rsyslog(8)
rsyslog is a system logging daemon that receives, processes, and forwards system messages according to configurable rules.
Synopsis
rsyslogd [OPTION]...Description
rsyslog is the modern replacement for syslog, providing advanced filtering, routing, and output capabilities for system and application log messages. It receives messages from various sources (kernel, local processes, remote hosts) and distributes them to log files, other machines, or databases based on priority and facility rules.
The daemon runs in the background and is typically started at boot time. Configuration is read from /etc/rsyslog.conf and files in /etc/rsyslog.d/. rsyslog uses a flexible rule-based syntax allowing fine-grained control over message routing and formatting.
Common options
| Flag | What it does |
|---|---|
-c <version> | Select configuration file version (3, 5, or 6); version 5+ uses modern syntax |
-d | Enable debug mode; produces verbose output for troubleshooting |
-D | Parse configuration and exit; validates config without running daemon |
-f <file> | Read configuration from specified file instead of /etc/rsyslog.conf |
-i <file> | Write PID to specified file instead of default location |
-n | Don't fork; run in foreground (useful for systemd/container environments) |
-N <level> | Parse configuration file only and exit with status indicating syntax validity |
-v | Print version and exit |
Examples
Check if rsyslog daemon is running and view recent status
sudo systemctl status rsyslogValidate rsyslog configuration syntax without starting the daemon
rsyslogd -N1Start rsyslog in debug mode with verbose output to diagnose issues
sudo rsyslogd -d -f /etc/rsyslog.confView all output rules configured in the rsyslog.d directory
grep -r 'action' /etc/rsyslog.d/Monitor system log in real-time (messages routed by rsyslog)
tail -f /var/log/syslogRestart the rsyslog daemon after editing configuration
sudo systemctl restart rsyslogSend a test message to rsyslog that will be logged with tag 'mytag'
echo 'test message' | logger -t mytagRun rsyslog in foreground without forking (useful for container debugging)
sudo rsyslogd -f /etc/rsyslog.conf -n