HomeProgramUnix and Linux

System log in Unix / Linux

Unix systems have a very powerful and flexible logging system, which gives you the ability to record almost anything you can imagine and then manipulate this log to track the information you require.

Unix systems have a very powerful and flexible logging system, which gives you the ability to record almost anything you can imagine and then manipulate this log to track the information you require.

Many versions of Unix provide a general purpose easy-to-log facility called syslog. Each program needs log information sent to syslog.

Unix syslog is a configurable host, is the same system logging tool. The system uses a central system logging process that runs / etc / syslogd or / etc / syslog .

Operation of log logging system is not complicated. Programs send log entries to syslogd, which consults from the configuration file /etc/syslogd.conf or / etc / syslog and when a connection is found, it logs the log information to the log file. request.

The table below lists the four basic syslog entries that you should understand:

Item Description Description (identifier) ​​Identifier is used to describe the application or process that is submitted to the log message. Examples are mail, kernel, and ftp. Priority An important indication of notification. Levels are defined in syslog as a guideline, from correcting information errors to important events. Selector A connection of one or more media and levels. When a new event arrives connected to a selector, an action is performed. Action (Action) What happens when a new information arrives connected to a selector. Actions can record information to a log file, reflect information to a console or other device, write a message to the user's logging system or send a message with another syslog server.

The syslog means in Unix / Linux

Here are the facilities available for the selector. Not all media are present on all versions of Unix.

Facility Description activities related to name and password requests (getty, su, login) authpriv Same as auth but logs to a file that can only be read by selected users. Console Used to catch notifications that are usually sent directly to the system console. cron Notifications from cron system creator. System daemon daemon receives all. ftp Notifications related to ftp daemon system. kern kernel messages. local0.local7 Internal means defined for each site. lpr Notifications from the printing system line. mail Notifications regarding the mail system. mark False events are used to create timestamp in system files. news Notifications related to network news protocol ntp Notifications related to network time protocol. user Normal user processes. Uucp UUCP subsystem.

Syslog priority rights in Unix / Linux

The syslog priorities are summarized below:

Priority Describing emergency The state of emergency, such as an imminent system shutdown, is usually notified to all users. alert Status that should be corrected immediately, as a damaged system data. crit Serious condition, like a hardware error. err Common errors. warning Warning. notice Status that is not an error, but should probably be done in a special way. info Informative notice. debug Messages that are used when correcting programs errors. none The artificial levels are used to determine not to log messages.

The connection of media and levels gives you the ability to see clearly what is logged and where the information originates.

When each program takes its messages seriously to the logging system, the logger makes decisions about what to track and what to remove at the levels specified in the selector. .

When you define a level, the system will keep track of everything at that level and higher.

File /etc/syslog.conf in Unix / Linux

This file controls where messages are logged. A typical syslog.conf file might look like this:

 *. err ; kern . debug ; auth . notice / dev / console daemon , auth . notice / var / log / lpr messages . info / var / log / lpr . log mail . * / var / log / mail . log ftp . * / var / log / ftp . log auth . * @prep . who mit . edu auth . * root , amrood netinfo . err / var / log / netinfo . log install . * / var / log / install . log *. emerg * *. alert | program_name mark . * / dev / console

Each line of the file contains two parts:

A notification selector that determines the type of notification to log. For example, all error messages or all error correction messages from the kernel.

An action field that says what should be done with that message. For example, put it in a file or send a message to a user's terminal.

Here are the points of interest for the above configuration:

Message selectors consist of two parts: a method and a priority. For example, kern.debug selects all debug messages (with Priority) generated by the kernel (the Facility).

The kern.debug notification selector selects all priorities that prioritize error correction.

An asterisk * in the position or method or priority implies that "all". For example, * .debug means all error correction messages, while kern. * Means all messages generated by the kernel.

You can also use commas to specify multiple methods. Two or more selectors can be grouped together using a semicolon (;).

Logging actions in Unix / Linux

The action field identifies one of the following five actions:

  1. Logging information to a file or a device. For example, /var/log/lpr.log or / dev / console.
  2. Send a message to a user. You can specify multiple usernames by separating them with commas (eg root, amrood).
  3. Send a message to all users. In this case, the action field includes a *.
  4. Send a pipe message to a program. In this case, the program is defined after the pipe symbol (|).
  5. Send a message to syslog on another host. In this case, the action field includes a host name, preceded by a marker (eg @ tutorialspoint.com)

Logger command in Unix / Linux

Unix provides a logger command, which is a really useful command to solve the logging system. The logger command sends log messages to syslogd deamon , and thus triggers the logging system.

This means we can check from the command line at any time. The logger command provides a method to add a one-line input to the file logging system from the command line.

The format of the command is:

 logger [- i ] [- f file ] [- p priority ] [- t tag ] [ message ] .

Here are details about the parameters.

Function Description-f filename Use the content of the file name as a message to log. -i log the process ID of the logger process with each line. -p priority Enter the message with the priority defined (the selector entrance is defined); Message priority can be specified in numeric form or as a preferred pair of methods. The default priority is user.notice. -t tag Mark each line added to the log system with the specified tag. message The string parameters to which the content is connected together in the order specified, separated by the space.

Rotating log in Unix / Linux

Log files tend to increase very fast and take up a large amount of disk space. To enable log rotation, most versions use tools like newsyslog or logrotate .

These tools should be called on a regular space using the cron deamon. You access the Manpage Help chapter for more information about newsyslog or logrotate.

Important log locations in Unix / Linux

All system applications create log files in / var / log and its sub-directories. Here are some important applications and their corresponding log directories.

ApplicationThe folderchttpd / var / log / httpd samba / var / log / samba cron / var / log / mail / var / log / mysql / var / log /

According to Tutorialspoint

Previous article: System performance in Unix / Linux

Next article: Signal and Trap in Unix / Linux

4.5 ★ | 2 Vote

You should read it

Maybe you are interested

Unix and Linux