

Rsyslog uses the glibc routine gethostname() or gethostbyname() to determine the hostname of the local machine. The gethostname() or gethostbyname() routine check the contents of /etc/hosts for the fully qualified domain name (FQDN) if you are not using BIND or NIS.

You can check what the local machine's currently configured FQDN is by running hostname --fqdn. The output of hostname --short will be used by rsyslog when writing log messages.

The /etc/hosts file contains a number of lines that map FQDNs to IP addresses and that map aliases to FQDNs. See the example /etc/hosts file below:

/etc/hosts
#<ip-address>	<hostname.domain.org>	<hostname>
#<ip-address>      <actual FQDN>                       <aliases>
127.0.0.1	localhost.localdomain somehost.localdomain	localhost somehost
::1		        localhost.localdomain somehost.localdomain	localhost somehost

localhost.localdomain is the first item following the IP address, so gethostbyname() function will return localhost.localdomain as the local machine's FQDN. Then /var/log/messages file will use localhost as hostname.

To use somehost as the hostname. Move somehost.localdomain to the first item:

/etc/hosts
#<ip-address>	<hostname.domain.org>	                        <hostname>
#<ip-address>      <actual FQDN>                                              <aliases>
127.0.0.1	somehost.localdomain localhost.localdomain	localhost somehost
::1		        somehost.localdomain localhost.localdomain 	localhost somehost