SBM Labs

Cyber Security Collaboration Project

Logging configuration for easy search in Linux
10 Jan 2015

1. Configuration of rsyslog.

Create configuration file custom.conf.

# vim /etc/rsyslog.d/custom.conf

Filter messages using syslog tag and write to file.

:syslogtag, isequal, "syslogTag:" /var/log/filename.log
:syslogtag, isequal, "syslogTag:" ~

2. Configuration of logrotate.

Create configuration file custom.conf.

# vim /etc/logrotate/custom.conf

Configure logratate for creating archive with date in filename.

/var/log/filename.log
{
daily
rotate 1
copytruncate
missingok
sharedscripts
postrotate
day=$(/bin/date -d "-1 day" +%Y-%m-%d)
/bin/mv /var/log/filename.log.1 /var/log/filename-$day.log
/bin/gzip /var/log/filename-$day.log
endscript
}

SELinux Policy for custom Rsyslog configuration
Log file transfer using Syslog