1 / 13

Syslog and Log Files

Syslog and Log Files. From logfiles, you can find important information History Errors/warnings Logging policies Reset log files at periodic intervals Rotate log file Compress and archive Throw away. Syslog and Log files. Where are the log files?

Download Presentation

Syslog and Log Files

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Syslog and Log Files • From logfiles, you can find • important information • History • Errors/warnings • Logging policies • Reset log files at periodic intervals • Rotate log file • Compress and archive • Throw away Syslog and log files

  2. Syslog and Log files • Where are the log files? • Random log names scattered across dirs/filesystems • Two common places: • /var/adm • /var/log • To locate your log file: • Read the man for individual daemons • Read the system startup scripts • Check syslog’s configuration file /etc/syslog.conf Syslog and log files

  3. Logs (see P 208 for more) Syslog and log files

  4. Syslog • Is a comprehensive logging system • Manage the information generated by • the kernel • the system utilities • Has two important function • Liberate programmers • Put administrators in control of logging • Very flexible • Sort message by source, importance • Route the message to • log file • users’ terminals, • Remote machines • Thus, Centralize the logging for a network Syslog and log files

  5. Example • Colossus • /var/adm/messages • Kernel.notice – ufs quota • auth.error – sshd pentential probe of service • /var/adm/sulog • /var/log/syslog • /var/log/authlog • /var/log/dmesg • /etc/syslog.conf • Wopr.csl.mtu.edu • /var/log/messages • Lots of sshd messages • /etc/syslog.conf • Dafinn.cs.mtu.edu • Where is httpd log file? • /etc/init.d/httpd • /etc/httpd/conf • ServerRoot • ErrorLog • Symbolic links • Where is print log file? • /etc/init.d/cups • /etc/cups/cupsd.conf • /var/log/cups Syslog and log files

  6. Syslog • Syslog consists of three parts • The logging daemon: • syslogd • config file /etc/syslog.conf • Library routines: openlog et al. • User-level log submit command: logger • Syslogd • Is started at the boot time • Write the messages • Reads message from special file /dev/log (or others depending on the system), then • Consults with the configuration file, then • Dispatches each message to the appropriate destination Syslog and log files

  7. Syslog • Restart syslogd to • make config change take effect • truncate or rotate the log • Send a HUP signal # kill –HUP `/bin/cat /var/run/syslog.pid` • Configuring syslogd • /etc/syslog.conf controls syslogd’s behavior • The basic format is Selector <Tab> action • Selectors identify the program and message’s severity level with the format Facility:level • Facility, level must be kernel ware names Syslog and log files

  8. Valid facility names Kern User mail Daemon Auth Lpr Cron Syslog Mark local0-7 ftp … Valid levels (descending severity) emerg alert crit err warning notice info debug none Syslog Syslog and log files

  9. Syslog • Selectors can be combined • Separated by semicolon ; • * to represent all facilities except mark • Actions: • Filename • @hostname • @ipaddress • User1, user2, … • * • Example: *.err;kern.debug;daemon.notice;mail.crit /var/adm/messages kern.notice /var/log/kern.notice *.alert;kern.err;daemon.err operator *.alert root Syslog and log files

  10. Syslog • central logging host • Keep the log one place, easy to check. • Need a stable server • What if netloghost is down? • The time stamp does not reflect the time on the originating host Syslog and log files

  11. Using syslog from programs • Functions • Openlog • Syslog • Closelog • C calls void openlog(const char *ident, int option, int facility); void syslog(int priority, const char *format, ...); void closelog(void); • Perl calls Use Sys::Syslog; Openlog(ident, logopt, facility) Syslog(priority, message, …) Closelog() Syslog and log files

  12. Logger • Logger command • Create a log entry • Debug syslogd’s configuration file • Example: • After a new line was added to syslog.conf Local5.warning /tmp/evi.log • Run $ logger –p local5.warning “test message” • To see if “test message” is written in /tmp/evi.log Syslog and log files

  13. Log analyzer • Get the related info out of lines • Write up your own scripts • Check for certain patterns • Send email to you • Commonly used log postprocessors • Swatch • Logcheck • Couple of things to look for • Security-related messages • Disk full • Messages that are repeated many times Syslog and log files

More Related