Get your logs back in ArchLinux as in Debian or other distros with syslog-ng

Alejandro (a.k.a KZKG^Gaara)

1 minute

Although in ArchLinux we have Systemd, Which systemctl We can see the system logs, there are still several of us who miss having logs like /var/log/auth.log or similar, which by default in ArchLinux we cannot find. why? ... simply because we are already adapted to using them like this, because in other distros such as Debian, Ubuntu, etc. they come like this, like a lifetime.

Take for example the auth.log which should be in / var / log / (it is not by default). If in ArchLinux we want to have that log back where it always is, in order to know authentication attempts on our computer and others, to have a certainty of security beyond the firewall, syslog-ng can be an excellent alternative.

First we must install it in ArchLinux:

sudo pacman -S syslog-ng

Once installed, we proceed to start it:

sudo systemctl start syslog-ng

Then, so that it starts automatically we enable it with enable:

sudo systemctl enable syslog-ng

Here is a screenshot:

syslog-ng

As you can see, we already have log files that we did not have before, for example auth.log related to authentication, through which (and going into detail) we can know the attempts (failed or allowed) of login through SSH, internal logins as such, etc. Come on, that with him is like having a log of our house urgent locksmith 24h 7 days a week 😀

syslog-ng-auth-log

By the way, if you ask how I colored the logs, I did it with ccze.

And here the post ends. This more than anything is a memorandum for me, but I hope it will be useful to more than one 🙂

regards


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   angel blade said
    ago 10 years

    It doesn't look bad at all.

    Reply to angelblade
  2.   Rodolfo said
    ago 10 years

    Interesting post, it's good to have other records in Arch, by the way KZKG ^ Gaara what DE do you use?

    Reply to Rodolfo
    1.    Tesla said
      ago 10 years

      If I am not confused I think it is KDE with some theme that emulates the appearance of Elementary OS. I guess something like this: http://www.deviantart.com/art/elementary-qtcurve-1-2-333198882

      A greeting!

      Reply to Tesla
    2.    KZKG ^ Gaara said
      ago 10 years

      I use KDE but with an ElementaryOS look:
      https://blog.desdelinux.net/tutorial-kde-al-estilo-elementary-os/‎
      https://blog.desdelinux.net/convierte-tu-kde-en-un-elementary-kde/‎

      Reply to KZKG ^ Gaara
  3.   philosophers said
    ago 10 years

    Good post! May I know where you got the characters you use in the $ PS1?

    Reply to philos
  4.   Ravenman said
    ago 10 years

    Thanks for the article. The lack of records in my system. 🙂

    Reply to ravenman
  5.   ever said
    ago 10 years

    The command to view the logs generated by systemd is "journald".
    Basically it is the same (you can filter the output to see the failed access attempts, or anything else), the only difference is that the logs are saved in binary format and not in text as syslog does.
    regards

    Reply to eVeR