0

After adding the following modules to the /etc/rsyslog.d/ directory, the rsyslog keeps rapidly writing logs to the disk, causing the messages and command.log files to grow quickly with extensive logs.

Here is the updated configuration:

[root@rockey2 rsyslog.d]# cat /etc/rsyslog.d/cmd.conf $ModLoad imfile $InputFilePollInterval 1 $InputFileName /var/log/command $InputFileTag secure-logs $InputFileStateFile secure-state $InputFileFacility local6 $InputRunFileMonitor local6.* @@192.168.56.103 [root@rockey2 rsyslog.d]# cat /etc/rsyslog.d/message.conf $ModLoad imfile $InputFilePollInterval 1 $InputFileName /var/log/messages $InputFileTag messages-logs $InputFileStateFile messages-state $InputFileFacility local6 $InputRunFileMonitor local6.* @@192.168.56.103

The cmd.conf file captures every command executed on the Linux system, as defined by the PROMPT_COMMAND. Additionally, in the rsyslog.conf file, I have added the following configuration:

local6.* /var/log/commands.log

When I delete the message.conf file, rsyslog continues to insert the usual logs. However, after adding the message logs, rsyslog generates an excessive amount of logs.

Here is a sample from the command.log file:

Dec 26 05:21:10 rockey2 messages-logs Dec 26 05:21:10 rockey2 messages-logs Dec 26 05:21:10 rockey2 messages-logs Dec 26 05:21:09 rockey2 messages-logs Dec 26 05:21:09 rockey2 messages-logs Dec 26 05:21:09 rockey2 messages-logs Dec 26 05:21:09 rockey2 messages-logs Dec 26 05:21:09 rockey2 messages-logs Dec 26 05:21:08 rockey2 messages-logs Dec 26 05:21:08 rockey2 messages-logs Dec 26 05:21:08 rockey2 messages-logs Dec 26 05:21:08 rockey2 messages-logs Dec 26 05:20:58 rockey2 messages-logs Dec 26 05:20:57 rockey2 messages-logs Dec 26 05:20:57 rockey2 messages-logs Dec 26 05:20:57 rockey2 messages-logs Dec 26 05:20:57 rockey2 messages-logs Dec 26 05:20:57 rockey2 messages-logs Dec 26 05:20:57 rockey2 messages-logs Dec 26 05:20:57 rockey2 messages-logs Dec 26 05:20:57 rockey2 messages-logs Dec 26 05:20:56 rockey2 messages-logs Dec 26 05:20:56 rockey2 messages-logs Dec 26 05:20:56 rockey2 messages-logs Dec 26 05:20:56 rockey2 messages-logs Dec 26 05:20:56 rockey2 messages-logs Dec 26 05:20:56 rockey2 messages-logs Dec 26 05:20:56 rockey2 messages-logs Dec 26 05:20:56 rockey2 messages-logs Dec 26 05:20:56 rockey2 messages-logs Dec 26 05:20:55 rockey2 messages-logs Dec 26 05:20:55 rockey2 messages-logs Dec 26 05:20:55 rockey2 messages-logs Dec 26 05:20:55 rockey2 messages-logs Dec 26 05:20:55 rockey2 messages-logs Dec 26 05:20:55 rockey2 messages-logs Dec 26 05:20:55 rockey2 messages-logs Dec 26 05:20:55 rockey2 messages-logs Dec 26 05:20:55 rockey2 messages-logs Dec 26 05:20:54 rockey2 messages-logs Dec 26 05:20:54 rockey2 messages-logs Dec 26 05:20:54 rockey2 messages-logs Dec 26 05:20:54 rockey2 messages-logs Dec 26 05:20:54 rockey2 messages-logs Dec 26 05:20:54 rockey2 messages-logs Dec 26 05:20:54 rockey2 messages-logs Dec 26 05:20:54 rockey2 messages-logs Dec 26 05:20:54 rockey2 messages-logs Dec 26 05:20:53 rockey2 messages-logs Dec 26 05:20:53 rockey2 messages-logs Dec 26 05:20:53 rockey2 messages-logs Dec 26 05:20:53 rockey2 messages-logs Dec 26 05:20:53 rockey2 messages-logs Dec 26 05:20:53 rockey2 messages-logs Dec 26 05:20:53 rockey2 messages-logs Dec 26 05:20:53 rockey2 messages-logs Dec 26 05:20:53 rockey2 messages-logs Dec 26 05:20:53 rockey2 messages-logs Dec 26 05:20:52 rockey2 messages-logs Dec 26 05:20:52 rockey2 messages-logs Dec 26 05:20:52 rockey2 messages-logs Dec 26 05:20:52 rockey2 messages-logs Dec 26 05:20:52 rockey2 messages-logs Dec 26 05:20:52 rockey2 