A Log file is a text file that stores various kind of messages generated by Applications, Network Devices or Processes/Daemons.
If something goes wrong with your system, log files can offer you information to help deduce the problem.
Lets start with 'dmesg';
'dmesg' command prints out the information that you usually are not able to see while your system is booting. So its a good place to start to troubleshoot the problem.
Next lets discuss Linux Log files;
Linux log files are stored under the '/var/log' directory. If you issue the 'ls /var/log' command from a terminal you will see all the log files that are stored there. Following are some of the important log files under this directory;
* boot.log – boot information
* cron – cron logs
* cups – directory of all printing logs
* httpd – Apache logs
* mail – Mail server logs
* maillog – The mail log
* messages – Post-boot kernel information
* secure – Security log
* Xorg.0.log – X Server log
You can view the contents of any of these files with 'cat /var/log/filename'. You can add an optional 'less' if the log file is tool large and the output scrolls too fast, like 'cat /var/log/filename | less'. You should be logged in as 'root' to view the contents of these log files.
SYSLOG
There are various daemons in Linux that handle the log files. There is 'klogd' daemon that handles messages generated by kernel, the there is 'syslogd' daemon that handles messages generated by various applications/Network devices/Daemons etc. Additionally some applications handle or manage their own log files like 'Apache' and 'Samba'.
'klogd' and 'syslogd' daemons are part of the 'sysklod' package and are installed when this package is installed. Both these daemons are set to run whenever your system starts.
You can use 'rpm -qa | grep -i sysklogd' to confirm whether this package is installed on your system or not. Also you can use 'rpm -ql sysklogd' to list the files installed by this package.
Following is the output from the 'rpm -ql sysklogd' command;
/etc/logrotate.d/syslog
/etc/rc.d/init.d/syslog
/etc/syslog.conf
/etc/sysconfig/syslog
/usr/sbin/klogd
/usr/sbin/syslogd
/usr/doc/sysklogd-1.3
/usr/doc/sysklogd-1.3/ANNOUNCE
/usr/doc/sysklogd-1.3/INSTALL
/usr/doc/sysklogd-1.3/NEWS
/usr/doc/sysklogd-1.3/README.1st
/usr/doc/sysklogd-1.3/README.linux
/usr/doc/sysklogd-1.3/Sysklogd-1.3.lsm
/usr/man/man5/syslog.conf.5
/usr/man/man8/klogd.8
/usr/man/man8/sysklogd.8
/usr/man/man8/syslogd.8
'/etc/syslog.conf' is the primary configuration file for syslog. Entries in this file can be divided into three parts;
1. Facility (Applications, Network Devices, Daemons etc.)
2. Levels ( 0 to 7)
3. Target (location of the target where to send message: console,log or remote host)
Facility: It is name of the application, daemon or a network device that generates a message. These can be;
1. kern
2. user
3. lpr
4. mail
5.cron
6. authpriv
7. daemon
8. uucp
9. news
10. * - represents all facilities
Level : Messages generated by a facility can be divided into 8 level which represent their importance. Higher the number more important it is. Following are the list of these levels;
1. emergency(level 7)
2. alert(level 6)
3. critical(level 5)
4. error(level 4)
5. warning(level 3)
6. notice(level 2)
7. info(level 1)
8. debug(level 0)
Target: Target represents the location where the messages should be sent. They can be;
1. Terminal - /dev/console
2. Log File - /var/log/messages
3. Remote Host - @192.168.100.75
A Sample Rule in '/etc/syslog.conf': Following is a rule contained in the configuration file. Lets understand what it means.
"mail.info /var/log/mail"
In the above rule 'mail' is the facility which generates messages. Dot "." is used to separate facility from level of message. In this case the level is "info" which means messages generated by 'mail' facility that correspond to 'info' or any level above it will be trapped. The last part of this rule is '/var/log/mail' which represents the target, which is a log file named 'mail' under '/var/log' directory.
So in totality this rule says that messages generated by 'mail' facility that correspond to level 'info' or any higher level will be sent to and stored in '/var/log/mail' log file.
Hope the above information was useful.
You can watch the configuration steps in the following three part video series on 'SYSLOG' in Hindi.
