The ask
We want to have the default /var/log/messages file in a different location on a different mount point. Is it possible with rsyslog?
The Solution
The default location of /var/log/messages file can be changed to any location of your choice. Follow the steps outlined below to change the default location to new location (/log_dir).
1. Create the new directory in which the logs needs to be written.
# mkdir /log_dir
This can also be a pre-existing mount point.
2. In the rsyslog configuation file /etc/rsyslog.conf, replace the “/var/log/messages” by the new directory name. For example, replace the /var/log in the below line by the /log_dir:
Before:
*.info;mail.none;authpriv.none;cron.none /var/log/messages
After:
*.info;mail.none;authpriv.none;cron.none /log_dir/messages
3. Now restart the rsyslog service.
# service rsyslog restart ### CentOS/RHEL 6 # systemctl restart rsyslog ### CentOS/RHEL 7
Changing other log locations
Some of the other common location that you may want to modify are:
# Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* -/var/log/maillog # Log cron stuff cron.* /var/log/cron # Everybody gets emergency messages *.emerg :omusrmsg:* # Save news errors of level crit and higher in a special file. uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log
The procedure remains the same to change the location in case of above log files as well.