rsyslog on AWS – Applying Configuration Changes
Once you’ve updated the configuration of the AWS rsyslog application, it’s important to manually apply the new settings as rsyslog doesn’t do this automatically. This is to prevent partial changes from being loaded and potentially causing issues.
The AWS rsyslog AWS application provides a dedicated tool, rsyslogctl, which can be used to check and reload the configuration. During the reload process, rsyslogctl determines the most efficient way to apply the changes. For example, some changes like drop rules can be applied without interrupting message processing, while others require a full restart, causing a brief interruption.
Additionally, rsyslogctl verifies the new configuration for errors before applying it. If there are any problems with the configuration, it will report an error. The tool also maintains a history of recently applied configurations, which is synced to S3 if it has been configured.
By using rsyslogctl, you can ensure that your updated configuration is applied correctly and with minimal disruption to message processing.
Verifying a new Configuration
To ensure that your configuration is correct, you can use the following command:
sudo rsyslogctl check-config
This command checks for common problems and will emit error messages if any issues are detected. It’s important to note that while rsyslogctl can detect frequent problems, it may not identify all potential issues.
It’s also worth noting that config verification is automatically done when attempting to reload the configuration. If the validation fails during the reload, the configuration change will not be applied. Therefore, it’s vital to ensure that the config check runs without any issues to prevent any potential problems.
It’s recommended to perform a config check regularly, especially when making significant changes such as adding multiple drop rules. By doing so, you can more easily detect otherwise hard-to-find issues that a change may have introduced. While config reload can be helpful, it’s not always sufficient, and regular config checks are a crucial step in maintaining the correctness of your configuration.
Reloading the Configuration
Activating a new configuration is known as “reloading the configuration” among Linux administrators. This process ensures that the running rsyslog instance uses the most up-to-date configuration. To reload the configuration, you can use the command:
sudo rsyslogctl reload-config
This command not only reloads the configuration but also checks for any issues and verifies the correctness of the configuration. If there are no issues, the new configuration is activated. Additionally, rsyslogctl checks if there are any changes to the configuration at all. If there are no changes, no reload is done.
Whenever a configuration change is applied, a copy of the previous configuration is saved in the /opt/rsyslog/config/history
folder. This folder stores the previous nine configurations, making it easier to revert to an earlier version if a configuration error occurs. If the RSYSLOG_S3_ID
is configured in the meta configuration, the configuration history will also be synchronized to S3, making it easier to access and restore configurations. However, please note that the /opt/rsyslog/config/history
folder is intended for diagnostic purposes only and should not be used for regular system operation.
For more information on the reload process, please see the introductory section at the top of this page.
It’s important to note that changing most “meta config” settings requires a rsyslog restart. Although this is a brief operation, it can cause some message loss and disrupt message reception. Therefore, it’s recommended to execute the configuration reload outside of peak traffic periods.
It’s worth noting that you can also reload the configuration using regular systemd tools. However, in this case, no verification steps are performed, and the configuration history is not updated. Additionally, the user must identify the least intrusive reload option themselves. Therefore, it’s strongly recommended to always use the rsyslogctl
tool to reload the configuration