Switching to rsyslog

Hi, can anyone help guide with switching from the vanilla logd? to the full rsyslog package.

Specifically what configs are reused- if any?

I found this page on the wiki , but only talks generally about the syslog standards .

My primary need for switching is to get rfc5424 formatting.

install it and edit the config file... probably also disable logd...

it a fairly manual process and almost nothing is;

also take note of online samples and versioning... many references use non compatible alt syntax that may not be valid on your rsyslog version...

Ok thanks Wulfy. I’ll have a go and if successful will write it up as a recipe on the wiki :+1:

well this popped up in my samples dir... may or may not get you started /etc/rsyslog.conf

random-sample
##################################################
module(load="imuxsock")
module(load="imklog")
module(load="imudp")
##################################################
input(type="imudp" port="514")
#################################################
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

*.info;mail.none;authpriv.none;cron.none  /var/log/messages
cron.*                                    /var/log/cron
2 Likes

I personally hate rsyslog. I use syslog-ng rather

2 Likes

One issue with logging is that it writes a lot of stuff to storage. I've got my router with a random 1GB USB key drive formatted as f2fs and doing a lot of logging (650MB used, it rotates to keep that size or so). So far it's run a year continuously without wearing out the flash. Just so you have a point of reference.

3 Likes

after trying both rsyslog and syslog-ng, i prefer syslog-ng, mainly cuz of the filter and customization
a very detailed syslog-ng guide here:
Guide