rsyslog

In dem Moment, in dem Sie das Verzeichnis /var/log nur flüchtig einbinden, vermissen Sie im Falle eines Systemabsturzes Ihre Syslog-Dateien. Dem kann durch den Einsatz eines syslog-Servers, z. B. auf einem NAS vorgebeugt werden. Sobald der syslog-Dienst auf dem NAS aktiviert ist, erstellen Sie im Verzeichnis /etc/rsyslog.d die Datei nas.conf mit folgendem Inhalt:

*.* @192.168.4.251:514

Das @-Zeichen steht dafür, dass das UDP-Protokoll benutzt wird. Für TCP müssten Sie zwei @-Zeichen eintragen. Die 192.168.4.251 ist die IP-Adresse meines NAS und müsste von Ihnen angepasst werden. Die 514 steht für den Netzwerk-Port.

Nach einem Neustart des rsyslogd werden die Systemlogs auf dem NAS gespeichert.

$ sudo /etc/init.d/rsyslog restart

Im Endergebnis erkennen Sie am Hostnamen in der syslog-Datei den Ursprung des Logeintrages.

<29>1 2018-10-19T06:27:19+02:00 fhem dbus 2644 - - dbus[2644]: [system] Activating service name='org.opensuse.Snapper' (using servicehelper)
<29>1 2018-10-19T06:27:20+02:00 fhem dbus 2644 - - dbus[2644]: [system] Successfully activated service 'org.opensuse.Snapper'
<86>1 2018-10-19T06:27:24+02:00 fhem CRON 5672 - - CRON[5672]: pam_unix(cron:session): session closed for user root
<38>1 2018-10-19T06:29:12+02:00 fhem sshd 6035 - - sshd[6035]: Connection closed by 192.168.4.3 port 56862 [preauth]
<38>1 2018-10-19T06:30:12+02:00 radio sshd 18000 - - sshd[18000]: Connection closed by 192.168.4.3 port 56270 [preauth]
<38>1 2018-10-19T06:34:12+02:00 fhem sshd 6174 - - sshd[6174]: Connection closed by 192.168.4.3 port 56902 [preauth]
<38>1 2018-10-19T06:35:12+02:00 radio sshd 18011 - - sshd[18011]: Connection closed by 192.168.4.3 port 56308 [preauth]
<86>1 2018-10-19T06:39:01+02:00 fhem CRON 6302 - - CRON[6302]: pam_unix(cron:session): session opened for user root by (uid=0)
<78>1 2018-10-19T06:39:01+02:00 fhem CRON 6306 - - CRON[6306]: (root) CMD (  [ -x /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then /usr/lib/php/sessionclean; fi)
<86>1 2018-10-19T06:39:02+02:00 fhem CRON 6302 - - CRON[6302]: pam_unix(cron:session): session closed for user root
<38>1 2018-10-19T06:39:12+02:00 fhem sshd 6363 - - sshd[6363]: Connection closed by 192.168.4.3 port 56940 [preauth]
<38>1 2018-10-19T06:40:12+02:00 radio sshd 18018 - - sshd[18018]: Connection closed by 192.168.4.3 port 56348 [preauth]
<38>1 2018-10-19T06:44:12+02:00 fhem sshd 6511 - - sshd[6511]: Connection closed by 192.168.4.3 port 56984 [preauth]
<38>1 2018-10-19T06:45:12+02:00 radio sshd 18033 - - sshd[18033]: Connection closed by 192.168.4.3 port 56392 [preauth]
<78>1 2018-10-19T06:47:58+02:00 radio cracklib - - - cracklib: no dictionary update necessary.
<190>1 2018-10-19T06:48:04+02:00 radio liblogging-stdlog - - - liblogging-stdlog:  [origin software="rsyslogd" swVersion="8.24.0" x-pid="2599" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
<29>1 2018-10-19T06:48:06+02:00 radio dbus 2691 - - dbus[2691]: [system] Activating service name='org.opensuse.Snapper' (using servicehelper)
<29>1 2018-10-19T06:48:06+02:00 radio dbus 2691 - - dbus[2691]: [system] Successfully activated service 'org.opensuse.Snapper'
