1. Installing rsyslog

Install rsyslog via packages, verify the service, and (optionally) try a Docker sandbox.

1.1. Goal

Get rsyslog installed and confirm it runs correctly on your system. If you prefer a zero-risk sandbox, try the optional Docker approach at the end.

Important

About default distro configs: Many distributions ship legacy-style config lines in /etc/rsyslog.conf (e.g., *.* /var/log/syslog or $FileCreateMode). That is normal and supported. In these tutorials we use modern RainerScript. Do not rewrite the distro file. Add your own rules under /etc/rsyslog.d/*.conf. For a guided explanation, see Understanding the Default Configuration.

1.2. Steps

1.2.1. 1) Install the packages

On Ubuntu/Debian:

sudo apt update
sudo apt install rsyslog

On RHEL / CentOS / Rocky / Alma:

sudo dnf install rsyslog

1.2.2. 2) Enable and start the service

sudo systemctl enable --now rsyslog
systemctl status rsyslog --no-pager

1.2.3. 3) Validate configuration syntax

Run a dry-run parse to check syntax without launching a second daemon:

sudo rsyslogd -N1

You should see “rsyslogd: End of config validation run.” with no errors.

1.3. Verification

Send a test message and ensure rsyslog is processing logs locally:

logger -t tut01 "hello from rsyslog tutorial 01"
sudo tail -n 50 /var/log/syslog  2>/dev/null || sudo tail -n 50 /var/log/messages

You should see a line containing tut01 and your message.

1.4. If it’s not working…

1. Service not active

   • Check: systemctl status rsyslog

   • Fix: sudo systemctl restart rsyslog

2. Syntax errors

   • Run: sudo rsyslogd -N1

   • Read the first error carefully; it points to the file/line. Remove the offending change or fix the typo, then re-run.

3. Logs not visible

   • Different distros write to different files. Try both: /var/log/syslog and /var/log/messages.

   • Ensure your terminal command used logger (see above).

4. Permission issues

   • If you created custom log paths, ensure directory write permissions for the rsyslog service user. Use sudo chown / chmod appropriately.

1.5. Optional: Try rsyslog in Docker (sandbox)

Use this if you want to experiment without touching your host’s system logger.

docker run --name rsyslog-sandbox -it --rm rsyslog/rsyslog

In another terminal, exec a shell into the container to test:

docker exec -it rsyslog-sandbox bash
logger -t tut01 "hello from inside container"
tail -n 50 /var/log/syslog  2>/dev/null || tail -n 50 /var/log/messages

Note

This container does not replace your host’s system logger. To receive host logs, you’d need volume mounts and socket plumbing; that is outside this beginner tutorial and covered later in best-practice guidance.

1.6. See also / Next steps

• Your First Configuration – write a message to a custom file using modern RainerScript.

• Understanding the Default Configuration – why distro configs look “old”, and how to add your own rules safely.

• Existing page: Installing rsyslog – neutral installation reference.

---

Tip

🎬 Video idea: a 2–3 min screen capture showing package install, service check, rsyslogd -N1, a logger test, and the Docker sandbox run.

---

Support: rsyslog Assistant | GitHub Discussions | GitHub Issues: rsyslog source project

Contributing: Source & docs: rsyslog source project

© 2008–2025 Rainer Gerhards and others. Licensed under the Apache License 2.0.