How to start, stop and query the status of rsyslog (on a systemd system)

This short tutorial explains everyday service management. While it claims to address management of rsyslog, it actually describes the tools for all services. The tutorial is written for CentOS 7, but should work equally well on other systemd-based systems like CentOS 8, recent Fedora, recent Debian and recent Ubuntu.

To start rsyslog, emit a

systemctl start rsyslog

similarly, to stop it emit

systemctl stop rsyslog

If you want to do both, use

systemctl restart rsyslog

The restart operation is usually required to activate a rsyslog config change.

Especially if something is not working as expected, you may want to check rsyslog status. This is done via

systemctl restart rsyslog

There is an alternate way of checking status and that is by looking at the /var/log/messages (note: on non-Red-Hat systems the file name is usually different). This method can provide more insight into rsyslog error messages, especially if there are many of them. You can also search the file easily for older ones. Note that some users may point you at journalctl for this purpose, but I deliberately keep things as simple as possible. Journalctl for sure is an other good method.

Detail information on systemctl (and journalctl) can be found in its respective man page (e.g. “man systemctl”)