<86>1 2018-10-19T06:48:07+02:00 radio CRON 17971 - - CRON[17971]: pam_unix(cron:session): session closed for user root
<38>1 2018-10-19T06:49:12+02:00 fhem sshd 6650 - - sshd[6650]: Connection closed by 192.168.4.3 port 57026 [preauth]
<38>1 2018-10-19T06:50:12+02:00 radio sshd 18227 - - sshd[18227]: Connection closed by 192.168.4.3 port 56434 [preauth]
<38>1 2018-10-19T06:54:12+02:00 fhem sshd 6793 - - sshd[6793]: Connection closed by 192.168.4.3 port 57066 [preauth]
<38>1 2018-10-19T06:55:12+02:00 radio sshd 18239 - - sshd[18239]: Connection closed by 192.168.4.3 port 56474 [preauth]
<38>1 2018-10-19T06:59:12+02:00 fhem sshd 6931 - - sshd[6931]: Connection closed by 192.168.4.3 port 57108 [preauth]
<38>1 2018-10-19T07:00:12+02:00 radio sshd 18251 - - sshd[18251]: Connection closed by 192.168.4.3 port 56516 [preauth]
<38>1 2018-10-19T07:04:12+02:00 fhem sshd 7073 - - sshd[7073]: Connection closed by 192.168.4.3 port 57148 [preauth]
<38>1 2018-10-19T07:05:12+02:00 radio sshd 18263 - - sshd[18263]: Connection closed by 192.168.4.3 port 56558 [preauth]
<86>1 2018-10-19T07:09:01+02:00 fhem CRON 7210 - - CRON[7210]: pam_unix(cron:session): session opened for user root by (uid=0)
<78>1 2018-10-19T07:09:01+02:00 fhem CRON 7214 - - CRON[7214]: (root) CMD (  [ -x /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then /usr/lib/php/sessionclean; fi)
<86>1 2018-10-19T07:09:02+02:00 fhem CRON 7210 - - CRON[7210]: pam_unix(cron:session): session closed for user root
<38>1 2018-10-19T07:09:12+02:00 fhem sshd 7267 - - sshd[7267]: Connection closed by 192.168.4.3 port 57190 [preauth]
<38>1 2018-10-19T07:10:12+02:00 radio sshd 18275 - - sshd[18275]: Connection closed by 192.168.4.3 port 56600 [preauth]
<38>1 2018-10-19T07:14:12+02:00 fhem sshd 7415 - - sshd[7415]: Connection closed by 192.168.4.3 port 57234 [preauth]
<38>1 2018-10-19T07:15:12+02:00 radio sshd 18283 - - sshd[18283]: Connection closed by 192.168.4.3 port 56642 [preauth]
<86>1 2018-10-19T07:17:01+02:00 radio CRON 18286 - - CRON[18286]: pam_unix(cron:session): session opened for user root by (uid=0)
<78>1 2018-10-19T07:17:01+02:00 radio CRON 18290 - - CRON[18290]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
<86>1 2018-10-19T07:17:01+02:00 fhem CRON 7460 - - CRON[7460]: pam_unix(cron:session): session opened for user root by (uid=0)
<78>1 2018-10-19T07:17:01+02:00 fhem CRON 7464 - - CRON[7464]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
<29>1 2018-10-19T07:17:01+02:00 fhem dbus 2644 - - dbus[2644]: [system] Activating service name='org.opensuse.Snapper' (using servicehelper)
<29>1 2018-10-19T07:17:02+02:00 radio dbus 2691 - - dbus[2691]: [system] Activating service name='org.opensuse.Snapper' (using servicehelper)
<29>1 2018-10-19T07:17:02+02:00 fhem dbus 2644 - - dbus[2644]: [system] Successfully activated service 'org.opensuse.Snapper'
<29>1 2018-10-19T07:17:02+02:00 radio dbus 2691 - - dbus[2691]: [system] Successfully activated service 'org.opensuse.Snapper'
<86>1 2018-10-19T07:17:03+02:00 radio CRON 18286 - - CRON[18286]: pam_unix(cron:session): session closed for user root
