標準の syslog を rsyslog で置き換える。TCP 通信や通信の暗号化、データベースフォーマットでの出力などができるようになる。
# Install the rsyslog Package
yum -y install rsyslog
cp -a /etc/sysconfig/rsyslog /etc/sysconfig/rsyslog.orig # 追記
sed -i 's/SYSLOGD_OPTIONS="-m 0"/SYSLOGD_OPTIONS="-c3"/' /etc/sysconfig/rsyslog # 追記
# Ensure Important Messages are Captured
cp -a /etc/rsyslog.conf /etc/rsyslog.conf.orig
sed -i \
-e '/*.info;mail.none;authpriv.none;cron.none/s/^/#/' \
-e '/*.info;mail.none;authpriv.none;cron.none/aauth,user.*\t\t\t\t\t\t\/var\/log\/messages' \
-e '/*.emerg/s/^/#/' \
-e '/uucp,news.crit/s/^/#/' \
/etc/rsyslog.conf
{
echo -e ''
echo -e 'kern.*\t\t\t\t\t\t\t/var/log/kern.log'
echo -e 'daemon.*\t\t\t\t\t\t/var/log/daemon.log'
echo -e 'syslog.*\t\t\t\t\t\t/var/log/syslog'
echo -e 'lpr,news,uucp,local0,local1,local2,local3,local4,local5,local6.* /var/log/unused.log'
# Send Logs to a Remote Host Using Reliable Transport
echo -e '#*.*\t\t\t\t\t\t\t@@loghost.example.com' } >> /etc/rsyslog.conf
# Confirm Existence and Permissions of Log Files
touch /var/log/kern.log /var/log/daemon.log /var/log/syslog /var/log/unused.log chown root:root /var/log/kern.log /var/log/daemon.log /var/log/syslog /var/log/unused.log chmod 600 /var/log/kern.log /var/log/daemon.log /var/log/syslog /var/log/unused.log
# Ensure the rsyslog Service is Activated
/sbin/service syslog stop /sbin/service rsyslog start /sbin/chkconfig syslog off /sbin/chkconfig rsyslog on
# Ensure All Logs are Rotated
cp -a /etc/logrotate.d/syslog /etc/logrotate.d/syslog.orig~
sed -i 's/{/\/var\/log\/kern.log \/var\/log\/daemon.log \/var\/log\/syslog \/var\/log\/unused.log {/' /etc/logrotate.d/syslog
