What is Rsyslog Imfile?

By Lexie Tanner 3 years ago

What is Rsyslog Imfile?

This module provides the ability to convert any standard text file into a syslog message. A standard text file is a file consisting of printable characters with lines being delimited by LF. The file monitor supports file rotation. To fully work, rsyslogd must run while the file is rotated.

What is Imuxsock?

What is imuxsock some might ask. It is the name of the module that handles Unix Socket Input. For some who might not know, this module manages the delivery of syslog calls from a logging process to rsyslog. The module listens to the log sockets of a Unix system and gives rsyslog the log messages when they occur.

What is Imjournal?

Provides the ability to import structured log messages from systemd journal to syslog. The journal provides imuxsock with a copy of all “classical” syslog messages, however, it does not provide structured data. Only if that structured data is needed, imjournal must be used.

What is rsyslog used for?

Rsyslog is an open-source software utility used on UNIX and Unix-like computer systems for forwarding log messages in an IP network.

What is syslog facility?

The facility represents the machine process that created the syslog event. For example, is the event created by the kernel, by the mail system, by security/authorization processes, etc.?

What is Dev log?

/dev/log is the default entry for system logging. In the case of a systemd implementation (this case) it’s a symlink to whatever /run/systemd/journal/dev-log . It used to be a receiving end of a unix socket handled by syslog daemon.

What is Imklog in Linux?

Reads messages from the kernel log and submits them to the syslog engine.

What is rsyslog daemon and its purpose?

Rsyslogd is a system utility providing support for message logging. Support of both internet and unix domain sockets enables this utility to support both local and remote logging.

What is difference between rsyslog and syslog-ng?

Rsyslog is mainly available for Linux and recently for Solaris. The syslog-ng application is highly portable and available for many more platforms including AIX, HP-UX, Linux, Solaris, Tru64 and most variants of BSD. This makes syslog-ng more suitable for sites with diverse platforms.

Is there a default rate limit for rsyslog?

Rsyslog Rate Limiting. The systemd journal limit is hit before any default rsyslog limits as its default limits are smaller. By default rsyslog will accept 20,000 messages within a 10 minute period.

How does a standard text file work in rsyslog?

This module provides the ability to convert any standard text file into a syslog message. A standard text file is a file consisting of printable characters with lines being delimited by LF. The file is read line-by-line and any line read is passed to rsyslog’s rule engine.

How many messages can rsyslog accept in 10 minutes?

By default rsyslog will accept 20,000 messages within a 10 minute period. Therefore if you increase the rate limiting of the systemd journal logging as shown above you may then start to receive similar messages in your syslog logs as shown below.

How to disable systemd journal logging rate limiting?

If more messages than the amount specified in RateLimitBurst are received within the time defined by RateLimitInterval, all further messages within the interval are dropped until the interval is over. You can modify these values as you see fit, you can completely disable systemd journal logging rate limiting by setting both to 0.