• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

The Geek Diary

CONCEPTS | BASICS | HOWTO

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • Linux Services
    • VCS
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
    • Data Guard
  • DevOps
    • Docker
    • Shell Scripting
  • Interview Questions
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How to change the Default Log Directory(/var/log) in Rsyslog for CentOS/RHEL 6,7

By admin

The ask

We want to have the default /var/log/messages file in a different location on a different mount point. Is it possible with rsyslog?

The Solution

The default location of /var/log/messages file can be changed to any location of your choice. Follow the steps outlined below to change the default location to new location (/log_dir).

1. Create the new directory in which the logs needs to be written.

# mkdir /log_dir

This can also be a pre-existing mount point.

2. In the rsyslog configuation file /etc/rsyslog.conf, replace the “/var/log/messages” by the new directory name. For example, replace the /var/log in the below line by the /log_dir:

Before:

*.info;mail.none;authpriv.none;cron.none                /var/log/messages

After:

*.info;mail.none;authpriv.none;cron.none                /log_dir/messages

3. Now restart the rsyslog service.

# service rsyslog restart         ### CentOS/RHEL 6
# systemctl restart rsyslog       ### CentOS/RHEL 7

Changing other log locations

Some of the other common location that you may want to modify are:

# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 :omusrmsg:*

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

The procedure remains the same to change the location in case of above log files as well.

Filed Under: CentOS/RHEL 6, CentOS/RHEL 7, Linux

Some more articles you might also be interested in …

  1. Understanding The /proc File System
  2. How to find Which Process Is Killing mysqld With SIGKILL or SIGTERM on Linux
  3. “ntpq -pn” command returns with error “Name or service not known”
  4. CentOS / RHEL : Converting an Existing Root Filesystem to LVM Partition
  5. How to schedule Jobs with Cron in Linux
  6. CentOS / RHEL : How to configure an DHCP server
  7. How systemd-tmpfiles cleans up /tmp/ or /var/tmp (replacement of tmpwatch) in CentOS / RHEL 7
  8. How to Set External Network For Containers in Linux Containers (LXC)
  9. How to create a networking bridge under CentOS/RHEL
  10. How to Disable Daylight Savings Time (DST), and Modify the Timezone on Linux

You May Also Like

Primary Sidebar

Recent Posts

  • How to Disable IPv6 on Ubuntu 18.04 Bionic Beaver Linux
  • How to Capture More Logs in /var/log/dmesg for CentOS/RHEL
  • Unable to Start RDMA Services on CentOS/RHEL 7
  • How to rename a KVM VM with virsh
  • Archives
  • Contact Us
  • Copyright

© 2021 · The Geek Diary