Logging
System Logging
- log data usually kept in /var
- service called syslog sends info to system logger
syslog components
syslogd
- daemon
- new distros use rsyslogd
- waits for event messages and filters them
- send to file, console, or do nothing with it.
/var/log/syslog
- view logs
syslog
- manages and sends logs to system logger
- rsyslog (new version)
- output found at /var/log/syslog
- except auth messages
/etc/rsyslog.d
- files maintained by your system logger
- denoted by selector on left and action on righjt
action= where to send log information
$ logger -s Hello
manually send a log
General logging
- important logs found under /var/log
/var/log/messages
- non critical and non debug messages
bootup logs (dmesg)
auth
cron
daemon
etc
/var/log/syslog
- everything except auth messages
- useful to debug errors
Kernel logging
/var/log/dmesg
- info about kernel ring buffer (logged on boot)
- hardware drivers, kernel info, bootup status, etc.
- gets reset on every boot
$ dmesg (view dmesg log)
/var/log/kern.log
- kernel info
- system events
- dmesg output
Authentication logging
/var/log/auth.log
- useful if you have trouble logging in
- contains system authorization logs
- user login and authorization method
Managing log files
logrotate
- log management
- has config file to specify how many and what logs to keep
- how to compress logs to save space etc.
- run out of cron once per day
- config file found in /etc/logrotate.d