rsyslogd is used to log messages and it is based on syslogd but with several additional features.
Apart from supporting logging on local systems, it also supports logging on remote systems.
1. Change Default Config file using -f
When rsyslogd starts, it reads /etc/rsyslog.conf file by default for configuration information. If you like to change this behavior, you can specify your own configuration file using -f option as shown below. Please note that comment entries in the configuration files start with #.
# rsyslogd -f /etc/myrsyslogd.conf
2. Change Default PID file using -i
As you see below, by default rsyslogd will store the PID of the running process in the /var/run/syslogd.pid file. This information is used when the service is stopped.
# cat /var/run/syslogd.pid 22455 # ps -ef | grep rsyslog root 22455 1 0 09:01 ? 00:00:00 rsyslogd -f /etc/myrsyslogd.conf
You can specify your own PID file using the -i option as shown below. Please note that this helps you to run two different rsyslogd process in parallel if you are doing some testing, this is helpful.
When you try to start a 2nd rsyslogd, you’ll get the following error message.
# rsyslogd -f /etc/myrsyslogd.conf Already running. If you want to run multiple instances, you need to specify different pid files (use -i option)
But, you can start a 2nd rsyslogd, if you give a different PID file as shown below.
# rsyslogd -f /etc/myrsyslogd.conf -i /var/run/myrsyslogd.pid # ps -ef | grep rsyslogd root 22538 1 0 09:05 /sbin/rsyslogd -i /var/run/syslogd.pid -c 5 root 22554 1 0 09:06 rsyslogd -f /etc/myrsyslogd.conf -i /var/run/myrsyslogd.pid
3. Specify Compatibility Mode
You’ll notice that the default rsyslogd runs in the compatibility mode “5” as shown below in the “-c 5” option.
# ps -ef | grep rsyslogd root 22538 1 0 09:05 /sbin/rsyslogd -i /var/run/syslogd.pid -c 5
You can change this to a particular version of the rsyslogd for backward compatibility:
-c3 will be backward compatible with rsyslog v3 native interface.
-c0 will be backward compatible with command-line of sysklogd (this is default behavior if no “-c” option is given).
You can view the current version of your rsyslogd as shown below.
# rsyslogd -v
rsyslogd 5.8.10, compiled with:
FEATURE_REGEXP: Yes
FEATURE_LARGEFILE: No
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
Runtime Instrumentation (slow code): No
In the following example, it will run in the backward compatible mode for version 3
rsyslogd -f /etc/myrsyslogd.conf -c3
4. Listen Only on IPv4 or IPv6
By default rsyslogd listens on all configured ip-address of the system. You can specify rsyslogd to listen either only on IPv4 or IPv6 using -4 and -6 option correspondingly as shown below.
rsyslogd -4 rsyslogd -6 -i /var/log/myrsyslogd.pid
5. Turn on Debugging
You can turn on debug mode using -d option. This will write the debug information to the stdout when you are executing the rsyslogd in the foreground.
# rsyslogd -d 2514.5700: rsyslogd 5.8.10 startup, compatibility mode 0, module path '', cwd:/etc 2514.5700: caller requested object 'net', not found (iRet -3003) 2514.5700: Requested to load module 'lmnet' 2514.5700: loading module '/lib64/rsyslog/lmnet.so' 2514.5700: module of type 2 being loaded. ... ... 2514.5700: MsgSetTAG exit: pMsg->iLenTAG 9, pMsg->TAG.szBuf: rsyslogd: 2514.5700: Checking pidfile.
If you want the rsyslogd debug information to go to a different file, you can specify that file name in the RSYSLOG_DEBUGLOG environment variable.
# export RSYSLOG_DEBUGLOG=/tmp/rsyslogdebug.log # rsyslogd -d # cat /tmp/rsyslogdebug.log 2514.5700: rsyslogd 5.8.10 startup, compatibility mode 0, module path '', cwd:/etc 2514.5700: caller requested object 'net', not found (iRet -3003) 2514.5700: Requested to load module 'lmnet' 2514.5700: loading module '/lib64/rsyslog/lmnet.so' 2514.5700: module of type 2 being loaded. ... ... 2514.5700: MsgSetTAG exit: pMsg->iLenTAG 9, pMsg->TAG.szBuf: rsyslogd: 2514.5700: Checking pidfile.
You can also specify the level of debugging using the RSYSLOG_DEBUG environment variable.
6. Specify Hostlist and Domainlist
Using -l option, you can specify list of hostnames which will be logged only using the hostname and not their FQDN. When you have multiple values separate them using : as shown below.
rsyslogd -l devdb:proddb
Using -s option, you can specify list of domainnames which should be stripped off from the logging. Just like hostnames you can specify multiple domain names using : as shown below.
rsyslogd -s linux.101hacks.net:redhat.com
You can combine both -l and -s option in a single rsyslogd.
7. Check the Config File
You can verify your configuration file using -N option. You can specify a particular level of check. The following checks the configuration in level 2. By default, it checks the /etc/rsyslog.conf
# rsyslogd -N 2 rsyslogd: version 5.8.10, config validation run (level 2), master config /etc/rsyslog.conf rsyslogd: WARNING: rsyslogd is running in compatibility mode. Automatically generated config directives may interfer with your rsyslog.conf settings. We suggest upgrading your config and adding -c5 as the first rsyslogd option. rsyslogd: Warning: backward compatibility layer added to following directive to rsyslog.conf: ModLoad immark rsyslogd: Warning: backward compatibility layer added to following directive to rsyslog.conf: MarkMessagePeriod 1200 rsyslogd: Warning: backward compatibility layer added to following directive to rsyslog.conf: ModLoad imuxsock rsyslogd: End of config validation run. Bye.
If you want to check your own configuration file, use the -f option as shown below.
# rsyslogd -N 5 -f /etc/myrsyslogd.conf
Please note that when you perform a configuration check, it doesn’t start the rsyslogd, it just checks the configuration file and returns the output to the stdout.