Debian Linux Cheat Sheet IV [ RSYSLOG ]

The rocket-fast Syslog Server [ RSYSLOG ]

Syslog is a log management protocol used in UNIX-like operating systems and network devices. Creates, collects and distributes log messages. It usually contains information such as system events, error conditions and application logs. Syslog is used to collect, store and analyze log data through a central server.

#Rsyslog Installation:
sudo apt-get update
sudo apt-get install rsyslog

#Conf. File:
/etc/rsyslog.conf

#Redirect of Log Files: Edit:
*************************************************************
#Writing system logs to /var/log/syslog file:
auth,authpriv.*                 /var/log/auth.log

#Redirecting "auth" and "authpriv" external logs to /var/log/syslog file:
*.*;auth,authpriv.none          -/var/log/syslog

#Sending logs to a remote syslog server:
*.* @siemremote.guler.com:514

#Redirecting All Logs to a Specific File:
*.*                           /var/log/all.log

#Redirecting Only SSH Logs to a Specific File:
if $programname == 'sshd' then /var/log/sshd.log

#Separating Only Logs for User Transactions:
user.* /var/log/user.log
***************************************************************

# Directs "auth and authpriv" logs to a separate file.
# Directs all logs except "auth and authpriv" to /var/log/syslog file.
#Also sends all logs to a specific remote syslog server.
#Redirects All Logs to a Specific File.
#Only redirects SSH Logs to a Specific File.
#Redirects user logs to /var/log/user.log file.

#System Log Files:
/var/log
/var/log/syslog
/var/log/auth.log
...........

#Real time log reading:
sudo tail -f /var/log/syslog

#The Service:
sudo systemctl status rsyslog
sudo service rsyslog stop
sudo service rsyslog start
sudo service rsyslog restart
sudo systemctl enable rsyslog
#sudo systemctl disable rsyslog

#Severity Level:
0 Debug: Ayrıntılı hata ayıklama bilgileri.
1 Info: Bilgi amaçlı mesajlar.
2 Notice: Normal ama önemli koşullar.
3 Warning: Uyarı mesajları.
4 Error: Hata durumları.
5 Critical: Kritik hata durumları.
6 Alert: Anında dikkat gerektiren durumlar.
7 Emergency: Sistem çökmüş durumda.

#Facility Code	Keyword	Description:
0	kern	Kernel messages
1	user	User-level messages
2	mail	Mail system
3	daemon	System daemons
4	auth	Security/authentication messages
5	syslog	Messages generated internally by syslogd
6	lpr	Line printer subsystem
7	news	Network news subsystem
8	uucp	UUCP subsystem
9	cron	Cron subsystem
10	authpriv	Security/authentication messages
11	ftp	FTP daemon
12	ntp	NTP subsystem
13	security	Log audit
14	console	Log alert
15	solaris-cron	Scheduling daemon
16–23	local0 – local7	Locally used facilities

Öğrenmeye aç kalın – Be hungry to learn