2.10. syslog Tuning Tips

syslog can forward log messages from any number of programs over a network. The less often this occurs, the larger the pending transaction is likely to be. If the transaction is very large an I/O spike can occur. To prevent this, keep the interval reasonably small.

Procedure 2.9. Using syslogd for System Logging.

The system logging daemon, called syslogd, is used to collect messages from a number of different programs. It also collects information reported by the kernel from the kernel logging daemon klogd. Typically, syslogd will log to a local file, but it can also be configured to log over a network to a remote logging server.
  1. To enable remote logging, you will first need to configure the machine that will receive the logs. See https://access.redhat.com/solutions/54363 for details.
  2. Once remote logging support is enabled on the remote logging server, each system that will send logs to it must be configured to send its syslog output to the server, rather than writing those logs to the local file system. To do this, edit the /etc/rsyslog.conf file on each client system. For each of the various logging rules defined in that file, you can replace the local log file with the address of the remote logging server. 
    # Log all kernel messages to remote logging host.
kern.*     @my.remote.logging.server
    The example above will cause the client system to log all kernel messages to the remote machine at @my.remote.logging.server.
  3. It is also possible to configure syslogd to log all locally generated system messages, by adding a wildcard line to the /etc/rsyslog.conf file: 
    # Log all messages to a remote logging server:
*.*     @my.remote.logging.server

Important

Note that syslogd does not include built-in rate limiting on its generated network traffic. Therefore, we recommend that remote logging on Red Hat Enterprise Linux for Real Time systems be confined to only those messages that are required to be remotely logged by your organization. For example, kernel warnings, authentication requests, and the like. Other messages are locally logged.
Related Manual Pages

For more information, or for further reading, the following man pages are related to the information given in this section.

  • syslog(3)
  • rsyslog.conf(5)
  • rsyslogd(8)