I have set up the syslog/rsyslog services and they just ran. For years, I just let them be. But as complexity grew in these services, I started to encounter problems. Thus this blog entry. I expect more to follow.

Rsyslog Configuration

First thing to discuss is the rsyslog configuration.

Traditionally, syslog configuration uses a legacy syntax. Both rsyslog and syslog-ng support those. The legacy syntax starts simple but it brings along some complexity of its own. Here is a few examples from Ubuntu:

auth,authpriv.*                 /var/log/auth.log
*.*;auth,authpriv.none          -/var/log/syslog

You can kind of guess what those lines mean.

Rsyslog, on the other hand, has a new RainerScript system for configuration, which I use quite extensively in work. More on that later.

Performance

Another learning experience for me is about rsyslog performance. It had worked wonderfully for me for years without looking under the hood...until something (or, a combination of things) happened.

Troubleshooting

Troubleshooting rsyslog issues is still new to me -- even though I have been using the software, but I have not actually run into many problems until recently. It is of interest to me to write down the experiences.

That's it for today. Have a nice weenend!