% Unix/Linux system logging, log files, kernel messages, syslog, klog, dmesg % Ian! D. Allen -- -- [www.idallen.com] % Fall 2015 - September to December 2015 - Updated 2018-08-30 23:15 EDT - [Course Home Page] - [Course Outline] - [All Weeks] - [Plain Text] System Logging -- syslog and `/var/log/` ======================================== System technicians need to know what is happening on the system, and Linux provides an extensive logging system. The logging handles logs generated by the Linux kernel and by other processes. Logging of program and system messages is handled by a **syslog** process, a process that listens for connections from system programs and writes the messages it receives into log files. System logging is configured via files in `/etc` such as `/etc/syslog.conf`, `/etc/rsyslog.conf`, etc. The **syslog** process is started by system start-up scripts such as `klogd`, `sysklogd`, `rsyslogd`, etc. The main daemon (program) name is usually something like `syslogd` or `rsyslogd` or `klogd`. $ ps laxww | grep syslog $ ps laxww | grep klogd Logs are usually stored under directory `/var/log/`; but, the configuration file for the `syslog` program can put the files anywhere. A useful command to use is one that shows which log files have changed (been modified) recently, using the "time" option to `ls`: $ ls -lt /var/log | less - logging needs a system log daemon running to receive log messages: - the system logging daemon is started at system boot time - some systems start it using a legacy Run Level script such as `/etc/init.d/rsyslog` - some systems use a `systemd` init file such as `/etc/init/rsyslog.conf` - try finding it:  `$ ls -ld /etc/init*/*syslog*` - syslog uses a config file, e.g. `/etc/syslog.conf` or maybe `/etc/rsyslog.conf` - to find the config file, try a GLOB pattern match: `$ ls -ld /etc/*syslog*` - the logging config file assigns types of logging to various file names - the usual syslog directory is `/var/log/` - know how to find out where the logs are kept! Kernel ring buffer messages: `dmesg` ==================================== Where does the system write system logging messages before the system knows what disks it has, or when the disk has an error? - The `dmesg` command shows the in-memory kernel message ring buffer: - `$ dmesg | less` - built in to Linux; works without any log daemons running - doesn't need a file system -- messages are kept in memory - limited size; no archiving - start-up kernel messages may also be saved under `/var/log/` somewhere Review ------ - Q: What file controls and configures system logging? - Q: Under what directory are most log files usually stored? - Q: Where are the log files for the Apache HTTP Server? - Q: What command shows the kernel ring buffer, even if logging isn't enabled? Help on Lynda.com ----------------- You may find some parts of these [Lynda.com] videos useful for exploring system logs and maintenance. These links require you to have created a free account on lynda.com via the [Algonquin Lynda.com Link]: - -- | Ian! D. Allen, BA, MMath - idallen@idallen.ca - Ottawa, Ontario, Canada | Home Page: http://idallen.com/ Contact Improv: http://contactimprov.ca/ | College professor (Free/Libre GNU+Linux) at: http://teaching.idallen.com/ | Defend digital freedom: http://eff.org/ and have fun: http://fools.ca/ [Plain Text] - plain text version of this page in [Pandoc Markdown] format [www.idallen.com]: http://www.idallen.com/ [Course Home Page]: .. [Course Outline]: course_outline.pdf [All Weeks]: indexcgi.cgi [Plain Text]: 580_system_log_files.txt [Lynda.com]: http://lynda.com/ [Algonquin Lynda.com Link]: http://algonquincollege.com/onlineresources/mobileStudent/lynda.htm [Pandoc Markdown]: http://johnmacfarlane.net/pandoc/