rsyslog on CentOS 5.5

標準の syslog を rsyslog で置き換える。TCP 通信や通信の暗号化、データベースフォーマットでの出力などができるようになる。

# Install the rsyslog Package

yum -y install rsyslog
cp -a /etc/sysconfig/rsyslog /etc/sysconfig/rsyslog.orig # 追記
sed -i 's/SYSLOGD_OPTIONS="-m 0"/SYSLOGD_OPTIONS="-c3"/' /etc/sysconfig/rsyslog # 追記

# Ensure Important Messages are Captured

cp -a /etc/rsyslog.conf /etc/rsyslog.conf.orig
sed -i \
    -e '/*.info;mail.none;authpriv.none;cron.none/s/^/#/' \
    -e '/*.info;mail.none;authpriv.none;cron.none/aauth,user.*\t\t\t\t\t\t\/var\/log\/messages' \
    -e '/*.emerg/s/^/#/' \
    -e '/uucp,news.crit/s/^/#/' \
    echo -e ''
    echo -e 'kern.*\t\t\t\t\t\t\t/var/log/kern.log'
    echo -e 'daemon.*\t\t\t\t\t\t/var/log/daemon.log'
    echo -e 'syslog.*\t\t\t\t\t\t/var/log/syslog'
    echo -e 'lpr,news,uucp,local0,local1,local2,local3,local4,local5,local6.* /var/log/unused.log'

# Send Logs to a Remote Host Using Reliable Transport

    echo -e '#*.*\t\t\t\t\t\t\'
} >> /etc/rsyslog.conf

# Confirm Existence and Permissions of Log Files

touch /var/log/kern.log /var/log/daemon.log /var/log/syslog /var/log/unused.log
chown root:root /var/log/kern.log /var/log/daemon.log /var/log/syslog /var/log/unused.log
chmod 600 /var/log/kern.log /var/log/daemon.log /var/log/syslog /var/log/unused.log

# Ensure the rsyslog Service is Activated

/sbin/service syslog stop
/sbin/service rsyslog start
/sbin/chkconfig syslog off
/sbin/chkconfig rsyslog on

# Ensure All Logs are Rotated

cp -a /etc/logrotate.d/syslog /etc/logrotate.d/syslog.orig~
sed -i 's/{/\/var\/log\/kern.log \/var\/log\/daemon.log \/var\/log\/syslog \/var\/log\/unused.log {/' /etc/logrotate.d/syslog