The syslog functionality is one of the main tools for a sysadmin. While writing logfiles with events of interest is a common feature of any application, having a system-wide logging functionality means all logs can be handled as one on the system. But syslog does not stop there. With these tool, a sysadmin can centralize log processing in the datacenter by forwarding the incoming events from applications to central logservers, where they can be processed at a large scale.
Centralized logging is an overkill on a home system with a few computers, but already have it’s benefits around a dozen machine. For example, a dozen desktops sending all their logfiles to a central logserver mean they don’t need to store them on the long run, the logs will occupy disk space in the logserver. The admin can check for problems in only one place (possibly by means of automated reports), the logs can be preserved in a safe way by the means of backups, stored more effective by means of heavy compressing, and will not be lost on a client’s failure or user error.
In this tutorial you will learn:
- How to install rsyslog package on RHEL 8 / CentOS 8.
- How to verify successful install.
- How to start, stop and autostart rsyslog service.
- How to test syslog functionality with logger.
Software Requirements and Conventions Used
| Category | Requirements, Conventions or Software Version Used |
|---|---|
| System | RHEL 8 / CentOS 8 |
| Software | rsyslog 8 |
| Other | Privileged access to your Linux system as root or via the sudo command. |
| Conventions |
# – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command$ – requires given linux commands to be executed as a regular non-privileged user |
How to install syslog on RHEL 8 / CentOS 8 step by step instructions
On RHEL 8 / CentOS 8 rsyslog package should be installed and running by default. There may be cases where you need to install it anyway, for example package broken/deleted, reverting from another syslog service, etc.
- The
rsyslogis reachable from the base repositories. You need to have Subscription Management repositories set up and reachable in order to install any packages. With that in place, install is only onednfcommand away:# dnf install rsyslog -y
- To verify successful installation, you can query the
rpmdatabase for the package:# rpm -q rsyslog rsyslog-8.37.0-6.el8.x86_64
dnfshould also show “install time” status in theinfooutput with the--verboseoption:# dnf info rsyslog --verbose [...] Installed Packages Name : rsyslog Version : 8.37.0 Release : 6.el8 Arch : x86_64 Size : 2.2 M Source : rsyslog-8.37.0-6.el8.src.rpm Repo : @System [...] Install time : Thu Dec 27 12:24:35 2018 Installed by : [...]
And lastly,
systemdshould know about the service (not running), which means the service files are in place:# systemctl status rsyslog.service ● rsyslog.service - System Logging Service Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled) Active: inactive (dead) Docs: man:rsyslogd(8) http://www.rsyslog.com/doc/ - To start, stop, and get the status of the service, we use
systemctl. In the last step we have seen the status of the just installed service, in inactive state. We can start it with:# systemctl start rsyslog.service
And stop with:
# systemctl stop rsyslog.service
The status showed that the service is enabled on installation, which means it will start automatically on startup of the operating system. We can disable this autostart feature with:
# systemctl disable rsyslog.service
And enable it again the same way:
# systemctl enable rsyslog.service
- To test if the service is functional (that is, accepting syslog events from the system), we can use
logger:# echo "test message from user root" | logger
And see the message properly shipped into the main syslog file by checking the last lines of
/var/log/messages:# tail /var/log/messages [...] Dec 27 12:39:46 rhel8 rsyslogd[2636]: [origin software="rsyslogd" swVersion="8.37.0-6.el8" x-pid="2636" x-info="http://www.rsyslog.com"] start Dec 27 12:39:46 rhel8 systemd[1]: Started System Logging Service. Dec 27 12:41:56 rhel8 testuser[2668]: test message from user root
Where
rhel8is the hostname of the lab machine,testuseris the original user that switched toroot, the PID of our session, and finally our message fromechoredirected tologger‘s STDIN.