rsyslog

The rocket-fast system for log processing

How can I check the config?

We have often seen the case, that someone has rsyslog running and makes changes to the configuration. And usually, after making the changes, rsyslog gets restarted, but the changed config is invalid. rsyslog has a function to check the configuration for validity. This can be done very easily by invoking this command:

rsyslogd -N1

(Note that rsyslogd may not be in your search path – then it usually is found in /sbin/rsyslogd)

This tells rsyslog to do a config check. It does NOT run in regular mode, but just check configuration file correctness. This option is meant to verify a config file. To do so, run rsyslogd interactively in foreground, specifying -f <config-file> and -N level. The level argument modifies behaviour. Currently, 0 is the same as not specifying the -N option at all (so this makes limited sense) and 1 actually activates the code.

This configuration check will only check the configuration for integrity like syntax. Additionaly, the modules will be loaded to make sure that they work properly. On the downside, since the engine will not be loaded, errors with permissions or alike cannot be checked. These will occur only when running rsyslog normally.

The verdict for this option is, that it is quite useful for a first check if the changes were correct, without running the configuration in live mode. This might help to prevent that rsyslog gets restarted with a basically wrong configuration and thus rendering rsyslog useless, because it might not work or not work properly.

One thought on “How can I check the config?

  1. # /etc/rsyslog.conf Configuration file for rsyslog.
    #
    # For more information see
    # /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html

    #################
    #### MODULES ####
    #################

    $ModLoad imuxsock # provides support for local system logging
    $ModLoad imklog # provides kernel logging support
    #$ModLoad immark # provides –MARK– message capability

    # provides UDP syslog reception
    $ModLoad imudp
    $UDPServerRun 514

    # provides TCP syslog reception
    #$ModLoad imtcp
    #$InputTCPServerRun 514

    ###########################
    #### GLOBAL DIRECTIVES ####
    ###########################

    #
    # Use traditional timestamp format.
    # To enable high precision timestamps, comment out the following line.
    #
    $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

    #
    # Set the default permissions for all log files.
    #
    $FileOwner root
    $FileGroup adm
    $FileCreateMode 0640
    $DirCreateMode 0755
    $Umask 0022

    #
    # Where to place spool and state files
    #
    $WorkDirectory /stockage/srv/logs

    #
    # Include all config files in /etc/rsyslog.d/
    #
    $IncludeConfig /etc/rsyslog.d/*.conf

    ###############
    #### RULES ####
    ###############

    #
    # First some standard log files. Log by facility.
    #
    auth,authpriv.* /stockage/srv/logs/auth.log
    *.*;auth,authpriv.none -/stockage/srv/logs/syslog
    #cron.* /stockage/srv/logs/cron.log
    daemon.* -/stockage/srv/logs/daemon.log
    kern.* -/stockage/srv/logs/kern.log
    lpr.* -/stockage/srv/logs/lpr.log
    mail.* -/stockage/srv/logs/mail.log
    user.* -/stockage/srv/logs/user.log
    test.* -/stockage/srv/logs/test
    #
    # Logging for the mail system. Split it up so that
    # it is easy to write scripts to parse these files.
    #
    mail.info -/stockage/srv/logs/mail.info
    mail.warn -/stockage/srv/logs/mail.warn
    mail.err /stockage/srv/logs/mail.err

    #
    # Logging for INN news system.
    #
    news.crit /stockage/srv/logs/news/news.crit
    news.err /stockage/srv/logs/news/news.err
    news.notice -/stockage/srv/logs/news/news.notice

    #
    # Some "catch-all" log files.
    #
    *.=debug;\
    auth,authpriv.none;\
    news.none;mail.none -/stockage/srv/logs/debug
    *.=info;*.=notice;*.=warn;\
    auth,authpriv.none;\
    cron,daemon.none;\
    mail,news.none -/stockage/srv/logs/messages

    #
    # Emergencies are sent to everybody logged in.
    #
    *.emerg :omusrmsg:*

    #
    # I like to have messages displayed on the console, but only on a virtual
    # console I usually leave idle.
    #
    #daemon,mail.*;\
    # news.=crit;news.=err;news.=notice;\
    # *.=debug;*.=info;\
    # *.=notice;*.=warn /dev/tty8

    # The named pipe /dev/xconsole is for the `xconsole’ utility. To use it,
    # you must invoke `xconsole’ with the `-file’ option:
    #
    # $ xconsole -file /dev/xconsole […]
    #
    # NOTE: adjust the list below, or you’ll go crazy if you have a reasonably
    # busy site..
    #
    daemon.*;mail.*;\
    news.err;\
    *.=debug;*.=info;\
    *.=notice;*.=warn |/dev/xconsole

Comments are closed.