LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   How to change the path of saving logs in CentOS? (https://www.linuxquestions.org/questions/linux-server-73/how-to-change-the-path-of-saving-logs-in-centos-4175523444/)

massy 10-27-2014 02:54 AM
How to change the path of saving logs in CentOS?
 
I have some logs in /var/log/messages like as:
Code:
Oct 27 11:07:56 CVT-Server-Main kernel: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:80:f8:15:8e:08:00 SRC=192.168.0.113 DST=192.168.1.255 LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=5431 PROTO=UDP SPT=17500 DPT=17500 LEN=111
Oct 27 11:07:56 CVT-Server-Main kernel: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:80:f8:15:8e:08:00 SRC=192.168.0.113 DST=192.168.1.255 LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=5431 PROTO=UDP SPT=17500 DPT=17500 LEN=111
Oct 27 11:07:56 CVT-Server-Main kernel: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:80:f8:15:8e:08:00 SRC=192.168.0.113 DST=192.168.1.255 LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=5432 PROTO=UDP SPT=17500 DPT=17500 LEN=111
Oct 27 11:07:56 CVT-Server-Main kernel: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:80:f8:15:8e:08:00 SRC=192.168.0.113 DST=192.168.1.255 LEN=131 TOS=0x00 PREC=0x00 TTL=128 ID=5432 PROTO=UDP SPT=17500 DPT=17500 LEN=111
Oct 27 11:07:56 CVT-Server-Main kernel: IN=eth1 OUT= MAC=ac:16:2d:7a:ac:e9:54:04:a6:81:bc:38:08:00 SRC=192.168.0.199 DST=192.168.0.94 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=19278 DF PROTO=TCP SPT=34470 DPT=22 WINDOW=62792 RES=0x00 ACK URGP=0
Oct 27 11:07:56 CVT-Server-Main kernel: IN=eth1 OUT= MAC=ac:16:2d:7a:ac:e9:54:04:a6:81:bc:38:08:00 SRC=192.168.0.199 DST=192.168.0.94 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=19278 DF PROTO=TCP SPT=34470 DPT=22 WINDOW=62792 RES=0x00 ACK URGP=0
How can I change the path of them to log in another file?

netnix99 10-27-2014 07:20 AM
It depends on the version of Linux that you are using, but based on your member information, I will assume you are referring to CentOS 6.4.

In this case, you will edit the /etc/rsyslog.conf file. Change the destination in the RULES section to the desired locations.

Example:

Change:
Code:
#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
to:
Code:
#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /path/to/new/location
You will need to restart the service after the changes are saved.
Code:
service rsyslog restart
These changes will need to be made on each line of the type of log file that you want to be written in the new location.


All times are GMT -5. The time now is 05:04 PM.