journaldをログファイルに記録せずrsyslogのログファイルに記録させる方法

journaldをログファイルに記録せずrsyslogのログファイルに記録させる方法
journaldをログファイルに記録せずrsyslogのログファイルに記録させる方法

bookworm(Devian12)になってから、journaldが標準になり、ログを見るのにjournaldのコマンド入力が必要となりました。

それでは面倒なので、rsyslogのサービスをインストールして、/var/log/syslogに出力するように設定しています。

journaldでのログ出力が無駄になるので、rsyslogだけがログを保存するように設定を変更します。

rsyslogのインストールと設定の確認

/etc/log/syslogにログが出力されないと、運用が面倒なのでrsyslogをインストールします。

$ sudo apt-get -y install rsyslog
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  libestr0 libfastjson4 liblognorm5
Suggested packages:
  rsyslog-mysql | rsyslog-pgsql rsyslog-mongodb rsyslog-doc rsyslog-openssl | rsyslog-gnutls rsyslog-gssapi rsyslog-relp
The following NEW packages will be installed:
  libestr0 libfastjson4 liblognorm5 rsyslog
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 800 kB of archives.
After this operation, 4,141 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bookworm/main arm64 libestr0 arm64 0.1.11-1 [9,220 B]
Get:2 http://deb.debian.org/debian bookworm/main arm64 libfastjson4 arm64 1.2304.0-1 [27.4 kB]
Get:3 http://deb.debian.org/debian bookworm/main arm64 liblognorm5 arm64 2.0.6-4 [63.8 kB]
Get:4 http://deb.debian.org/debian bookworm/main arm64 rsyslog arm64 8.2302.0-1 [700 kB]
Fetched 800 kB in 0s (4,324 kB/s)
Selecting previously unselected package libestr0:arm64.
(Reading database ... 56042 files and directories currently installed.)
Preparing to unpack .../libestr0_0.1.11-1_arm64.deb ...
Unpacking libestr0:arm64 (0.1.11-1) ...
Selecting previously unselected package libfastjson4:arm64.
Preparing to unpack .../libfastjson4_1.2304.0-1_arm64.deb ...
Unpacking libfastjson4:arm64 (1.2304.0-1) ...
Selecting previously unselected package liblognorm5:arm64.
Preparing to unpack .../liblognorm5_2.0.6-4_arm64.deb ...
Unpacking liblognorm5:arm64 (2.0.6-4) ...
Selecting previously unselected package rsyslog.
Preparing to unpack .../rsyslog_8.2302.0-1_arm64.deb ...
Unpacking rsyslog (8.2302.0-1) ...
Setting up libestr0:arm64 (0.1.11-1) ...
Setting up libfastjson4:arm64 (1.2304.0-1) ...
Setting up liblognorm5:arm64 (2.0.6-4) ...
Setting up rsyslog (8.2302.0-1) ...
Created symlink /etc/systemd/system/syslog.service → /lib/systemd/system/rsyslog.service.
Created symlink /etc/systemd/system/multi-user.target.wants/rsyslog.service → /lib/systemd/system/rsyslog.service.
Processing triggers for libc-bin (2.36-9+rpt2+deb12u7) ...
Processing triggers for man-db (2.11.2-2) ...

設定内容を確認します。

$ sudo vi /etc/rsyslog.conf
# /etc/rsyslog.conf configuration file for rsyslog
#
# For more information install rsyslog-doc and see
# /usr/share/doc/rsyslog-doc/html/configuration/index.html


#################
#### MODULES ####
#################

module(load="imuxsock") # provides support for local system logging
module(load="imklog")   # provides kernel logging support
#module(load="immark")  # provides --MARK-- message capability

# provides UDP syslog reception
#module(load="imudp")
#input(type="imudp" port="514")

# provides TCP syslog reception
#module(load="imtcp")
#input(type="imtcp" port="514")


###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Set the default permissions for all log files.
#
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022

#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf


###############
#### RULES ####
###############

#
# Log anything besides private authentication messages to a single log file
#
*.*;auth,authpriv.none          -/var/log/syslog

#
# Log commonly used facilities to their own log file
#
auth,authpriv.*                 /var/log/auth.log
cron.*                          -/var/log/cron.log
kern.*                          -/var/log/kern.log
mail.*                          -/var/log/mail.log
user.*                          -/var/log/user.log

#
# Emergencies are sent to everybody logged in.
#
*.emerg                         :omusrmsg:*

赤字の通り、

  • imuxsock => syslog ソケットからログデータを読み込み
  • imklog => カーネルログ

が設定されているのでOKです。

journald側の設定

journaldの設定を

  • ジャーナルファイルへの書き込みを停止する
  • syslogソケットへの転送

に変更します。

$ sudo vi /etc/systemd/journald.conf
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it under the
#  terms of the GNU Lesser General Public License as published by the Free
#  Software Foundation; either version 2.1 of the License, or (at your option)
#  any later version.
#
# Entries in this file show the compile time defaults. Local configuration
# should be created by either modifying this file, or by creating "drop-ins" in
# the journald.conf.d/ subdirectory. The latter is generally recommended.
# Defaults can be restored by simply deleting this file and all drop-ins.
#
# Use 'systemd-analyze cat-config systemd/journald.conf' to display the full config.
#
# See journald.conf(5) for details.

[Journal]
#Storage=auto
Storage=none
#Compress=yes
#Seal=yes
#SplitMode=uid
#SyncIntervalSec=5m
#RateLimitIntervalSec=30s
#RateLimitBurst=10000
#SystemMaxUse=
#SystemKeepFree=
#SystemMaxFileSize=
#SystemMaxFiles=100
#RuntimeMaxUse=
#RuntimeKeepFree=
#RuntimeMaxFileSize=
#RuntimeMaxFiles=100
#MaxRetentionSec=
#MaxFileSec=1month
ForwardToSyslog=yes
#ForwardToKMsg=no
#ForwardToConsole=no
#ForwardToWall=yes
#TTYPath=/dev/console
#MaxLevelStore=debug
#MaxLevelSyslog=debug
#MaxLevelKMsg=notice
#MaxLevelConsole=info
#MaxLevelWall=emerg
#LineMax=48K
#ReadKMsg=yes
#Audit=no

赤字の通り設定を変更します。

再起動

$ sudo reboot

再起動すると各設定が有効となります。

タイトルとURLをコピーしました