Syslog: Difference between revisions

From Alpine Linux
(fix syslog config file - files under /etc/conf.d no longer use extension)
(Move 'Writing logs' out of busybox syslog section)
 
(4 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{TOC right}}
{{TOC right}}


Syslog collects log data from multiple programs either to RAM or to a file, and handles log rotation (similar to <code>journald</code> on systemd-based systems). Alpine installs <code>syslog</code> as provided by <code>busybox</code> per default, but it also packages [https://pkgs.alpinelinux.org/packages?name=*syslog* other implementations], such as <code>rsyslog</code> and <code>syslog-ng</code>.
Syslog collects log data from multiple programs either to RAM or to a file, and handles log rotation (similar to <code>journald</code> on systemd-based systems). Alpine installs <code>syslog</code> as provided by {{pkg|busybox}} per default, but it also packages [https://pkgs.alpinelinux.org/packages?name=*syslog* other implementations], such as {{pkg|rsyslog}}, {{pkg|syslog-ng}} and [[logbookd]].


== busybox syslog ==
== busybox syslog ==
Line 7: Line 7:
Depending on how you have installed Alpine, it is already running (check with <code>ps a | grep syslogd</code>). Otherwise enable it at boot and start it with the following commands:
Depending on how you have installed Alpine, it is already running (check with <code>ps a | grep syslogd</code>). Otherwise enable it at boot and start it with the following commands:


<pre>
{{cmd|<nowiki># rc-update add syslog boot
# rc-update add syslog boot
# rc-service syslog start
# rc-service syslog start
</pre>
</nowiki>}}


=== Configuration ===
=== Configuration ===
Edit <code>/etc/conf.d/syslog</code> to change the options used when running <code>syslogd</code>. All available options can be looked up with <code>syslogd --help</code>.
Edit {{path|/etc/conf.d/syslog}} to change the options used when running <code>syslogd</code>. All available options can be looked up with <code>syslogd --help</code>.


=== Reading logs ===
=== Reading logs ===
<pre>
{{cmd|<nowiki># tail -f /var/log/messages
# tail -f /var/log/messages
Shows all messages and follows the log
Shows all messages and follows the log
# tail -f /var/log/messages | grep ssh
# tail -f /var/log/messages | grep ssh
Only shows SSH related messages, also follows the log
Only shows SSH related messages, also follows the log
</pre>
</nowiki>}}


When <code>-C</code> is enabled in the configuration:
When <code>-C</code> is enabled in the configuration:
<pre>
{{cmd|<nowiki># logread -f
# logread -f
# logread -f | grep ssh
# logread -f | grep ssh
</pre>
</nowiki>}}


=== Writing logs ===
== Writing logs ==
Many applications are able to write to the syslog by default (e.g. <code>sshd</code>). If you wish to write manually to it, use the <code>logger</code> program.
Many applications are able to write to the syslog by default (e.g. <code>sshd</code>). If you wish to write manually to it, use the <code>logger</code> program.


<pre>
{{cmd|$ logger "hello world"}}
$ logger "hello world"
</pre>


== See also ==
* [https://wiki.gentoo.org/wiki/Logging Gentoo Wiki - Logging]


[[category:System Administration]]
[[category:System Administration]]

Latest revision as of 10:53, 29 February 2024

Syslog collects log data from multiple programs either to RAM or to a file, and handles log rotation (similar to journald on systemd-based systems). Alpine installs syslog as provided by busybox per default, but it also packages other implementations, such as rsyslog, syslog-ng and logbookd.

busybox syslog

Running syslogd

Depending on how you have installed Alpine, it is already running (check with ps a | grep syslogd). Otherwise enable it at boot and start it with the following commands:

# rc-update add syslog boot # rc-service syslog start

Configuration

Edit /etc/conf.d/syslog to change the options used when running syslogd. All available options can be looked up with syslogd --help.

Reading logs

# tail -f /var/log/messages Shows all messages and follows the log # tail -f /var/log/messages | grep ssh Only shows SSH related messages, also follows the log

When -C is enabled in the configuration:

# logread -f # logread -f | grep ssh

Writing logs

Many applications are able to write to the syslog by default (e.g. sshd). If you wish to write manually to it, use the logger program.

$ logger "hello world"

See also