messages-logs Dec 26 05:20:52 rockey2 messages-logs Dec 26 05:20:52 rockey2 messages-logs Dec 26 05:20:52 rockey2 messages-logs Dec 26 05:20:52 rockey2 messages-logs Dec 26 05:20:52 rockey2 messages-logs Dec 26 05:20:51 rockey2 messages-logs Dec 26 05:20:51 rockey2 messages-logs Dec 26 05:20:51 rockey2 messages-logs Dec 26 05:20:51 rockey2 messages-logs Dec 26 05:20:51 rockey2 messages-logs Dec 26 05:20:51 rockey2 messages-logs Dec 26 05:20:51 rockey2 messages-logs Dec 26 05:20:51 rockey2 messages-logs Dec 26 05:20:51 rockey2 messages-logs Dec 26 05:20:51 rockey2 messages-logs Dec 26 05:20:51 rockey2 messages-logs Dec 26 05:20:51 rockey2 messages-logs Dec 26 05:20:50 rockey2 messages-logs Dec 26 05:20:50 rockey2 messages-logs Dec 26 05:20:50 rockey2 messages-logs Dec 26 05:20:50 rockey2 messages-logs Dec 26 05:20:50 rockey2 messages-logs Dec 26 05:20:50 rockey2 messages-logs Dec 26 05:20:50 rockey2 messages-logs Dec 26 05:20:50 rockey2 messages-logs Dec 26 05:20:50 rockey2 messages-logs Dec 26 05:20:50 rockey2 messages-logs Dec 26 05:20:50 rockey2 messages-logs Dec 26 05:20:50 rockey2 messages-logs Dec 26 05:20:50 rockey2 messages-logs Dec 26 05:20:49 rockey2 messages-logs Dec 26 05:20:49 rockey2 messages-logs Dec 26 05:20:49 rockey2 messages-logs Dec 26 05:20:49 rockey2 messages-logs Dec 26 05:20:49 rockey2 messages-logs Dec 26 05:20:49 rockey2 messages-logs Dec 26 05:20:49 rockey2 messages-logs Dec 26 05:20:49 rockey2 messages-logs Dec 26 05:20:49 rockey2 messages-logs Dec 26 05:20:49 rockey2 messages-logs Dec 26 05:20:49 rockey2 messages-logs Dec 26 05:20:49 rockey2 messages-logs Dec 26 05:20:49 rockey2 messages-logs Dec 26 05:20:49 rockey2 messages-logs Dec 26 05:20:48 rockey2 messages-logs Dec 26 05:20:48 rockey2 messages-logs Dec 26 05:20:48 rockey2 messages-logs Dec 26 05:20:48 rockey2 messages-logs Dec 26 05:20:48 rockey2 messages-logs Dec 26 05:20:48 rockey2 messages-logs Dec 26 05:20:48 rockey2 messages-logs Dec 26 05:20:48 rockey2 messages-logs Dec 26 05:20:48 rockey2 messages-logs Dec 26 05:20:48 rockey2 messages-logs Dec 26 05:20:48 rockey2 messages-logs Dec 26 05:20:48 rockey2 messages-logs Dec 26 05:20:48 rockey2 messages-logs Dec 26 05:20:48 rockey2 messages-logs Dec 26 05:20:48 rockey2 messages-logs Dec 26 05:20:47 rockey2 messages-logs Dec 26 05:20:47 rockey2 messages-logs Dec 26 05:20:47 rockey2 messages-logs Dec 26 05:20:47 rockey2 messages-logs Dec 26 05:20:47 rockey2 messages-logs Dec 26 05:20:47 rockey2 messages-logs Dec 26 05:20:47 rockey2 messages-logs Dec 26 05:20:47 rockey2 messages-logs Dec 26 05:20:47 rockey2 messages-logs Dec 26 05:20:47 rockey2 messages-logs Dec 26 05:20:47 rockey2 messages-logs Dec 26 05:20:47 rockey2 messages-logs Dec 26 05:20:47 rockey2 messages-logs Dec 26 05:20:47 rockey2 messages-logs Dec 26 05:20:47 rockey2 messages-logs Dec 26 05:20:47 rockey2 messages-logs Dec 26 05:20:47 rockey2 messages-logs Dec 26 05:20:47 rockey2 messages-logs Dec 26 05:20:37 rockey2 messages-logs Dec 26 05:20:37 rockey2 messages-logs Dec 26 05:20:37 rockey2 messages-logs Dec 26 05:20:36 rockey2 messages-logs Dec 26 05:20:36 rockey2 messages-logs Dec 26 05:20:36 rockey2 messages-logs Dec 26 05:20:36 rockey2 messages-logs Dec 26 05:20:36 rockey2 messages-logs Dec 26 05:20:36 rockey2 messages-logs Dec 26 05:20:36 rockey2 messages-logs Dec 26 05:20:36 rockey2 messages-logs Dec 26 05:20:36 rockey2 messages-logs Dec 26 05:20:36 rockey2 messages-logs Dec 26 05:20:36 rockey2 messages-logs Dec 26 05:20:36 rockey2 messages-logs Dec 26 05:20:36 rockey2 messages-logs Dec 26 05:20:35 rockey2 messages-logs Dec 26 05:20:35 rockey2 messages-logs De

