Skip to content

Read the Docs

rsyslog

showipintbri/read-the-docs

rsyslog

rsyslog is a linux syslog software package. https://www.rsyslog.com/

Config File: /etc/rsyslog.conf

start/stop/restart

When starting/stopping/restarting the rsyslog service you'll sometimes be shown this error message:

sudo systemctl stop rsyslog
Warning: Stopping rsyslog.service, but it can still be activated by:
  syslog.socket

Explanation: from: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815862

As this message says, rsyslog uses socket activation under systemd. So whenever there is a log message coming in, rsyslog will be started on demand. The unit is named syslog.socket.

To stop/start/restart/status:

systemctl stop syslog.socket rsyslog.service

systemctl start syslog.socket rsyslog.service

systemctl restart syslog.socket rsyslog.service

systemctl status syslog.socket rsyslog.service

rsyslog.conf

Reference: https://www.man7.org/linux/man-pages/man5/rsyslog.conf.5.html

cat /etc/rsyslog.d/vyos-rsyslog.conf
## generated by syslog.py ##
## file based logging
$outchannel global,/var/log/messages,262144,/usr/sbin/logrotate /etc/logrotate.d/vyos-rsyslog
*.notice;local7.debug :omfile:$global
## console logging
## remote logging
*.* @@(o)st-graylog01.stech.sealingtech.org:514;RSYSLOG_SyslogProtocol23Format

Explanation:

*.*                             : any facility . any level
@                               : UDP transport
@@                              : TCP transport
(o)                             : Use octet-counted framing (optional)
RSYSLOG_SyslogProtocol23Format  : Use Protocol23Format

References:

- "TCP_Framing" https://rsyslog-doc.readthedocs.io/en/latest/configuration/modules/omfwd.html#action-parameters