<86>1 2018-10-19T07:17:13+02:00 fhem CRON 7460 - - CRON[7460]: pam_unix(cron:session): session closed for user root
<14>1 2018-10-19T07:18:12+02:00 fhem nagios3 - - - nagios3: Auto-save of retention data completed successfully.
<38>1 2018-10-19T07:19:12+02:00 fhem sshd 7582 - - sshd[7582]: Connection closed by 192.168.4.3 port 57276 [preauth]
<38>1 2018-10-19T07:20:12+02:00 radio sshd 18322 - - sshd[18322]: Connection closed by 192.168.4.3 port 56684 [preauth]
<38>1 2018-10-19T07:24:12+02:00 fhem sshd 7717 - - sshd[7717]: Connection closed by 192.168.4.3 port 57318 [preauth]
<38>1 2018-10-19T07:25:12+02:00 radio sshd 18334 - - sshd[18334]: Connection closed by 192.168.4.3 port 56728 [preauth]
<38>1 2018-10-19T07:29:12+02:00 fhem sshd 7857 - - sshd[7857]: Connection closed by 192.168.4.3 port 57362 [preauth]
<38>1 2018-10-19T07:30:12+02:00 radio sshd 18341 - - sshd[18341]: Connection closed by 192.168.4.3 port 56772 [preauth]
<38>1 2018-10-19T07:34:12+02:00 fhem sshd 7995 - - sshd[7995]: Connection closed by 192.168.4.3 port 57404 [preauth]
<38>1 2018-10-19T07:35:12+02:00 radio sshd 18348 - - sshd[18348]: Connection closed by 192.168.4.3 port 56812 [preauth]
<86>1 2018-10-19T07:39:01+02:00 fhem CRON 8135 - - CRON[8135]: pam_unix(cron:session): session opened for user root by (uid=0)
<78>1 2018-10-19T07:39:01+02:00 fhem CRON 8139 - - CRON[8139]: (root) CMD (  [ -x /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then /usr/lib/php/sessionclean; fi)
<86>1 2018-10-19T07:39:02+02:00 fhem CRON 8135 - - CRON[8135]: pam_unix(cron:session): session closed for user root
<38>1 2018-10-19T07:39:12+02:00 fhem sshd 8192 - - sshd[8192]: Connection closed by 192.168.4.3 port 57444 [preauth]
<38>1 2018-10-19T07:40:12+02:00 radio sshd 18359 - - sshd[18359]: Connection closed by 192.168.4.3 port 56852 [preauth]
<38>1 2018-10-19T07:44:12+02:00 fhem sshd 8333 - - sshd[8333]: Connection closed by 192.168.4.3 port 57486 [preauth]
<38>1 2018-10-19T07:45:12+02:00 radio sshd 18370 - - sshd[18370]: Connection closed by 192.168.4.3 port 56892 [preauth]
<38>1 2018-10-19T07:49:12+02:00 fhem sshd 8475 - - sshd[8475]: Connection closed by 192.168.4.3 port 57526 [preauth]
<38>1 2018-10-19T07:50:12+02:00 radio sshd 18377 - - sshd[18377]: Connection closed by 192.168.4.3 port 56934 [preauth]
<38>1 2018-10-19T07:54:12+02:00 fhem sshd 8619 - - sshd[8619]: Connection closed by 192.168.4.3 port 57568 [preauth]
<38>1 2018-10-19T07:55:12+02:00 radio sshd 18392 - - sshd[18392]: Connection closed by 192.168.4.3 port 56976 [preauth]
<38>1 2018-10-19T07:59:12+02:00 fhem sshd 8693 - - sshd[8693]: Connection closed by 192.168.4.3 port 57608 [preauth]
<38>1 2018-10-19T08:00:12+02:00 radio sshd 18407 - - sshd[18407]: Connection closed by 192.168.4.3 port 57016 [preauth]
<30>1 2018-10-19T08:00:31+02:00 fhem dnsmasq-dhcp 2648 - - dnsmasq-dhcp[2648]: 2337793024 verfügbare(s) DHCP-Subnetz: 192.168.4.255/255.255.255.0
<30>1 2018-10-19T08:00:31+02:00 fhem dnsmasq-dhcp 2648 - - dnsmasq-dhcp[2648]: 2337793024 Klient stellt Name bereit: LGSmartTV

last change: 2021-01-09
Previous page: logrotate Next page: watchdog