The sys admin's daily grind: RSyslog
Where To Next?
Well-used services write reams of log information to disk, which is not only bothersome from a storage perspective but also pushes grep and the usual group of statistics tools to their limits. Will hitching the syslog daemon up to a database help?
Who said length doesn't matter? My spam filters alone give me a 3GB logfile daily, which would be fine if I just needed the beast to check up on the occasional error. Because I need to extract a whole bunch of statistics about spam and virus threats from the file, grepping such enormous files takes ages, besides creating far too much I/O overhead.
RSyslog [1] took me a giant leap closer to finding a solution – it logs directly to a MySQL or PostgreSQL database, meaning that I can replace my grep commands with fast SQL statements. RSyslog is included with many distributions and is the default application in Fedora 8, for example. By default, my Ubuntu lab environment runs sysklogd, making it easy for me to switch to RSyslog. For the time being, I can even keep my old syslog.conf. For the most part, RSyslog's configuration file is the same as the legacy format, although it does support a couple of additional options for linking up with the database.
First I need to set up a database. To do so, I run the createDB.sql script, which is provided with the RSyslog package:
mysql -u root -pPasswort < ./createDB.sql
This command line automatically creates a database called Syslog along with the required tables.
At the MySQL prompt, I then create a user and assign privileges:
> grant ALL ON Syslog.* to rsyslog@localhost identified by 'secret'; > flush privileges;
Next, telling RSyslog to use the database is refreshingly simple – just two lines in /etc/rsyslog.d/mysql.conf:
$ModLoad MySQL mail.* >localhost,Syslog,rsyslog,secret
The first line loads the module that RSyslog needs to access the database. The second line defines the log facility containing the entries RSyslog will push to the database. The mail facility data are all I need to create spam filter statistics, followed by the access parameters for the MySQL database: hostname, database name, MySQL user name, and password.
After rebooting, I was pleased to see the RSyslog daemons filling the database (Figure 1). All done! This won't magically improve your spam statistics, but at least it will get the job done faster. Incidentally, the example here works with the current 2.0.2. stable release. RSyslog's author, Rainer Gerhards, is working hard on a 3x version, which he promises will add even more neat features.
Infos
- RSyslog: http://www.rsyslog.com
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.
-
Kodi 21.0 Open-Source Entertainment Hub Released
After a year of development, the award-winning Kodi cross-platform, media center software is now available with many new additions and improvements.
-
Linux Usage Increases in Two Key Areas
If market share is your thing, you'll be happy to know that Linux is on the rise in two areas that, if they keep climbing, could have serious meaning for Linux's future.
-
Vulnerability Discovered in xz Libraries
An urgent alert for Fedora 40 has been posted and users should pay attention.
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs
-
Juno Computers Launches Another Linux Laptop
If you're looking for a powerhouse laptop that runs Ubuntu, the Juno Computers Neptune 17 v6 should be on your radar.