kern: Kernel messages.
user: User-level messages.
mail: Mail system.
daemon: System daemons, which are background processes/services.
auth: Security/authorization (also often used by authentication systems).
syslog: Messages generated internally by the syslog daemon.
lpr: Line printer subsystem.
news: Network news subsystem.
uucp: Unix-to-Unix copy system.
cron: Cron daemon (scheduling and automation).
authpriv: Security/authorization messages requiring privacy.
ftp: FTP daemon.
local0: Locally used facility.
...
local7: Locally used facility.
severity-lər:
CODE
PRIORITY
SEVERITY
0
emerg
System is unusable
1
alert
Action must be taken immediately
2
crit
Critical condition
3
err
Non-critical error condition
4
warning
Warning condition
5
notice
Normal but significant event
6
info
Informational event
7
debug
Debugging-level message
# Bütün mailləri bir yerdə yadda saxlamaq üçün
# - olması, ryslog-un maillog faylı ilə birbaşa sinxranizasiyaya keçməyəciyin bildirir
# - olmasa, rsyslog xəbəri olan hər eventi fayla append edir.
mail.* -/var/log/maillog
# Bütün facilitylərdəki emerg loqlar hal-hazırda login olmuş istifadəçilərin terminalında görsənsin
*.emerg :omusrmsg:*
# Həmin loqlar sadəcə alicenab istifadəçisinin terminalında görsənsin.
*.emerg :omusrmsg:alicenab
Digər actionlara nümunələr:
# enables writing messages to file and it is typically invoked without explicitly being named
:omfile: # *.info /var/log/messages
# Used for forwarding log messages to a remote server using different protocols
:omfwd: # *.* @@remote-host:514 (Using TCP to forward messages to a remote host
# Allows executing shell commands with log message content.
:omshell: # :omshell:/path/to/shell/script
# Used to send log messages via email.
:ommail: # :ommail:mail.example.com,from@example.com,to@example.com
# Directs log messages to a named pipe (FIFO).
:ompipe: # *.* :ompipe:/path/to/pipe.fifo
# Used for forwarding log messages to an external program’s standard input.
:omprog: # *.* :omprog:/path/to/script
# Sending messages to a remote server using the RELP (Reliable Event Logging Protocol).
:omrelp: # *.* :omrelp:remote-host:2514
# Forwarding messages using UDP while spoofing the IP address.
:omudpspoof: # *.* :omudpspoof:ip-to-spoof,remote-host
# Producing messages to Apache Kafka brokers.
:omkafka: # Producing messages to Apache Kafka brokers.
# Producing messages to Apache Kafka brokers.
:omclickhouse: # Producing messages to Apache Kafka brokers.
send manual syslog entry
logger -p local7.notice "Log entry created on host"
logger -p user.debug "Debug Message Test"
Logrotate
Loqlar sistemdə çox yer tutmasın deyə onları arxivləşdirir, 4 həftədən sonra silir.
Default olaraq bütün loqlar /run/log/journal qovluğunda saxlanıldığı üçün, rebootdan sonra journalctl dataları silinir. /etc/systemd/journald.conf faylında dəyişiklik edərək həmin loqların daimi saxlanmasına şərait yarada bilərik.
persistent - /var/log/journal qovluğunda persistent olaraq saxlayır
volatile - /run/log/journal qovlugunda reboota qədər saxlayır
auto - sistemdə /var/log/journal qovluğu olarsa persistent, olmazsa volatile saxlayır
Persistent etmək üçün aşağıdakı konfiqurasiyanı etmək lazımdır
sudo vim /etc/systemd/journald.conf
[Journal]
cStorage=persistent