SYSLOG PART 1
SYSLOG PART 2
SYSLOG PART 3
If something goes wrong with your system, log files can offer you information to help deduce the problem.
Lets start with 'dmesg';
'dmesg' command prints out the information that you usually are not able to see while your system is booting. So its a good place to start to troubleshoot the problem.
Next lets discuss Linux Log files;
Linux log files are stored under the '/var/log' directory. If you issue the 'ls /var/log' command from a terminal you will see all the log files that are stored there. Following are some of the important log files under this directory;
* boot.log – boot information
* cron – cron logs
* cups – directory of all printing logs
* httpd – Apache logs
* mail – Mail server logs
* maillog – The mail log
* messages – Post-boot kernel information
* secure – Security log
* Xorg.0.log – X Server log
You can view the contents of any of these files with 'cat /var/log/filename'. You can add an optional 'less' if the log file is tool large and the output scrolls too fast, like 'cat /var/log/filename | less'. You should be logged in as 'root' to view the contents of these log files.
SYSLOG
There are various daemons in Linux that handle the log files. There is 'klogd' daemon that handles messages generated by kernel, the there is 'syslogd' daemon that handles messages generated by various applications/Network devices/Daemons etc. Additionally some applications handle or manage their own log files like 'Apache' and 'Samba'.
'klogd' and 'syslogd' daemons are part of the 'sysklod' package and are installed when this package is installed. Both these daemons are set to run whenever your system starts.
You can use 'rpm -qa | grep -i sysklogd' to confirm whether this package is installed on your system or not. Also you can use 'rpm -ql sysklogd' to list the files installed by this package.
Following is the output from the 'rpm -ql sysklogd' command;
/etc/logrotate.d/syslog
/etc/rc.d/init.d/syslog
/etc/syslog.conf
/etc/sysconfig/syslog
/usr/sbin/klogd
/usr/sbin/syslogd
/usr/doc/sysklogd-1.3
/usr/doc/sysklogd-1.3/ANNOUNCE
/usr/doc/sysklogd-1.3/INSTALL
/usr/doc/sysklogd-1.3/NEWS
/usr/doc/sysklogd-1.3/README.1st
/usr/doc/sysklogd-1.3/README.linux
/usr/doc/sysklogd-1.3/Sysklogd-1.3.lsm
/usr/man/man5/syslog.conf.5
/usr/man/man8/klogd.8
/usr/man/man8/sysklogd.8
/usr/man/man8/syslogd.8
'/etc/syslog.conf' is the primary configuration file for syslog. Entries in this file can be divided into three parts;
1. Facility (Applications, Network Devices, Daemons etc.)
2. Levels ( 0 to 7)
3. Target (location of the target where to send message: console,log or remote host)
Facility: It is name of the application, daemon or a network device that generates a message. These can be;
1. kern
2. user
3. lpr
4. mail
5.cron
6. authpriv
7. daemon
8. uucp
9. news
10. * - represents all facilities
Level : Messages generated by a facility can be divided into 8 level which represent their importance. Higher the number more important it is. Following are the list of these levels;
1. emergency(level 7)
2. alert(level 6)
3. critical(level 5)
4. error(level 4)
5. warning(level 3)
6. notice(level 2)
7. info(level 1)
8. debug(level 0)
Target: Target represents the location where the messages should be sent. They can be;
1. Terminal - /dev/console
2. Log File - /var/log/messages
3. Remote Host - @192.168.100.75
A Sample Rule in '/etc/syslog.conf': Following is a rule contained in the configuration file. Lets understand what it means.
"mail.info /var/log/mail"
In the above rule 'mail' is the facility which generates messages. Dot "." is used to separate facility from level of message. In this case the level is "info" which means messages generated by 'mail' facility that correspond to 'info' or any level above it will be trapped. The last part of this rule is '/var/log/mail' which represents the target, which is a log file named 'mail' under '/var/log' directory.
So in totality this rule says that messages generated by 'mail' facility that correspond to level 'info' or any higher level will be sent to and stored in '/var/log/mail' log file.
Hope the above information was useful.
You can watch the configuration steps in the following three part video series on 'SYSLOG' in Hindi.
SYSLOG PART 1
SYSLOG PART 2
SYSLOG PART 3
