February 2020
Intermediate to advanced
666 pages
15h 45m
English
Content preview from Mastering Linux Security and Hardening - Second Edition
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Understanding rsyslog logging rules
Logging rules define where to record messages for each particular system service:
- On Red Hat/CentOS systems, the rules are stored in the /etc/rsyslog.conf file. Just scroll down until you see the #### RULES #### section.
- On Debian/Ubuntu systems, the rules are in separate files in the /etc/rsyslog.d/ directory. The main file that we care about for now is the 50-default.conf file, which contains the main logging rules.
To explain the structure of an rsyslog rule, let's look at this example from a CentOS 8 machine:
authpriv.* /var/log/secure
Here's the breakdown:
- authpriv: This is the facility, which defines the type of message.
- .: The dot separates the facility from the level, which is the next field. ...