OS messages file location change


problem phenomenon

When encountering a problem, you need to view the log of the operating system, but to the operating system/var/log/messagesIt is found in the file that the file has not been refreshed for a long time.

This system has been hardened before. I suspect that it has changed some configuration of the operating system and adjusted the default output file path of the system log.

problem solved

After consulting the information, it was found that the log of the operating system was created by/etc/rsyslog.confconfigured in the file, as shown in the following figure:

By modifying this configuration file, you can adjust the actual input path of the operating system log, as shown in the figure below, where the path in the configuration file is adjusted to/var/log/tmp/messages

then execute the commandsystemctl restart rsyslogRestart the log service, and then the system log will be recorded to the new file path, as shown in the following figure: