1,可以已查看本机的rsyslog服务状态
sudo systemctl status rsyslog
2,可以查看服务的包的版本及配置所在目录
2.1,可以看出这个 /etc/logrotate.d/syslog这个文件是系统默认自带的要轮询系统自带日志的文件
cat /etc/logrotate.d/syslog
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
{
missingok
daily
sharedscripts
size 512M
rotate 10
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
2.1, /etc/rsyslog.conf为rsyslogd的主配置文件
[root@master logrotate.d]# grep -C 5 maillog /etc/rsyslog.conf
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
[root@master logrotate.d]# grep -C 10 maillog /etc/rsyslog.conf
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg :omusrmsg:*
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
2.3,/etc/sysconfig/rsyslog是配置rsyslog的文件
[root@master logrotate.d]# cat /etc/sysconfig/rsyslog
# Options for rsyslogd
# Syslogd options are deprecated since rsyslog v3.
# If you w