How to log messages after migrating from syslog to rsyslog?
Environment
- Red Hat Enterprise Linux All Versions
Issue
-
In Red Hat Enterprise Linux 3/4/5, the default system log tool is syslogd which is provided by package sysklogd, but since Red Hat Enterprise Linux 6, the rsyslogd became the default. rsyslog package is also provided since Red Hat Enterprise Linux 5.2.
-
What is replacement for syslogd in RHEL6 ?
Resolution
-
rsyslogd could run as a compatibility mode, the main purpose is to keep compatible with the old syslogd.
-
The only thing you need to do is copy the configuration files of syslogd to rsyslogd is ok.
1. Copy the configuration files
# cp /etc/syslog.conf /etc/rsyslog.conf
# cp /etc/sysconfig/syslog /etc/sysconfig/rsyslog
2. Edit the new rsyslog.conf and add this line (Otherwise kernel messages will not be logged)
$ModLoad imklog.so # provides kernel logging support (previously done by rklogd)
If you did not modify /etc/logrotate.d/syslog we do not need to copy it cause both the package provide the file with same contents.
3. Stop the syslogd
# service syslog stop
# chkconfig syslog off
4. Start the rsyslogd
# service rsyslog start
# chkconfig rsyslog on
5. About log format
- The rsyslogd almost has same log format as syslogd, but there are still differences, if you want to keep the log format totally the same as syslogd, please use the pre-defined template
RSYSLOG_TraditionalFileFormat.
cron.* /var/log/cron;RSYSLOG_TraditionalFileFormat
Note: Don't miss the ";" here.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments