1.6 KiB
Syslog Management Protocols
Let's look at the programs filling in things on our /var/log/ directory.
-
rsyslog (common)
-
syslog (old)
-
syslog-ng (lots of content-based filtering)
-
klogd (kernel-focussed)
rsyslog
The config rests in /etc/rsyslog.conf, which then references /etc/rsyslog.d/.
Systemd
This thing makes its own logs with journald, and the journal's own logging system writes to /var/log/journal/ directory, which is then filled with nonsense.
You can obtain nonsense in systemd's own format by entering:
journalctl -e
This thing generates so much nonsense it can crash your system, but can at least be checked with:
journalctl --disk-usage
... in case you can't remember the du command.
You can limit the nonsense by editing the /etc/systemd/journald.conf file, and finding #SystemMaxFileSize=
Logger
You can log things at any time with the logger:
logger Server is being a dick!
Put things into a specific log with -p. They can enter into, e.g., lpr (printer) log file with a priority of "critical", with:
logger -p lpr.crit Help!
Logfiles rotate around and eventually get deleted. Rotation means they get compressed.
Edit the config in /etc/logrotate.conf.
A few apps have their own special log rotation rules, kept in /etc/logrotate.d/.
The major variables to change are weekly, which compresses log files weekly, and rotate 4, which keeps 4 weeks worth of backlogs before deletion.
Force Log Rotation
sudo systemctl kill --kill-who=main --signal=SIGUSR2 systemd-journald.service
or just
sudo systemctl restart systemd-journald.service