Linux System Logging and Log Management

Learn about system logging in Linux, including configuring and managing logs using rsyslog, journald, and log rotation with logrotate.

Linux System Logging and Log Management  

Effective log management is crucial for monitoring and maintaining system health. This guide covers configuring and managing logs in Linux using rsyslog, journald, and log rotation with logrotate.

System Logging  

Using rsyslog  

Configure rsyslog for system logging.

sudo vim /etc/rsyslog.conf

Restart rsyslog to apply changes.

sudo systemctl restart rsyslog

Using journald  

Use journalctl to view system logs.

sudo journalctl

Filter logs by time.

sudo journalctl --since "2024-01-01" --until "2024-01-31"

Log Rotation  

Configuring logrotate  

Edit the logrotate configuration file.

sudo vim /etc/logrotate.conf

Example logrotate Configuration  

Rotate logs weekly and keep 4 weeks of logs.

/var/log/syslog {
    weekly
    rotate 4
    compress
    missingok
    notifempty
    create 0640 root utmp
    sharedscripts
    postrotate
        /usr/lib/rsyslog/rsyslog-rotate
    endscript
}

Forcing Log Rotation  

Force log rotation manually.

sudo logrotate -f /etc/logrotate.conf

Custom Log Management  

Creating Custom Log Files  

Create a custom log file and configure rsyslog to write to it.

sudo vim /etc/rsyslog.d/custom.conf

Add the following configuration.

if $programname == 'myapp' then /var/log/myapp.log
& stop

Restart rsyslog to apply changes.

sudo systemctl restart rsyslog

Conclusion  

Effective log management is essential for system monitoring and maintenance. Practice configuring rsyslog and journald, and managing log rotation with logrotate to maintain a healthy logging system in Linux.