Syslog: Difference between revisions

From Alpine Linux
(fix syslog config file - files under /etc/conf.d no longer use extension)
Line 13: Line 13:


=== Configuration ===
=== Configuration ===
Edit <code>/etc/conf.d/syslog.cfg</code> to change the options used when running <code>syslogd</code>. All available options can be looked up with <code>syslogd --help</code>.
Edit <code>/etc/conf.d/syslog</code> to change the options used when running <code>syslogd</code>. All available options can be looked up with <code>syslogd --help</code>.


=== Reading logs ===
=== Reading logs ===

Revision as of 11:19, 28 May 2023

Syslog collects log data from multiple programs either to RAM or to a file, and handles log rotation (similar to journald on systemd-based systems). Alpine installs syslog as provided by busybox per default, but it also packages other implementations, such as rsyslog and syslog-ng.

busybox syslog

Running syslogd

Depending on how you have installed Alpine, it is already running (check with ps a | grep syslogd). Otherwise enable it at boot and start it with the following commands:

# rc-update add syslog boot
# rc-service syslog start

Configuration

Edit /etc/conf.d/syslog to change the options used when running syslogd. All available options can be looked up with syslogd --help.

Reading logs

# tail -f /var/log/messages
Shows all messages and follows the log
# tail -f /var/log/messages | grep ssh
Only shows SSH related messages, also follows the log

When -C is enabled in the configuration:

# logread -f
# logread -f | grep ssh

Writing logs

Many applications are able to write to the syslog by default (e.g. sshd). If you wish to write manually to it, use the logger program.

$ logger "hello world"