Linux Commands

How to Setup Syslog on Rocky Linux 9

Syslog is a utility that is used to capture and log the system’s information. The standard system logging protocol offers a centralized mechanism to log the system messages. You can store this system information locally and remotely. Syslog collects the log messages from different sources such as applications, system daemons, and the Kernel. Later, it writes these log messages into the log files that you can use for auditing, security analysis, and troubleshooting.

Furthermore, syslog provides an extensible architecture which allows the programmers to create custom log plugins to extend the functionality. If you want to know how to set up syslog in Linux, please read this guide completely. Here, we will explain how to set up syslog in Rocky Linux 9 (RHEL-based OS).

How to Setup Syslog on Rocky Linux 9

First of all, your system requires rsyslog to access syslog in Rocky Linux 9. Install it through the following command:

sudo dnf install rsyslog

 

Once you install rsyslog, run all the following commands one by one to start, enable, and check the status of the rsyslog service:

sudo systemctl start rsyslog
sudo systemctl enable rsyslog
sudo systemctl status rsyslog

 

Now, you can access and modify the config file of rsyslog through the following command:

sudo nano /etc/rsyslog.conf

 

In this config file, you need to uncomment the following lines to configure the syslog to get the logs through UDP or TCP:


You can also specify the IP or any domain to limit the access of the logs. All you need to do is add the following lines under the input(type=”imtcp” port=”514″) but replace the <IP> and xyz.com with your IP address and domain:

$AllowedSender TCP, <IP>, *.xyz.com

 

Moreover, if you have a remote server, you can specify the remote server IP and the port number:

*.* @remote_log_server_ip:port_number

 
After making the changes successful, save the file and run the following commands to restart the rsyslog service:

sudo systemctl restart rsyslog
sudo systemctl status rsyslog

 

How to Check the Syslog

If you want to check the syslogs, run the following command in the terminal:

sudo less /var/log/messages

 

Furthermore, you can check the specific service by adding the name in the command with grep. For example, let’s check the syslogs for Firewall:

sudo grep firewalld /var/log/messages

 

Conclusion

This isall about the easy method to set up syslog on Rocky Linux 9. Syslog is a great utility that you can use to capture the system’s information. That’s why you can setup syslog to manage the log messages from various sources including applications, Kernel, system daemons, etc. We recommend you to use the commands properly because a wrong command execution may sometimes lead to errors.

 

About the author

Prateek Jangid

A passionate Linux user for personal and professional reasons, always exploring what is new in the world of Linux and sharing with my readers.