tags: - rsyslog - nfs - systemd categories: - informational comments: true
Change rsyslog location Ensure the log location is available before starting the rsyslog service
Find NFS file systems
grep 192 /etc/fstab
192.168.2.25:/mnt/nfs/var/log /mnt/nfs/var/log nfs sec=sys,noatime,nodiratime,nodev,nosuid,nointr,nofail,tcp 0 0
192.168.2.25:/mnt/nfs/backup/rpi5/var/log /var/log_nfs nfs sec=sys,noatime,nodiratime,nodev,nosuid,nointr,nofail,tcp 0 0Find the mounted file systems that will be used by rsyslog
systemctl list-units | grep ‘nfs’ | awk ‘{print $1}’
mnt-nfs-var-log.mount
var-log_nfs.mount
nfs-client.targetAdd them to the ‘After’ requirement
head /lib/systemd/system/rsyslog.service
[Unit]
Description=System Logging Service
Requires=syslog.socket
After=mnt-nfs-var-log.mount var-log_nfs.mount network.target
Documentation=man:rsyslogd(8)
...reload systemd after changing file
systemctl daemon-reload
rsyslog: change the folder location
cat /etc/rsyslog.d/50-default.conf
auth,authpriv.*;local4.* /mnt/small/log/auth.log
*.*;auth,authpriv.none -/mnt/small/log/syslog
kern.* -/mnt/small/log/kern.log
mail.* -/mnt/small/log/mail.log
mail.err /mnt/small/log/mail.err
*.emerg :omusrmsg:*check syntax
rsyslogd -f /etc/rsyslog.d/50-default.conf -N1
rsyslogd: version 8.2102.0, config validation run (level 1), master config /etc/rsyslog.d/50-default.conf
rsyslogd: End of config validation run. Bye.restart
systemctl restart rsyslog
check for errors
systemctl status rsyslog
check if service is listening
netstat -4altunp | grep 514
udp 0 0 0.0.0.0:514 0.0.0.0:* 22706/rsyslogdclient
cat /etc/rsyslog.d/20-client-audit.conf
#Enable sending of logs over UDP add the following line:
*.* @192.168.2.5:514
#Enable sending of logs over TCP add the following line:
*.* @@192.168.2.5:514
#Set disk queue when rsyslog server will be down:
$ActionQueueFileName queue
$ActionQueueMaxDiskSpace 1g
$ActionQueueSaveOnShutdown on
$ActionQueueType LinkedList
$ActionResumeRetryCount -1https://www.howtoforge.com/how-to-setup-rsyslog-server-on-ubuntu-1804/