The syslogd service is the original syslog service on Linux. The rsyslogd service makes several improvements, including support for:

  • TCP instead of UDP as the transport protocol, increasing the reliability of transmitted data.
  • Data encryption using SSL/TLS.
  • Outputting data to various database technologies like MySQL.
  • Buffering data on local systems when the remote receiver is not ready to accept it.
  • Filtering data based on content.

In addition, rsyslogd maintains the same basic configuration format as its predecessor, so it is backward compatible in that sense.

The /etc/rsyslog.conf file

The /etc/rsyslog.conf file is the configuration file for the rsyslogd service. This file determines how to handle syslog messages through a variety of rules that you can modify as needed.

The file takes a two-column format. The first column lists message facilities and/or severities. Severities are defined in word format rather than as numbers 0–7. The second column defines what actions should be taken for messages that correspond to the facility and/or severity. Actions include which file to write the message to; which users to print the message to if they are logged in to a terminal; and which remote hosts to forward the message to.

The syslog-ng Service

The syslog-ng service is another replacement for the older syslogd service. Although it offers similar functionality to rsyslogd, syslog-ng has its own syntax.

rsyslogd Command Examples

1. To start the rsyslog service:

2. To suppress the warnings:

3. To disable the DNS for remote messaging:

4. To send UDP messages to all the targets:

5. To causes rsyslogd to listen to IPv4 addresses only:

6. To causes rsyslogd to listen to IPv6 addresses only:

7. To selects the desired backward compatibility mode:

8. To turn on the debug mode:

9. To specify the alernative configuration file:

10. To specify the alternate pid file:

11. To specify the hostnames to be logged:

12. To avoid auto-backgrounding:

13. To do a config check:

14. To specify a domainname that should be stripped off before logging:

15. To print the version: