Getting Started with rsyslog

rsyslog is a modern, high-performance logging framework that extends traditional syslog functionality. It supports advanced features such as structured logging, high-throughput message processing, and integration with modern log pipelines (e.g., Elasticsearch, Kafka, cloud services). rsyslog is actively maintained and widely used as the default system logger on many Linux distributions.

Installation

### On Debian/Ubuntu

sudo apt update
sudo apt install rsyslog rsyslog-doc

### On RHEL/CentOS

sudo yum install rsyslog rsyslog-doc

After installation, enable and start rsyslog:

sudo systemctl enable rsyslog
sudo systemctl start rsyslog

Validating the Setup

To verify your installation and configuration, run:

rsyslogd -N1

This command checks configuration syntax without starting the daemon.

Basic Configuration

The primary configuration file is:

/etc/rsyslog.conf

Additional configuration snippets are placed in:

/etc/rsyslog.d/*.conf

Minimal Example

A simple configuration that logs all messages to /var/log/syslog:

module(load="imuxsock")  # Unix socket for local system logging
module(load="imklog")    # Kernel logging support

**/var/log/syslog

Apply changes by restarting rsyslog:

sudo systemctl restart rsyslog

First Advanced Step: Forwarding Logs

rsyslog can forward logs to remote servers using TCP or TLS:

action(
    type="omfwd"
    protocol="tcp"
    target="logs.example.com"
    port="514"
)

This configuration forwards all log messages to logs.example.com.

Modern Pipeline Integration

rsyslog supports many modern systems and formats, including:

• Elasticsearch and OpenSearch via the omelasticsearch module

• Kafka and other message brokers

• Structured logging with JSON templates

For example, to send logs to Elasticsearch:

module(load="omelasticsearch")

action(
    type="omelasticsearch"
    server="http://localhost:9200"
    searchIndex="rsyslog"
)

Next Steps ~———

• Explore the Configuration section for advanced settings and features.

• Review Tutorials for step-by-step guides.

• For quick answers, try the AI rsyslog assistant.

---

Support: rsyslog Assistant | GitHub Discussions | GitHub Issues: rsyslog source project

Contributing: Source & docs: rsyslog source project

© 2008–2025 Rainer Gerhards and others. Licensed under the Apache License 2.0.