【Linux】/var/log/messagesにinfo、errなどのプライオリティを表示する方法

messagesにプライオリティを表示する方法
この記事を読むと・・・
/var/log/messagesでプライオリティを表示させる方法が理解できる
/var/log/messagesの出力フォーマットを変更する方法が理解できる
目次

/var/log/messagesにプライオリティを表示させる設定方法

STEP
/etc/rsyslog.confを編集する

vi /etc/rsyslog.confコマンドで、
/var/log/messages にプライオリティを表示させるように設定変更します。

簡単に説明すると、出力フォーマットを定義したテンプレート定義を追加し、
そのテンプレートを/var/log/messagesで使うように設定します。
以下に設定ファイルの変更箇所を記載したので参照ください。

スクロールできます
変更前変更後
*.info;mail.none;authpriv.none;cron.none /var/log/messages#*.info;mail.none;authpriv.none;cron.none /var/log/messages
追記$template rsyslog_template,”%timegenerated% %HOSTNAME% %syslogfacility-text%.%syslogseverity-text%: %syslogtag%%msg:::drop-last-lf%\n”
追記*.info;mail.none;authpriv.none;cron.none /var/log/messages;rsyslog_template
/etc/rsyslog.conf 変更箇所
# vi /etc/rsyslog.conf
# rsyslog configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# or latest version online at http://www.rsyslog.com/doc/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### GLOBAL DIRECTIVES ####

# Where to place auxiliary files
global(workDirectory="/var/lib/rsyslog")

# Use default timestamp format
module(load="builtin:omfile" Template="RSYSLOG_TraditionalFileFormat")

# Include all config files in /etc/rsyslog.d/
include(file="/etc/rsyslog.d/*.conf" mode="optional")

#### MODULES ####

module(load="imuxsock"    # provides support for local system logging (e.g. via logger command)
       SysSock.Use="off") # Turn off message reception via local log socket;
                          # local messages are retrieved through imjournal now.
module(load="imjournal"             # provides access to the systemd journal
       StateFile="imjournal.state") # File to store the position in the journal
#module(load="imklog") # reads kernel messages (the same are read from journald)
#module(load="immark") # provides --MARK-- message capability

# Provides UDP syslog reception
# for parameters see http://www.rsyslog.com/doc/imudp.html
#module(load="imudp") # needs to be done just once
#input(type="imudp" port="514")

# Provides TCP syslog reception
# for parameters see http://www.rsyslog.com/doc/imtcp.html
#module(load="imtcp") # needs to be done just once
#input(type="imtcp" port="514")

#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
#*.info;mail.none;authpriv.none;cron.none                /var/log/messages
$template rsyslog_template,"%timegenerated% %HOSTNAME% %syslogfacility-text%.%syslogseverity-text%: %syslogtag%%msg:::drop-last-lf%\n"
*.info;mail.none;authpriv.none;cron.none                /var/log/messages;rsyslog_template

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 :omusrmsg:*

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log


# ### sample forwarding rule ###
#action(type="omfwd"
# # An on-disk queue is created for this action. If the remote host is
# # down, messages are spooled to disk and sent when it is up again.
#queue.filename="fwdRule1"       # unique name prefix for spool files
#queue.maxdiskspace="1g"         # 1gb space limit (use as much as possible)
#queue.saveonshutdown="on"       # save messages to disk on shutdown
#queue.type="LinkedList"         # run asynchronously
#action.resumeRetryCount="-1"    # infinite retries if host is down
# # Remote Logging (we use TCP for reliable delivery)
# # remote_host is: name/ip, e.g. 192.168.0.1, port optional e.g. 10514
#Target="remote_host" Port="XXX" Protocol="tcp")
STEP
/etc/rsyslog.confの定義をチェックする

rsyslogd -N 1コマンドで、/etc/rsyslog.confの定義をチェックします。

# rsyslogd -N 1
rsyslogd: version 8.2102.0-105.el9, config validation run (level 1), master config /etc/rsyslog.conf
rsyslogd: End of config validation run. Bye

定義が誤っていると、以下のように誤っている行が指摘されます。

# rsyslogd -N 1
rsyslogd: version 8.2102.0-105.el9, config validation run (level 1), master config /etc/rsyslog.conf
rsyslogd: error during parsing file /etc/rsyslog.conf, on or before line 82: warnings occured in file '/etc/rsyslog.conf' around line 82 [v8.2102.0-105.el9 try https://www.rsyslog.com/e/2207 ]
STEP
rsyslogサービスを再起動し、設定を反映させる

systemctl restart rsyslog.serviceコマンドで、rsyslogサービスを再起動し、設定を反映させます。

# systemctl restart rsyslog.service
STEP
rsyslogサービスのステータスを確認する

systemctl status rsyslog.serviceコマンドで、
rsyslogサービスが正常に稼働していること「Active: active (running)」を確認します。

# systemctl status rsyslog.service
● rsyslog.service - System Logging Service
     Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2023-12-16 22:49:11 JST; 17s ago
       Docs: man:rsyslogd(8)
             https://www.rsyslog.com/doc/
   Main PID: 1812 (rsyslogd)
      Tasks: 3 (limit: 10472)
     Memory: 972.0K
        CPU: 5ms
     CGroup: /system.slice/rsyslog.service
             mq1812 /usr/sbin/rsyslogd -n

12月 16 22:49:11 SRV01 systemd[1]: Starting System Logging Service...
12月 16 22:49:11 SRV01 rsyslogd[1812]: [origin software="rsyslogd" swVersion="8.2102.0-105.el9" x-pid="1812" x-info="https://www.rsyslog.co>
12月 16 22:49:11 SRV01 systemd[1]: Started System Logging Service.
12月 16 22:49:11 SRV01 rsyslogd[1812]: imjournal: journal files changed, reloading...  [v8.2102.0-105.el9 try https://www.rsyslog.com/e/0 ]
STEP
プライオリティーが表示されていることを確認する

tail /var/log/messagesコマンドで、
最新のログを確認し、プライオリティが表示されていることを確認します。

# tail /var/log/messages
Dec 16 22:58:35 SRV01 systemd[1]: Started System Logging Service.
Dec 16 22:58:35 SRV01 rsyslogd[1855]: imjournal: journal files changed, reloading...  [v8.2102.0-105.el9 try https://www.rsyslog.com/e/0 ]
Dec 16 22:58:58 SRV01 daemon.info: systemd[1]:Stopping System Logging Service...
Dec 16 22:58:59 SRV01 syslog.info: rsyslogd[1855]:[origin software="rsyslogd" swVersion="8.2102.0-105.el9" x-pid="1855" x-info="https://www.rsyslog.com"] exiting on signal 15.
Dec 16 22:58:59 SRV01 daemon.info: systemd[1]:rsyslog.service: Deactivated successfully.
Dec 16 22:58:59 SRV01 daemon.info: systemd[1]:Stopped System Logging Service.
Dec 16 22:58:59 SRV01 daemon.info: systemd[1]:Starting System Logging Service...
Dec 16 22:58:59 SRV01 syslog.info: rsyslogd[1863]:[origin software="rsyslogd" swVersion="8.2102.0-105.el9" x-pid="1863" x-info="https://www.rsyslog.com"] start
Dec 16 22:58:59 SRV01 daemon.info: systemd[1]:Started System Logging Service.
Dec 16 22:58:59 SRV01 syslog.notice: rsyslogd[1863]:imjournal: journal files changed, reloading...  [v8.2102.0-105.el9 try https://www.rsyslog.com/e/0 ]
よかったらシェアしてね!
  • URLをコピーしました!
目次