And here is a sample from the messages log file:

Dec 26 05:21:42 rockey2 messages-logs Dec 26 05:21:42 rockey2 messages-logs Dec 26 05:21:32 rockey2 messages-logs Dec 26 05:21:31 rockey2 messages-logs Dec 26 05:21:31 rockey2 messages-logs Dec 26 05:21:31 rockey2 messages-logs Dec 26 05:21:30 rockey2 messages-logs Dec 26 05:21:30 rockey2 messages-logs Dec 26 05:21:30 rockey2 messages-logs Dec 26 05:21:29 rockey2 messages-logs Dec 26 05:21:29 rockey2 messages-logs Dec 26 05:21:29 rockey2 messages-logs Dec 26 05:21:29 rockey2 messages-logs Dec 26 05:21:29 rockey2 messages-logs Dec 26 05:21:29 rockey2 messages-logs Dec 26 05:21:28 rockey2 messages-logs Dec 26 05:21:28 rockey2 messages-logs Dec 26 05:21:28 rockey2 messages-logs Dec 26 05:21:28 rockey2 messages-logs Dec 26 05:21:28 rockey2 messages-logs Dec 26 05:21:28 rockey2 messages-logs Dec 26 05:21:27 rockey2 messages-logs Dec 26 05:21:27 rockey2 messages-logs Dec 26 05:21:27 rockey2 messages-logs Dec 26 05:21:27 rockey2 messages-logs Dec 26 05:21:27 rockey2 messages-logs Dec 26 05:21:26 rockey2 messages-logs Dec 26 05:21:26 rockey2 messages-logs Dec 26 05:21:26 rockey2 messages-logs Dec 26 05:21:26 rockey2 messages-logs Dec 26 05:21:26 rockey2 messages-logs Dec 26 05:21:26 rockey2 messages-logs Dec 26 05:21:25 rockey2 messages-logs Dec 26 05:21:25 rockey2 messages-logs Dec 26 05:21:25 rockey2 messages-logs Dec 26 05:21:25 rockey2 messages-logs Dec 26 05:21:25 rockey2 messages-logs Dec 26 05:21:25 rockey2 messages-logs Dec 26 05:21:25 rockey2 messages-logs Dec 26 05:21:24 rockey2 messages-logs Dec 26 05:21:24 rockey2 messages-logs Dec 26 05:21:24 rockey2 messages-logs Dec 26 05:21:24 rockey2 messages-logs Dec 26 05:21:24 rockey2 messages-logs Dec 26 05:21:23 rockey2 messages-logs Dec 26 05:21:23 rockey2 messages-logs Dec 26 05:21:23 rockey2 messages-logs Dec 26 05:21:22 rockey2 messages-logs Dec 26 05:21:22 rockey2 messages-logs Dec 26 05:21:22 rockey2 messages-logs

Additionally, I ran the configuration validation command:

[root@rockey2 log]# rsyslogd -N1 rsyslogd: version 8.2310.0-4.el9, config validation run (level 1), master config /etc/rsyslog.conf rsyslogd: module 'imfile' already in this config, cannot be added [v8.2310.0-4.el9 try https://www.rsyslog.com/e/2221 ]

On the server side, both the messages and command.log files have been increasing rapidly, even though I don't have any modules configured in the rsyslog.conf file on the server side:

# Save boot messages also to boot.log local7.* /var/log/boot.log local6.* /var/log/commands.log :syslogtag, isequal, "messages-logs:" /var/log/remote/%HOSTNAME%-messages.log & stop $template remote-incoming-logs, "/var/log/remote/%HOSTNAME%.log" *.* ?remote-incoming-logs

Can anyone help me resolve this issue on the Linux machine?

Improve this question

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.