rsyslogd 실행 및 재시작
작성자 정보
- 관리자 작성
- 작성일
컨텐츠 정보
- 2,720 조회
- 0 추천
-
목록
본문
rsyslogd 실행 및 재시작
systemctl에 의해 /sbin/rsyslogd의 데몬프로세스가 수행된다.
rsyslog.conf 읽음
/sbin/rsyslogd 데몬이 실행되면서 /etc/rsyslog.conf파일을 읽어들이게 된다.
이 /etc/syslog.conf파일에는 시스템에서 사용하는 대부분의 로그파일들에 관해 설정되어있다.
rsyslogd.pid 기록
/sbin/syslogd도 데몬(일종의 프로세스)이므로 이 프로세스의 실행번호(Process ID : PID)를 /run/rsyslogd.pid에 기록하게 된다.
rsyslog.conf에 설정된 각각의 로그파일들에 대한 로그저장 시작
/sbin/rsyslogd의 실행과 함께 rsyslog.conf파일에 설정되어있는 각각의 로그파일들(messages, secure, maillog등)이 기록되기 시작한다.
rsyslog.conf파일의 내용을 잠시 살펴보면 다음과 같다.
|
[root@RockyLinux ~]# cat /etc/rsyslog.conf # rsyslog configuration file
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html # or latest version online at http://www.rsyslog.com/doc/rsyslog_conf.html # If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
#### GLOBAL DIRECTIVES ####
# Where to place auxiliary files global(workDirectory="/var/lib/rsyslog")
# Use default timestamp format module(load="builtin:omfile" Template="RSYSLOG_TraditionalFileFormat")
# Include all config files in /etc/rsyslog.d/ include(file="/etc/rsyslog.d/*.conf" mode="optional")
#### MODULES ####
module(load="imuxsock" # provides support for local system logging (e.g. via logger command) SysSock.Use="off") # Turn off message reception via local log socket; # local messages are retrieved through imjournal now. module(load="imjournal" # provides access to the systemd journal StateFile="imjournal.state") # File to store the position in the journal #module(load="imklog") # reads kernel messages (the same are read from journald) #module(load="immark") # provides --MARK-- message capability
# Provides UDP syslog reception # for parameters see http://www.rsyslog.com/doc/imudp.html #module(load="imudp") # needs to be done just once #input(type="imudp" port="514")
# Provides TCP syslog reception # for parameters see http://www.rsyslog.com/doc/imtcp.html #module(load="imtcp") # needs to be done just once #input(type="imtcp" port="514")
#### RULES ####
# Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console
# Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access. authpriv.* /var/log/secure
# Log all the mail messages in one place. mail.* -/var/log/maillog
# Log cron stuff cron.* /var/log/cron
# Everybody gets emergency messages *.emerg :omusrmsg:*
# Save news errors of level crit and higher in a special file. uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log local7.* /var/log/boot.log
# ### sample forwarding rule ### #action(type="omfwd" # # An on-disk queue is created for this action. If the remote host is # # down, messages are spooled to disk and sent when it is up again. #queue.filename="fwdRule1" # unique name prefix for spool files #queue.maxdiskspace="1g" # 1gb space limit (use as much as possible) #queue.saveonshutdown="on" # save messages to disk on shutdown #queue.type="LinkedList" # run asynchronously #action.resumeRetryCount="-1" # infinite retries if host is down # # Remote Logging (we use TCP for reliable delivery) # # remote_host is: name/ip, e.g. 192.168.0.1, port optional e.g. 10514 #Target="remote_host" Port="XXX" Protocol="tcp") [root@RockyLinux ~]# |
관련자료
-
이전
-
다음
