...
| Code Block |
|---|
# /etc/rsyslog.conf configuration file for rsyslog # # For more information install rsyslog-doc and see # /usr/share/doc/rsyslog-doc/html/configuration/index.html # # Default logging rules can be found in /etc/rsyslog.d/50-default.conf ################# #### MODULES #### ################# module(load="imuxsock") # provides support for local system logging #module(load="immark") # provides --MARK-- message capability # provides UDP syslog reception module(load="imudp") input(type="imudp" port="514") # provides TCP syslog reception module(load="imtcp") input(type="imtcp" port="514") |
This configuration file also allows you to specify where log types go...
<MORE TO COME>
Forward logs to another service
| Code Block |
|---|
*.* @127.0.0.1:514 |
Testing Rsyslog
To listen on a port:
Figure out your interface
...
| Code Block |
|---|
$ systemctl status rsyslog
● rsyslog.service - System Logging Service
Loaded: loaded (/lib/systemd/system/rsyslog.service; disabled; vendor preset: enabled)
Active: active (running) since Thu 2021-07-22 13:34:41 EDT; 15s ago
Docs: man:rsyslogd(8)
https://www.rsyslog.com/doc/
Main PID: 305322 (rsyslogd)
Tasks: 10 (limit: 19045)
Memory: 6.3M
CGroup: /system.slice/rsyslog.service
└─305322 /usr/sbin/rsyslogd -n -iNONE
Jul 22 13:34:41 deepthought systemd[1]: Starting System Logging Service...
Jul 22 13:34:41 deepthought systemd[1]: Started System Logging Service.
Jul 22 13:34:41 deepthought rsyslogd[305322]: rsyslogd's groupid changed to 110
Jul 22 13:34:41 deepthought rsyslogd[305322]: rsyslogd's userid changed to 104
Jul 22 13:34:41 deepthought rsyslogd[305322]: [origin software="rsyslogd" swVersion="8.2001.0" x-pid="305322" x-info="https://www.rsyslog.c>
$ systemctl start rsyslog |
Restart
| Code Block |
|---|
$ systemctl startrestart rsyslog |