Complete Documentation on Syslog, Rsyslog, Journald, and Alerting on Debian 12

Complete Documentation on Syslog, Rsyslog, Journald, and Alerting on Debian 12

December 25, 2025
By Sarah THEOULLE
Share:
Share

About this Post

This comprehensive guide on syslog, rsyslog, journald, and alerting on Debian 12 was originally written in LaTeX for precise technical documentation. Below is a structured summary. For the complete document with all diagrams and detailed formatting, please refer to the full source.

The original LaTeX document includes detailed technical diagrams, code examples, and implementation guides for:

  • Linux logging system overview
  • Rsyslog configuration and internals
  • Kernel logs and log file structure
  • Remote log server setup
  • Docker logging integration
  • Alerting and observability pipelines
  • Security, retention, and monitoring best practices

Key Topics

📋 Core Logging

  • • Syslog protocol (RFC3164 vs RFC5424)
  • • Facilities and severity levels
  • • Rsyslog configuration and rules
  • • Kernel logs (dmesg, /var/log/kern.log)

🌐 Remote Logging

  • • Remote log server setup
  • • UDP/TCP forwarding (port 514)
  • • Client configuration and testing
  • • Firewall and security rules

⚙️ Systemd & Docker

  • • Systemd-journald integration
  • • Journalctl commands and usage
  • • Docker logging drivers
  • • Log rotation and persistence

🚨 Alerting & Monitoring

  • • Promtail to Loki setup
  • • Alert rules and routing
  • • Alertmanager configuration
  • • Structured logging (CEE/JSON)

🔐 Security & Hardening

  • • TLS encryption for log forwarding
  • • Authentication and certificates
  • • Queue and backpressure handling
  • • Retention and compliance

📊 Operations

  • • Logrotate configuration
  • • Monitoring dashboards
  • • Synthetic testing
  • • Failure recovery and drills

Complete Technical Content

This post contains a complete technical guide with:

  • ✓ Detailed configuration examples for rsyslog, journald, and logrotate
  • ✓ Step-by-step setup for remote log servers on Debian 12
  • ✓ Docker logging driver configuration and integration patterns
  • ✓ Promtail-to-Loki pipeline with alert rules and Alertmanager routing
  • ✓ Structured logging with RFC5424 and JSON parsing (CEE)
  • ✓ Security hardening with TLS, authentication, and access control
  • ✓ Monitoring, testing, and operational best practices
  • ✓ Technical diagrams for Docker logging flow and syslog message flow