% Unix/Linux system logging, log files, kernel messages % Ian! D. Allen - idallen@idallen.ca - www.idallen.com % Fall 2012 - September to December 2012 - Updated Mon Nov 26 09:48:05 EST 2012 System Logging - syslog and /var/log/ ===================================== System technicians need to know what is happening on the system, and Linux provides an extensive logging system. The logging handles logs generated by the Linux kernel and by other processes. Logging of program and system messages is handled by a **syslog** process, a process that listens for connections and writes messages to log files. System logging is configured via files in **`/etc`** such as **`/etc/syslog.conf`**, **`/etc/rsyslog.conf`**, etc. The syslog process is started by system start-up scripts such as klogd, sysklogd, rsyslogd, etc. The main daemon (program) name is usually something like “syslogd” or “rsyslogd” or “klogd”. $ ps laxww | grep syslog $ ps laxww | grep klogd Logs are usually stored under directory **`/var/log/`**; but, the configuration file for the **`syslog`** program can put the files anywhere. A useful command to use is one that shows which log files have changed recently, using the “time” option to **`ls`**: $ ls -lt /var/log | less - logging needs a system log daemon running to receive log messages: - the daemon is started via a Run Level script such as **`/etc/init.d/rsyslog`** - to find the logging script, try:  **`$ ls -ld /etc/init.d/*log*`** - syslog uses a config file, e.g. **`/etc/syslog.conf`** or maybe **`/etc/rsyslog.conf`** - to find the config file, try:  **`$ ls -ld /etc/*log*`** - the config file assigns types of logging to various file names - usual syslog log file directory:  **`/var/log/*`** - know how to find out where the logs are kept! Kernel messages --------------- - The **`dmesg`** command shows the kernel message ring buffer: - **`$ dmesg | less`** - works without any log daemons running - doesn’t need a file system - messages are kept in memory - limited size; no archiving - kernel messages may also be saved under **`/var/log/`** somewhere Review ------ - Q: What file controls and configures system logging? - Q: Under what directory are most log files usually stored? - Q: Where are the log files for the Apache HTTP Server? - Q: What command shows the kernel ring buffer, even if logging isn’t enabled? -- | Ian! D. Allen - idallen@idallen.ca - Ottawa, Ontario, Canada | Home Page: http://idallen.com/ Contact Improv: http://contactimprov.ca/ | College professor (Free/Libre GNU+Linux) at: http://teaching.idallen.com/ | Defend digital freedom: http://eff.org/ and have fun: http://fools.ca/ [Plain Text] - plain text version of this page in [Pandoc Markdown] format [Plain Text]: 805_system_log_files.txt [Pandoc Markdown]: http://johnmacfarlane.net/pandoc/