|sections in this module||City
College of San Francisco - CS260A
Unix/Linux System Administration
The system logger (rsyslog)
includes general system logging facilities in one complete
package. Generally, two kinds of logging are provided
Previous versions, named syslog, divided these capabilities into two daemons, syslogd and klogd, where klogd was simply responsible for translating kernel messages into syslog format and syslogd did the actual logging. The newer package rsyslogd includes kernel log translation as a loadable module. rsyslogd also has advanced features to provide three types of remote logging: the traditional UDP transport, TCP, which is more robust and less lossy, and the new loss-less format RELP that uses message queuing. Most of the configuration file syntax of rsyslogd, which indicates how to log the various kinds of messages, is very similar to the old syslogd package. You can tell you are running the new package by the presence of the r prefix on the logging daemon (rsyslogd) and on its configuration file, rsyslog.conf.rsyslog is a subsystem. We will learn about subsystems in the next module on startup and shutdown.
Justification for rsyslog
Many system processes need to output status and informative messages periodically due to system events. Examples of these might be
The rsyslog subsystem provides a simple common interface for logging system events such as these, providing configurable redirection and/or duplication of these various types of messages in different files and/or to other systems. It also provides a consistent format for the messages.
Suppose an unsuccessful attempt is made to log in at the GUI console as alex. Rather than having to decide what to do with this information, whatever program is handling the login (sshd, login, or, in this case, gdm) simply assembles a message specifying
Then the syslog function in the C library (syslog(3)) is invoked. This writes to the Unix domain socket (usually /dev/log), which rsyslogd listens to. When rsyslogd reads the information from the socket, it logs it in the log file specified by /etc/rsyslog.conf, which determines where messages are logged based on their priority and facility, adding the date and the hostname.
In the example of an unsuccessful attempt to login at the GUI conosole as the existing user gboyd, my current system is configured to place the following message in /var/log/secure:
4 15:12:30 localhost pam: gdm-password:
pam_unix(gdm-password:auth): authentication failure; logname=
uid=0 euid=0 tty=:1 ruser= rhost= user=gboyd
In this message you can see several parts: the timestamp, the host, the service (pam) and the module (pam_unix) and the message.
configuration file /etc/rsyslog.conf
details how rsyslogd
is configured and where messages are logged. We will discuss that
next. In previous versions, a syslogd file in /etc/sysconfig detailed daemon configuration
options, but this functionality has been merged into rsyslog.conf
Note: The rsyslog package, including rsyslogd(8) is referred to as rsyslogd, or rsyslog Its configuration file is rsyslog.conf and the subsystem is rsyslog. The traditional syslog package is referred to variously as syslog, syslogd, or sysklogd. The configuration file and subsystem are named syslog.conf and syslog, respectively.
Next we will discuss rsyslog's configuration file. But since we
will be working on multiple VMs during this section, we should
take a sidestep and learn how to control them remotely.
|Prev|| This page was made entirely
with free software on linux:
the Mozilla Project and Openoffice.org