Rsyslog Profile
ryslog is a fast handler collection system log, provides high-performance, security features and modular design. rsyslog syslog is an upgraded version, it will convert a variety of source inputs and outputs the result to the destination.
rsyslog is an open source tool, a Linux system is widely used to forward or received by TCP / UDP protocol log message. rsyslog daemon may be configured to two environments, one is configured to log collection server, rsyslog process can collect the log data from other hosts on the network, these hosts will be configured to send logs to another remote server. rsyslog Another usage is for the client may be configured to filter and send log messages to the internal local folder (e.g., / var / log), or can be routed to a remote server rsyslog.
According to the majority of Linux distributions, rsyslog is a standard log daemon pre-installed.
To rsyslog-7.4.2 version on my host
We realize the rsyslog daemon is configured in two different environments on their host, so the client and server
Rsyslog services default main configuration file /etc/rsyslog.conf
The main program is / user / sbin / rsyslogd
rsyslog configuration file
vim /etc/rsyslog.conf
#### MODULES log module ####
$ ModLoad imuxsock #imuxsock is the module that supports the local system log module
$ ModLoad imklog #imklog is the module that supports the kernel log module
#module (load = "imfile") # text file input module , provide any standard input file into a syslog message (guest)
# $ ModLoad immark #immark is the module that supports logging mark
# $ ModLoad imudp #imupd is the module, support udp protocol
# $ UDPServerRun 514 # allowed 514 port receives the use of UDP and TCP protocols over the forward log
# $ ModLoad imtcp #imtcp is the module that supports tcp protocol
#$InputTCPServerRun 514
#### GLOBAL DIRECTIVES #### Instruction global log format
$ ActionFileDefaultTemplateRSYSLOG_TraditionalFileFormat # custom log format template default
$ IncludeConfig /etc/rsyslog.d/*.conf # Loading rsyslog.d file with all conf files ending
#### RULES ####
*.info;mail.none;authpriv.none;cron.none /var/log/messages
##### records all log types info level and greater than info level of information to / var / log / messages , but the mail message information, authPriv information and validation of cron time # except task-related information
authPriv. * / var / log / secure
##### authpriv verify that all information stored in / var / log / secure
mail. * - / var / log / maillog
##### all the information messages stored in / var / log / maillog; There is a - sign , indicates a recording mode using asynchronous , because generally relatively large log
cron. * / var / log / cron
#### For information about scheduled tasks stored in / var / log / cron
* .emerg * (* represents all users)
### records all greater than or equal emerg level information , to wall transmission scheme to each person logged into the system
uucp,news.crit /var/log/spooler
#### recording uucp, news.crit the like stored in / var / log / spooler
local7.* /var/log/boot.log
#### All logs start the local server stored in /var/log/boot.log in
### rsyslog.conf defined in the journal rule formats
facitlity.priority Target
#facility: log device ( it will be appreciated that the log type ):
==============================================================
auth #pam logs generated by the authentication log
authpriv # ssh, ftp authentication information such as login information, authentication and authorization certification
cron # time-related tasks
kern # kernel
lpr # Print
mail # Mail
(syslog) #rsyslog mark information within the service , time stamp
news # news group
user # -related information generated by the user program
uucp #unix to unix copy, unix between host-related communication
local 1 ~ 7 # custom log device
===============================================================
#priority: Level Log Level :
=====================================================================
debug # There modal information, log information, up to
info # general log information, the most commonly used
notice # information on the most common conditions of importance
warning, warn # warning level
err, error # error level, prevent information from a certain function or module does not work
crit # severity level to prevent the entire system is not working properly, or the entire software information
alert # need to modify the information immediately
emerg, panic # critical information such as kernel crash
### from top to bottom, from low to high level, the information recording less and less, within the set of log if to err , the log does not record than err lower level logs only record than err higher level logging, including err log itself.
=====================================================================
Target:
# File , such as / var / log / messages
# User, root , * (for all users)
# Log server, @ 172.16.22.1
# Pipeline | COMMAND