Scribd
Upload
3 views

041 System Logging

This document provides an overview of system logging in Linux, covering the syslog standard, facilities and severities, syslog servers, logging rules, and how to generate log messages. It also discusses log rotation and configuration examples for managing log files. Key components include the syslog standard, logging rules, and the use of tools like logger and logrotate.

Uploaded by

Shivansh Pratap Singh
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
3 views

041 System Logging

This document provides an overview of system logging in Linux, covering the syslog standard, facilities and severities, syslog servers, logging rules, and how to generate log messages. It also discusses log rotation and configuration examples for managing log files. Key components include the syslog standard, logging rules, and the use of tools like logger and logrotate.

Uploaded by

Shivansh Pratap Singh
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 21

System Logging

LinuxTrainingAcademy.com
What You Will Learn

● The syslog standard


● Facilities and severities
● Syslog servers
● Logging rules
● Where logs are stored
● How to generate your own log messages
● Rotating log files
LinuxTrainingAcademy.com
The Syslog Standard
● Aids in the processing of messages.
● Allows logging to be centrally controlled.
● Uses facilities and severities to categorize
messages.

LinuxTrainingAcademy.com
Number Keyword Description
0 kern kernel messages
1 user user-level messages
2 mail mail system
3 daemon system daemons
4 auth security/authorization messages
5 syslog messages generated by syslogd
6 lpr line printer subsystem
7 news network news subsystem
8 uucp UUCP subsystem
9 clock daemon
10 authpriv security/authorization messages
LinuxTrainingAcademy.com
Number Keyword Description
11 ftp FTP daemon
12 - NTP subsystem
13 - log audit
14 - log alert
15 cron clock daemon
16 local0 local use 0 (local0)
16 local1 local use 0 (local1)
16 local2 local use 0 (local2)
16 local3 local use 0 (local3)
...
23 local7 local use 7 (local7) LinuxTrainingAcademy.com
Code Severity Keyword Description
0 Emergency emerg (panic) System is unusable
1 Alert alert Action must be taken
immediately
2 Critical crit Critical conditions
3 Error err (error) Error conditions
4 Warning warning (warn) Warning conditions
5 Notice notice Normal but
significant condition
6 Info info Informational
messages
7 Debug debug Debug-level messages
LinuxTrainingAcademy.com
Syslog Servers
● Process syslog messages based on rules.
● syslogd
● rsyslog
● syslog-ng

LinuxTrainingAcademy.com
rsyslog
/etc/rsyslog.conf:

$IncludeConfig /etc/rsyslog.d/*.conf

LinuxTrainingAcademy.com
Logging Rules
● Selector field
○ FACILITY.SEVERITY
○ mail.*
○ mail
○ FACILITY.none
○ FACILITY_1.SEVERITY; FACILITY_2.SEVERITY
● Action field
○ Determines how a message is processed
LinuxTrainingAcademy.com
Example Logging Rule
mail.* /var/log/mail.log

LinuxTrainingAcademy.com
Caching vs Non-caching
● Caching is used if the path starts with a
hyphen
○ mail.info -/var/log/mail.info
● You may lose some messages during a system
crash if you are using caching mode.
● Using caching mode can improve I/O
performance.
LinuxTrainingAcademy.com
Example Logging Rules
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err

LinuxTrainingAcademy.com
Example Logging Rules
auth,authpriv.* /var/log/auth.log
*.*;auth.none,authpriv.none -/var/log/syslog

LinuxTrainingAcademy.com
Example Logging Rules
*.info;mail.none;authpriv.none;cron.none /var/log/messages

LinuxTrainingAcademy.com
logger
logger [options] message

Options:
-p FACILITY.SEVERITY
-t TAG

LinuxTrainingAcademy.com
logger
$ logger -p mail.info -t mailtest "Test."
$ sudo tail -1 /var/log/mail.log
Apr 4 14:33:16 linuxsvr mailtest: Test.

LinuxTrainingAcademy.com
logrotate
/etc/logrotate.conf:

include /etc/logrotate.d

LinuxTrainingAcademy.com
Example logrotate.conf
weekly
rotate 4
create
compressed
include /etc/logrotate.d

LinuxTrainingAcademy.com
/var/log/debug
/var/log/messages
{
rotate 4
weekly
missingok
notifempty
compress
sharedscripts
postrotate
reload rsyslog >/dev/null 2>&1 || true
endscript
}
LinuxTrainingAcademy.com
Test the logrotate configuration
# logrotate -fv /etc/logrotate.conf

LinuxTrainingAcademy.com
Summary

● The syslog standard


● Facilities and severities
● Syslog servers
● Logging rules
● How to generate your own log messages
● Using logrotate

LinuxTrainingAcademy.com

You might also like