The syslogd service is the original syslog service on Linux. The rsyslogd service makes several improvements, including support for:
- TCP instead of UDP as the transport protocol, increasing the reliability of transmitted data.
- Data encryption using SSL/TLS.
- Outputting data to various database technologies like MySQL.
- Buffering data on local systems when the remote receiver is not ready to accept it.
- Filtering data based on content.
In addition, rsyslogd maintains the same basic configuration format as its predecessor, so it is backward compatible in that sense.
The /etc/rsyslog.conf file
The /etc/rsyslog.conf file is the configuration file for the rsyslogd service. This file determines how to handle syslog messages through a variety of rules that you can modify as needed.
The file takes a two-column format. The first column lists message facilities and/or severities. Severities are defined in word format rather than as numbers 0–7. The second column defines what actions should be taken for messages that correspond to the facility and/or severity. Actions include which file to write the message to; which users to print the message to if they are logged in to a terminal; and which remote hosts to forward the message to.
The syslog-ng Service
The syslog-ng service is another replacement for the older syslogd service. Although it offers similar functionality to rsyslogd, syslog-ng has its own syntax.
rsyslogd Command Examples
1. To start the rsyslog service:
# rsyslogd
2. To suppress the warnings:
# rsyslogd -w
3. To disable the DNS for remote messaging:
# rsyslogd -x
4. To send UDP messages to all the targets:
# rsyslogd -A
5. To causes rsyslogd to listen to IPv4 addresses only:
# rsyslogd -4
6. To causes rsyslogd to listen to IPv6 addresses only:
# rsyslogd -6
7. To selects the desired backward compatibility mode:
# rsyslogd -c 4.2
8. To turn on the debug mode:
# rsyslogd -d
9. To specify the alernative configuration file:
# rsyslogd -f /etc/file
10. To specify the alternate pid file:
# rsyslogd -i /var/
11. To specify the hostnames to be logged:
# rsyslogd -l myhost.net
12. To avoid auto-backgrounding:
# rsyslogd -n
13. To do a config check:
# rsyslogd -N 1
14. To specify a domainname that should be stripped off before logging:
# rsyslogd -s .net
15. To print the version:
# rsyslogd -v