Sparks
March 9, 2021, 9:23pm
1
Hi, can anyone help guide with switching from the vanilla logd? to the full rsyslog package.
Specifically what configs are reused- if any?
I found this page on the wiki , but only talks generally about the syslog standards .
My primary need for switching is to get rfc5424 formatting.
install it and edit the config file... probably also disable logd...
it a fairly manual process and almost nothing is;
also take note of online samples and versioning... many references use non compatible alt syntax that may not be valid on your rsyslog version...
Sparks
March 10, 2021, 3:16am
3
Ok thanks Wulfy. I’ll have a go and if successful will write it up as a recipe on the wiki
well this popped up in my samples dir... may or may not get you started /etc/rsyslog.conf
random-sample
##################################################
module(load="imuxsock")
module(load="imklog")
module(load="imudp")
##################################################
input(type="imudp" port="514")
#################################################
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
*.info;mail.none;authpriv.none;cron.none /var/log/messages
cron.* /var/log/cron
2 Likes
I personally hate rsyslog. I use syslog-ng rather
2 Likes
One issue with logging is that it writes a lot of stuff to storage. I've got my router with a random 1GB USB key drive formatted as f2fs and doing a lot of logging (650MB used, it rotates to keep that size or so). So far it's run a year continuously without wearing out the flash. Just so you have a point of reference.
3 Likes
after trying both rsyslog and syslog-ng, i prefer syslog-ng, mainly cuz of the filter and customization
a very detailed syslog-ng guide here:
Guide