syslog and log files
Download
Skip this Video
Download Presentation
Syslog and Log Files

Loading in 2 Seconds...

play fullscreen
1 / 13

Syslog and Log Files - PowerPoint PPT Presentation


  • 96 Views
  • Uploaded on

Syslog and Log Files. From logfiles, you can find important information History Errors/warnings Logging policies Reset log files at periodic intervals Rotate log file Compress and archive Throw away. Syslog and Log files. Where are the log files?

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Syslog and Log Files' - jaime-mcdowell


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
syslog and log files
Syslog and Log Files
  • From logfiles, you can find
    • important information
    • History
    • Errors/warnings
  • Logging policies
    • Reset log files at periodic intervals
    • Rotate log file
    • Compress and archive
    • Throw away

Syslog and log files

syslog and log files1
Syslog and Log files
  • Where are the log files?
    • Random log names scattered across dirs/filesystems
      • Two common places:
        • /var/adm
        • /var/log
    • To locate your log file:
      • Read the man for individual daemons
      • Read the system startup scripts
      • Check syslog’s configuration file /etc/syslog.conf

Syslog and log files

logs see p 208 for more
Logs (see P 208 for more)

Syslog and log files

syslog
Syslog
  • Is a comprehensive logging system
    • Manage the information generated by
      • the kernel
      • the system utilities
    • Has two important function
      • Liberate programmers
      • Put administrators in control of logging
    • Very flexible
      • Sort message by source, importance
      • Route the message to
        • log file
        • users’ terminals,
        • Remote machines
      • Thus, Centralize the logging for a network

Syslog and log files

example
Example
  • Colossus
    • /var/adm/messages
      • Kernel.notice – ufs quota
      • auth.error – sshd pentential probe of service
    • /var/adm/sulog
    • /var/log/syslog
    • /var/log/authlog
    • /var/log/dmesg
    • /etc/syslog.conf
  • Wopr.csl.mtu.edu
    • /var/log/messages
      • Lots of sshd messages
    • /etc/syslog.conf
  • Dafinn.cs.mtu.edu
    • Where is httpd log file?
      • /etc/init.d/httpd
      • /etc/httpd/conf
        • ServerRoot
        • ErrorLog
        • Symbolic links
    • Where is print log file?
      • /etc/init.d/cups
        • /etc/cups/cupsd.conf
        • /var/log/cups

Syslog and log files

syslog1
Syslog
  • Syslog consists of three parts
    • The logging daemon:
      • syslogd
      • config file /etc/syslog.conf
    • Library routines: openlog et al.
    • User-level log submit command: logger
  • Syslogd
    • Is started at the boot time
    • Write the messages
      • Reads message from special file /dev/log (or others depending on the system), then
      • Consults with the configuration file, then
      • Dispatches each message to the appropriate destination

Syslog and log files

syslog2
Syslog
  • Restart syslogd to
    • make config change take effect
    • truncate or rotate the log
  • Send a HUP signal

# kill –HUP `/bin/cat /var/run/syslog.pid`

  • Configuring syslogd
    • /etc/syslog.conf controls syslogd’s behavior
    • The basic format is

Selector <Tab> action

    • Selectors identify the program and message’s severity level with the format

Facility:level

    • Facility, level must be kernel ware names

Syslog and log files

syslog3
Valid facility names

Kern

User

mail

Daemon

Auth

Lpr

Cron

Syslog

Mark

local0-7

ftp

Valid levels (descending severity)

emerg

alert

crit

err

warning

notice

info

debug

none

Syslog

Syslog and log files

syslog4
Syslog
  • Selectors can be combined
    • Separated by semicolon ;
    • * to represent all facilities except mark
  • Actions:
    • Filename
    • @hostname
    • @ipaddress
    • User1, user2, …
    • *
  • Example:

*.err;kern.debug;daemon.notice;mail.crit /var/adm/messages

kern.notice /var/log/kern.notice

*.alert;kern.err;daemon.err operator

*.alert root

Syslog and log files

syslog5
Syslog
  • central logging host
    • Keep the log one place, easy to check.
    • Need a stable server
      • What if netloghost is down?
    • The time stamp does not reflect the time on the originating host

Syslog and log files

using syslog from programs
Using syslog from programs
  • Functions
    • Openlog
    • Syslog
    • Closelog
  • C calls

void openlog(const char *ident, int option, int facility);

void syslog(int priority, const char *format, ...);

void closelog(void);

  • Perl calls

Use Sys::Syslog;

Openlog(ident, logopt, facility)

Syslog(priority, message, …)

Closelog()

Syslog and log files

logger
Logger
  • Logger command
    • Create a log entry
    • Debug syslogd’s configuration file
      • Example:
        • After a new line was added to syslog.conf

Local5.warning /tmp/evi.log

        • Run

$ logger –p local5.warning “test message”

        • To see if “test message” is written in /tmp/evi.log

Syslog and log files

log analyzer
Log analyzer
  • Get the related info out of lines
    • Write up your own scripts
      • Check for certain patterns
      • Send email to you
    • Commonly used log postprocessors
      • Swatch
      • Logcheck
  • Couple of things to look for
    • Security-related messages
    • Disk full
    • Messages that are repeated many times

Syslog and log files

ad