Hands on checks to prove your syslog is receiving, storing and forwarding logs. 03.12.2025 | reading time: 2 min Logs are the first signal when something breaks; let us prove syslog is working instead of guessing, with quick commands that check local files, journald and network forwarding. Quick local test Send a test entry with `logger 'syslog test from host1'` then search the usual log files with `grep 'syslog test from host1' /var/log/syslog || grep 'syslog test from host1' /var/log/messages`; if the daemon writes properly you will see a timestamped line such as "Dec 3 10:15:00 host1 syslog: syslog test from host1" in one of those files or in `journalctl -t logger`. Check live stream and service Observe live arrival with `tail -F /var/log/syslog` or `journalctl -f` while repeating the `logger` call, and verify the syslog service is running with `systemctl status rsyslog` or `systemctl status syslog-ng` to confirm the daemon is active and enabled. Verify remote forwarding If you forward logs, trigger a message and watch the wire with `sudo tcpdump -n -s0 udp port 514 or tcp port 514` to confirm packets leave the host, and check the remote collector for the same test string to prove end-to-end forwarding and any required TLS or TCP configuration. Permissions, rotation and SELinux If messages vanish check file permissions and ownership on /var/log, inspect logrotate rules in /etc/logrotate.d, and on SELinux systems run `ausearch` or `sealert` for denials; misconfigured permissions or policies commonly block writes more often than the daemon failing. Other useful checks Inspect configuration files such as /etc/rsyslog.conf or /etc/syslog-ng/syslog-ng.conf for filters and remote directives, test port listeners with `ss -ulpn | grep 514`, and review rate limiting or imjournal settings when messages are dropped during spikes. Conclusion and next step A few targeted commands will prove whether syslog accepts, stores and forwards messages; take these checks and build them into a troubleshooting checklist, then deepen protocol and tooling knowledge to operate larger log infrastructures. Join Bits & Bytes Academy First class LINUX exam preparation. setup utilities security troubleshooting infrastructure
