How to change the Default Log Directory(/var/log) in Rsyslog for CentOS/RHEL 6,7?

The default location of /var/log/messages file can be changed to any location of your choice. Follow the steps outlined below to change the default location to new location (/log_dir).

 

1. Create the new directory in which the logs needs to be written. 

# mkdir /log_dir

 

This can also be a pre-existing mount point.

 

2. In the rsyslog configuation file /etc/rsyslog.conf, replace the “/var/log/messages” by the new directory name. For example, replace the /var/log in the below line by the /log_dir:

Before:

*.info;mail.none;authpriv.none;cron.none                /var/log/messages

 

After:

*.info;mail.none;authpriv.none;cron.none                /log_dir/messages

 

3. Now restart the rsyslog service.

# service rsyslog restart         ### CentOS/RHEL 6
# systemctl restart rsyslog       ### CentOS/RHEL 7

 

Changing other log locations

 

Some of the other common location that you may want to modify are:

# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 :omusrmsg:*

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

 

The procedure remains the same to change the location in case of above log files as well.

 

Was this answer helpful? 0 Users Found This Useful (0 Votes)