How to Verify if syslogd Daemon is Running on Debian/Ubuntu Linux Systems


17 views

When working with Linux system logging, it's important to verify that the syslog daemon (syslogd) is properly running. Here are several methods to check its status:

ps -ef | grep syslog
# Example output:
# root      1234     1  0 Jan01 ?        00:00:05 /usr/sbin/rsyslogd -n

systemctl status rsyslog
# Example output:
# ● rsyslog.service - System Logging Service
#    Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
#    Active: active (running) since Mon 2023-01-01 10:00:00 UTC; 1 weeks 0 days ago

netstat -tulnp | grep syslog
# Example output:
# udp        0      0 0.0.0.0:514             0.0.0.0:*                           1234/rsyslogd
# udp6       0      0 :::514                  :::*                                1234/rsyslogd

Examine system logs for syslog-related entries:

tail -n 20 /var/log/syslog | grep rsyslog

For automated monitoring, you can use this bash script:

#!/bin/bash

SYSLOG_PID=$(pgrep -f rsyslogd)

if [ -z "$SYSLOG_PID" ]; then
    echo "Error: rsyslogd is not running"
    exit 1
else
    echo "rsyslogd is running (PID: $SYSLOG_PID)"
    exit 0
fi
  • If syslogd isn't running, start it with: systemctl start rsyslog
  • For traditional init systems: /etc/init.d/rsyslog start
  • Check configuration errors: rsyslogd -N1

When working with Linux systems, particularly Debian-based distributions like Debian Wheezy or Ubuntu, verifying the status of system services is crucial for maintenance and troubleshooting. While Apache and similar services provide straightforward status commands, checking the syslog daemon requires different approaches.

The most direct way to verify if syslogd is running is by checking system processes:

ps aux | grep syslog

Sample output might look like:

syslog   1234  0.0  0.1  12345  6789 ?        Ssl  Jan01   0:12 /usr/sbin/rsyslogd -n

Modern Debian systems use systemd, which provides comprehensive service management:

systemctl status rsyslog

For older sysvinit systems (like Debian Wheezy):

service rsyslog status

You can locate the PID file and verify the running process:

cat /var/run/rsyslogd.pid
ps -p $(cat /var/run/rsyslogd.pid)

Test the logging function directly to confirm syslogd is operational:

logger "Test message from command line"
tail -n 1 /var/log/syslog

Different Linux distributions may use various syslog implementations:

  • rsyslog (common in modern Debian/Ubuntu)
  • syslog-ng
  • busybox syslogd

For rsyslog (default in Wheezy and later):

rsyslogd -v

If syslogd isn't running, you can start it with:

systemctl start rsyslog   # systemd systems
service rsyslog start     # sysvinit systems

For debugging startup issues:

journalctl -u rsyslog     # systemd
cat /var/log/syslog | grep rsyslog