What is Rsyslog Server on Linux ?


  • Rsyslog is used to send logs from local Server (Linux/Windows/Network Devices) to Remote host.
  • Rsyslog is the default logging program on several Linux distributions including Debian and Red Hat / CentOS based systems.
  •  Apart from implementing the syslog protocol, rsyslog adds additions such as content-based filtering.

Basic Knowledge about Syslog

  • Logs files are governed by the syslog and kernel log deamons, syslogd and klogd as configured in /etc/syslog.conf. Both deamons are active by defaults.
  • We are having 8 levels for log
    • emerg (emergency)
    • alert
    • crit (critical)
    • err (error)
    • warning
    • notice
    • info
    • debug
  • Log files are organized as described in /etc/syslog.conf configuration file.
  • Most logs are located in /var/log directory.
  • Logs are maintained through a standard cron job, logrotate, it rotates log files on a weekly basis. Examle for the previous week /var/log/messages.log.1
  • The dmesg file consists of basic boot messages with starting Linux.
  • boot.log file lists messages related to starting and stopping deamons.
  • wtmp is logging for Logons on Linux.
  • Others logs
    • cups : directory with print logs.
    • gdm : directory GNOME logs.
    • kdm.log : KDE start log file.
    • ksyms : exported kernel symbols such as drivers and modules.
    • maillog : anything related to mail servers such as start, stop, reload and errors.
    • news : logs files related to InterNetNews (INN).
    • rpmpkgs : Current install RPMs.
    • secure : Logs related to SSH and xinetd.
    • squid : Directory Log for proxy server.
    • xdm : Last login via X Display Manager.
    • xferlog : List installation and upgrades.
    • XFree86* : Various X start log.

Thanks for using IThelpblog.com.



Leave a Reply

Your email address will not be published. Required fields are marked *

Go to top