From 03193994f41080694e019886623b6c05bf9f4cb6 Mon Sep 17 00:00:00 2001 From: GJ-sudo <147528775+GJ-sudo@users.noreply.github.com> Date: Sun, 15 Oct 2023 16:55:40 +0500 Subject: [PATCH] How to store/redirect Syslogs to a custom file In this tutorial i have firstly install and configure the syslogs, to generate the system logs like file creation, file termination, process creation and network connections, after that to redirect or store these logs to a custom file how i did the brief instruction is mention in this file must follow them and solve your problem of relating to this if you guys have. thanks me later. --- GJ sudo | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 GJ sudo diff --git a/GJ sudo b/GJ sudo new file mode 100644 index 0000000..5f11478 --- /dev/null +++ b/GJ sudo @@ -0,0 +1,41 @@ +How to Store/redirect syslogs to a custom file + --------------------------------------------------------step#1------------------------------------------------------------------------------------------- +first of all create a file with the name of sysmon.log at /var/log destination +as, +----------> touch /var/log/sysmon.log file will be created +--------------------------------------------------------step#2-------------------------------------------------------------------------------------------- +after that create a new configuration file in rsyslog.d +for creating this file we need the root privilege + +for root privilege: +----------> sudo su - +now create the configuration file, +--------------------------------------------------------step#3-------------------------------------------------------------------------------------------- +---------> touch /etc/rsyslog.d/00_sysmon.conf +file will be created with the name of "00_sysmon.conf" + +now add the script in this configuration file, which is; +--------------------------------------------------------step#4-------------------------------------------------------------------------------------------- +--------> # copy to /etc/rsyslog.d/00_sysmon.conf +if ( $programname == "sysmon" ) then { + action(type="omfile" file="/var/log/sysmon.log" flushOnTXEnd="on") + stop +} + +---------> save and exit ctrl+o save and ctrl+x to exit back to the terminal +--------------------------------------------------------step#5-------------------------------------------------------------------------------------------- +after writing this script give the permissions to sysmon.log files as, + +sudo chgrp syslog /var/sysmon.log +sudo chmod 664 /var/sysmon.log + +--------------------------------------------------------step#6-------------------------------------------------------------------------------------------- +after givin these permissions; +must restart, +-------> sudo systemctl restart rsyslog + +your after restarting your system, check the sysmon.log + +tail -f /var/log/sysmon.log this is continously executeable for stopping ctrl+z + or +car -f /var/log/sysmon.log