Syslogd to rsyslog

From

Jump to: navigation, search

Introduction

  • Starting with (K)Ubuntu 11.04 Lucid Lynx, the Linux logging mechanism was changed from syslogd to rsyslog. Some older applications still attempt to send logs to the syslogd system, however. The rsyslog system can be configured to intercept those logs.

The Firestarter firewall, for example, is one of those programs, and unless this is done it will return errors regarding an inability to record logs. There are several other programs with similar problems. The solution is to create (or edit a pre-exisitng) configuration file to instruct rsyslog to interect the logs.

Create or alter rsyslog configuration file

  • Create a file /etc/rsyslog.d/90-foroldlogs.conf (use the text editor gedit instead of kate if using Ubuntu instead of Kubuntu):
 sudo kate /etc/rsyslog.d/90-foroldlogs.conf
that contains the lines:
*.=info;*.=notice;*.=warn;\
 auth,authpriv.none;\
 cron,daemon.none;\
 mail,news.none -/var/log/messages
  • Alternatively, edit the existing config file /etc/rsyslog.d/50-default.conf (use the text editor gedit instead of kate if using Ubuntu instead of Kubuntu):
sudo kate /etc/rsyslog.d/50-default.conf
and uncomment the lines (remove the # at the beginning of each line):
#*.=info;*.=notice;*.=warn;\
# auth,authpriv.none;\
# cron,daemon.none;\
# mail,news.none -/var/log/messages
to
*.=info;*.=notice;*.=warn;\
 auth,authpriv.none;\
 cron,daemon.none;\
 mail,news.none -/var/log/messages
  • Then reboot the system or restart rsyslog:
 sudo service rsyslog restart
Personal tools
Sponsor
     Asus 1015E