Install rsyslog

Step 1 - Download Software

Step 2 - Run ./configure

Step 3 - Compile

Step 4 - Install

Step 5 - Configure rsyslogd

 Rsyslogd understands stock syslogd syntax, so you can simply copy over /etc/syslog.conf to /etc/rsyslog.conf.

Note since version 3 rsyslog requires to load plug-in modules to perform useful work (more about compatibilty notes v3). To load the most common plug-ins, add the following to the top of rsyslog.conf:

......

 

Step 6 - Disable stock syslogd

In almost all cases, there already is stock syslogd installed. Because both it and rsyslogd listen to the same sockets, they can NOT be run concurrently. So you need to disable the stock syslogd. To do this, you typically must change your rc.d startup scripts.

Step 7 - Enable rsyslogd Autostart

This step is very close to step 3. Now, we want to enable rsyslogd to start automatically. The rsyslog package contains a (currently small) number of startup scripts. They are inside the distro-specific directory (e.g. debian). If there is nothing for your operating system, you can simply copy the stock syslogd startup script and make the minor modifications to run rsyslogd (the samples should be of help if you intend to do this).
In our Debian example, the actual scripts are stored in /etc/init.d. Copy the standard script to that location. Then, you need to add a symlink to it in the respective rc.d directory. In our sample, we modify rc2.d, and can do this via the command "ln -s ../init.d/rsyslogd S10rsyslogd". Please note that the S10 prefix tells the system to start rsyslogd at the same time stock sysklogd was started.

 

Step 8 - Check daily cron scripts

Most distributions come pre-configured with some daily scripts for log rotation. As long as you use the same log file names, the log rotation scripts will probably work quite well. There is one caveat, though. The scripts need to tell syslogd that the files have been rotated. To do this, they typically have a part using syslogd's init script to do that. Obviously, the default scripts do not know about rsyslogd, so they manipulate syslogd. If that happens, in most cases an additional instance of stock syslogd is started (in almost all cases, this was not functional, but it is at least distracting). It also means that rsyslogd is not properly told about the log rotation, which will lead it to continue to write to the now-rotated files.
So you need to fix these scripts. See your distro-specific documentation how they are located. Under most Linuxes, the primary script to modify is /etc/cron.daily/sysklogd. Watch for a comment "Restart syslogd" (usually at the very end of the file). The restart command must be changed to use rsyslogd's rc script.
Also, if you use klogd together with rsyslogd (under most Linuxes you will do that), you need to make sure that klogd is restarted after rsyslogd is restarted. So it might be a good idea to put a klogd reload-or-restart command right after the rsyslogd command in your daily script. This can save you lots of troubles.