From the course: Linux System Engineer: Kernel Tuning and Remote Logging
Unlock the full course today
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
rsyslog actions
From the course: Linux System Engineer: Kernel Tuning and Remote Logging
rsyslog actions
- [Instructor] For every filter there's an action. The action for a log filter usually involves saving the log messages to a file. For instance, in this case, all cron messages are saved to /var/log/cron.log. As this line is written, this file is synchronized on every write. This can create a lot of overhead if there are a lot of writes to the log. To keep from syncing the file system every single time the log is written, we can precede the paths with a dash. Be aware that the data is held in RAM since it's not written to the disk right away. This opens the possibility that you may lose data if the server shuts down unexpectedly. Log save paths can either be static, as we saw in the previous example, or dynamic. With a dynamic path we create a template and then use that template name prefixed with a question mark in the rule. The template for this example might look something like this. It will create a new log file for each message based on the timestamp of the message. When creating…