rsyslog

Base

Syslog Priority Levels

Value Priority Meaning

0 emerg System is unusable

1 alert Immediate action required

2 crit Critical condition

3 err Error condition

4 warning Warning condition

5 notice Normal but significant condition

6 info Informational messages

7 debug Debugging messages

Facility

Facility code Keyword Description

0 kern Kernel messages

1 user User-level messages

2 mail Mail system

3 daemon System daemons

4 auth Security/authentication messages

5 syslog Messages generated internally by syslogd

6 lpr Line printer subsystem

7 news Network news subsystem

8 uucp UUCP subsystem

9 cron Cron subsystem

10 authpriv Security/authentication messages

11 ftp FTP daemon

12 ntp NTP subsystem

13 security Log audit

14 console Log alert

15 solaris-cron Scheduling daemon

16–23 local0 – local7 Locally used facilities

Log Server

Client side

nano /etc/rsyslog.d/30-client.conf

Contains

##############

# Examples

##############

# Send all logs to 122.123.124.125 using tcp

*.* @@122.123.124.125:514

# The same, new format

*.* action(type="omfwd" target="122.123.124.125" port="514" protocol="tcp")

# Send all logs to 122.123.124.125 using udp

*.* @122.123.124.125:514

# Send all kernel logs to 122.123.124.125 using tcp

kern.* @@64.225.105.221:514

Restart rsyslog

sudo systemctl restart rsyslog

Link: https://www.rsyslog.com/doc/master/configuration/sysklogd_format.html

Server side

nano /etc/rsyslog.d/30-server.conf

Contains

# Turn on module some module

module(load="some_module")

# The same, new format

$ModLoad some_module

# Provides UDP syslog reception

module(load="imudp")

input(type="imudp" port="514")

# Provides TCP syslog reception

module(load="imtcp")

input(type="imtcp" port="514")

# Accept cron messages of priority info to emerg in the file /var/log/%HOSTNAME%/cron

$template DynamicFileCron,"/var/log/%HOSTNAME%/cron"

cron.info;syslog.!emerg -?DynamicFileCron

# Accept syslog messages of priority crit in the file /var/log/%HOSTNAME%/syslog

$template DynamicFileSyslog,"/var/log/%HOSTNAME%/syslog"

syslog.=crit -?DynamicFileSyslog

Restart rsyslog

sudo systemctl restart rsyslog

logger

logger command provides an easy way to add log files to /var/log/syslog - from the command line, from scripts, or from other files.

# Send syslog messages of priority crit

logger -p syslog.crit "Your crit message"