Get your logs back in ArchLinux as in Debian or other distros with syslog-ng

Although in ArchLinux we have Systemd, Which systemctl We can see the system logs, there are still several of us who miss having logs like /var/log/auth.log or similar, which by default in ArchLinux we cannot find. why? ... simply because we are already adapted to using them like this, because in other distros such as Debian, Ubuntu, etc. they come like this, like a lifetime.

Take for example the auth.log which should be in / var / log / (it is not by default). If in ArchLinux we want to have that log back where it always is, in order to know authentication attempts on our computer and others, to have a certainty of security beyond the firewall, syslog-ng can be an excellent alternative.

First we must install it in ArchLinux:

sudo pacman -S syslog-ng

Once installed, we proceed to start it:

sudo systemctl start syslog-ng

Then, so that it starts automatically we enable it with enable:

sudo systemctl enable syslog-ng

Here is a screenshot:

syslog-ng

 

As you can see, we already have log files that we did not have before, for example auth.log related to authentication, through which (and going into detail) we can know the attempts (failed or allowed) of login through SSH, internal logins as such, etc. Come on, that with him is like having a log of our house urgent locksmith 24h 7 days a week 😀

syslog-ng-auth-log

 

 

By the way, if you ask how I colored the logs, I did it with ccze.

And here the post ends. This more than anything is a memorandum for me, but I hope it will be useful to more than one 🙂

regards


The content of the article adheres to our principles of editorial ethics. To report an error click here!.

7 comments, leave yours

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   angelblade said

    It doesn't look bad at all.

  2.   Rodolfo said

    Interesting post, it's good to have other records in Arch, by the way KZKG ^ Gaara what DE do you use?

    1.    Tesla said

      If I am not confused I think it is KDE with some theme that emulates the appearance of Elementary OS. I guess something like this: http://www.deviantart.com/art/elementary-qtcurve-1-2-333198882

      A greeting!

  3.   philosophers said

    Good post! May I know where you got the characters you use in the $ PS1?

  4.   ravenman said

    Thanks for the article. The lack of records in my system. 🙂

  5.   eVeR said

    The command to view the logs generated by systemd is "journald".
    Basically it is the same (you can filter the output to see the failed access attempts, or anything else), the only difference is that the logs are saved in binary format and not in text as syslog does.
    regards