Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

25.5.2. Creating a New Directory for rsyslog Log Files

Rsyslog runs as the syslogd daemon and is managed by SELinux. Therefore all files to which rsyslog is required to write to, must have the appropriate SELinux file context.

Procedure 25.4. Creating a New Working Directory

  1. If required to use a different directory to store working files, create a directory as follows:
    ~]# mkdir /rsyslog
  2. Install utilities to manage SELinux policy:
    ~]# yum install policycoreutils-python
  3. Set the SELinux directory context type to be the same as the /var/lib/rsyslog/ directory:
    ~]# semanage fcontext -a -t syslogd_var_lib_t /rsyslog
  4. Apply the SELinux context:
    ~]# restorecon -R -v /rsyslog
    restorecon reset /rsyslog context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:syslogd_var_lib_t:s0
  5. If required, check the SELinux context as follows:
    ~]# ls -Zd /rsyslog
    drwxr-xr-x. root root system_u:object_r:syslogd_var_lib_t:s0   /rsyslog
  6. Create subdirectories as required. For example:
    ~]# mkdir /rsyslog/work
    The subdirectories will be created with the same SELinux context as the parent directory.
  7. Add the following line in /etc/rsyslog.conf immediately before it is required to take effect:
    $WorkDirectory /rsyslog/work
    This setting will remain in effect until the next WorkDirectory directive is encountered while parsing the configuration files.