Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

2.10. syslog Tuning Tips

syslog can forward log messages from any number of programs over a network. The less often this occurs, the larger the pending transaction is likely to be. If the transaction is very large an I/O spike can occur. To prevent this, keep the interval reasonably small.

Procedure 2.9. Using syslogd for System Logging.

The system logging daemon, called syslogd, is used to collect messages from a number of different programs. It also collects information reported by the kernel from the kernel logging daemon klogd. Typically, syslogd will log to a local file, but it can also be configured to log over a network to a remote logging server.
  1. To enable remote logging, you will first need to configure the machine that will receive the logs. See https://access.redhat.com/solutions/54363 for details.
  2. Once remote logging support is enabled on the remote logging server, each system that will send logs to it must be configured to send its syslog output to the server, rather than writing those logs to the local file system. To do this, edit the /etc/rsyslog.conf file on each client system. For each of the various logging rules defined in that file, you can replace the local log file with the address of the remote logging server. 
    # Log all kernel messages to remote logging host.
kern.*     @my.remote.logging.server
    The example above will cause the client system to log all kernel messages to the remote machine at @my.remote.logging.server.
  3. It is also possible to configure syslogd to log all locally generated system messages, by adding a wildcard line to the /etc/rsyslog.conf file: 
    # Log all messages to a remote logging server:
*.*     @my.remote.logging.server

Important

Note that syslogd does not include built-in rate limiting on its generated network traffic. Therefore, we recommend that remote logging on Red Hat Enterprise Linux for Real Time systems be confined to only those messages that are required to be remotely logged by your organization. For example, kernel warnings, authentication requests, and the like. Other messages are locally logged.
Related Manual Pages

For more information, or for further reading, the following man pages are related to the information given in this section.

  • syslog(3)
  • rsyslog.conf(5)
  • rsyslogd(8)
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.