Scribd
Upload
53 views9 pages

Unix / Linux - System Logging - Tutorialspoint

- Unix systems use a flexible logging system called syslog to record system information. Individual programs send log messages to the syslog daemon, which writes messages to log files based on configuration rules. - Syslog defines facilities to identify the source of a log message and priorities to indicate importance. Messages are matched to selectors combining facilities and priorities to determine the logging action. - Common actions include writing to log files, displaying on consoles, or sending to remote syslog servers. The /etc/syslog.conf configuration file defines which selectors map to which actions.

Uploaded by

krkama
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
53 views9 pages

Unix / Linux - System Logging - Tutorialspoint

- Unix systems use a flexible logging system called syslog to record system information. Individual programs send log messages to the syslog daemon, which writes messages to log files based on configuration rules. - Syslog defines facilities to identify the source of a log message and priorities to indicate importance. Messages are matched to selectors combining facilities and priorities to determine the logging action. - Common actions include writing to log files, displaying on consoles, or sending to remote syslog servers. The /etc/syslog.conf configuration file defines which selectors map to which actions.

Uploaded by

krkama
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

Unix / Linux - System Logging - Tutorialspoint https://www.tutorialspoint.com/unix/unix-system...

Unix / Linux - System Logging

In this chapter, we will discuss in detail about system logging in Unix.

Unix systems have a very flexible and powerful logging system, which enables you to record
almost anything you can imagine and then manipulate the logs to retrieve the information
you require.

Many versions of Unix provide a general-purpose logging facility called syslog. Individual
programs that need to have information logged, send the information to syslog.

Unix syslog is a host-configurable, uniform system logging facility. The system uses a
centralized system logging process that runs the program /etc/syslogd or /etc/syslog.

The operation of the system logger is quite straightforward. Programs send their log entries
to syslogd, which consults the configuration file /etc/syslogd.conf or /etc/syslog and, when
a match is found, writes the log message to the desired log file.

There are four basic syslog terms that you should understand −

Sr.No. Term & Description

1
Facility

The identifier used to describe the application or process that submitted the log
message. For example, mail, kernel, and ftp.

2
Priority

An indicator of the importance of the message. Levels are defined within syslog
as guidelines, from debugging information to critical events.

3
Selector

A combination of one or more facilities and levels. When an incoming event


matches a selector, an action is performed.

4
Action

What happens to an incoming message that matches a selector — Actions can


write the message to a log file, echo the message to a console or other device,
write the message to a logged in user, or send the message along to another
syslog server.

1 of 9 03/04/20, 5:26 pm
Unix / Linux - System Logging - Tutorialspoint https://www.tutorialspoint.com/unix/unix-system...

Syslog Facilities
We will now understand about the syslog facilities. Here are the available facilities for the
selector. Not all facilities are present on all versions of Unix.

2 of 9 03/04/20, 5:26 pm
Unix / Linux - System Logging - Tutorialspoint https://www.tutorialspoint.com/unix/unix-system...

Facility Description

1
auth

Activity related to requesting name and password (getty, su, login)

2
authpriv

Same as auth but logged to a file that can only be read by selected users

3
console

Used to capture messages that are generally directed to the system console

4
cron

Messages from the cron system scheduler

5
daemon

System daemon catch-all

6
ftp

Messages relating to the ftp daemon

7
kern

Kernel messages

8
local0.local7

Local facilities defined per site

9
lpr

Messages from the line printing system

10
mail

Messages relating to the mail system

3 of 9 03/04/20, 5:26 pm
Unix / Linux - System Logging - Tutorialspoint https://www.tutorialspoint.com/unix/unix-system...

11
mark

Pseudo-event used to generate timestamps in log files

12
news

Messages relating to network news protocol (nntp)

13
ntp

Messages relating to network time protocol

14
user

Regular user processes

15
uucp

UUCP subsystem

Syslog Priorities
The syslog priorities are summarized in the following table −

4 of 9 03/04/20, 5:26 pm
Unix / Linux - System Logging - Tutorialspoint https://www.tutorialspoint.com/unix/unix-system...

Sr.No. Priority & Description

1
emerg

Emergency condition, such as an imminent system crash, usually broadcast to


all users

2
alert

Condition that should be corrected immediately, such as a corrupted system


database

3
crit

Critical condition, such as a hardware error

4
err

Ordinary error

5
Warning

Warning

6
notice

Condition that is not an error, but possibly should be handled in a special way

7
info

Informational message

8
debug

Messages that are used when debugging programs

9
none

Pseudo level used to specify not to log messages

The combination of facilities and levels enables you to be discerning about what is logged
and where that information goes.

As each program sends its messages dutifully to the system logger, the logger makes

5 of 9 03/04/20, 5:26 pm
Unix / Linux - System Logging - Tutorialspoint https://www.tutorialspoint.com/unix/unix-system...

decisions on what to keep track of and what to discard based on the levels defined in the
selector.

When you specify a level, the system will keep track of everything at that level and higher.

The /etc/syslog.conf file


The /etc/syslog.conf file controls where messages are logged. A typical syslog.conf file
might look like this −

*.err;kern.debug;auth.notice /dev/console
daemon,auth.notice /var/log/messages
lpr.info /var/log/lpr.log
mail.* /var/log/mail.log
ftp.* /var/log/ftp.log
auth.* @prep.ai.mit.edu
auth.* root,amrood
netinfo.err /var/log/netinfo.log
install.* /var/log/install.log
*.emerg *
*.alert |program_name
mark.* /dev/console

Each line of the file contains two parts −

A message selector that specifies which kind of messages to log. For example, all
error messages or all debugging messages from the kernel.

An action field that says what should be done with the message. For example, put
it in a file or send the message to a user's terminal.

Following are the notable points for the above configuration −

Message selectors have two parts: a facility and a priority. For example,
kern.debug selects all debug messages (the priority) generated by the kernel (the
facility).

Message selector kern.debug selects all priorities that are greater than debug.

An asterisk in place of either the facility or the priority indicates "all". For example,
*.debug means all debug messages, while kern.* means all messages generated
by the kernel.

You can also use commas to specify multiple facilities. Two or more selectors can
be grouped together by using a semicolon.

Logging Actions
The action field specifies one of five actions −

6 of 9 03/04/20, 5:26 pm
Unix / Linux - System Logging - Tutorialspoint https://www.tutorialspoint.com/unix/unix-system...

Log message to a file or a device. For example, /var/log/lpr.log or /dev/console.

Send a message to a user. You can specify multiple usernames by separating them
with commas; for example, root, amrood.

Send a message to all users. In this case, the action field consists of an asterisk;
for example, *.

Pipe the message to a program. In this case, the program is specified after the
Unix pipe symbol (|).

Send the message to the syslog on another host. In this case, the action field
consists of a hostname, preceded by an at sign; for example, @tutorialspoint.com.

The logger Command


Unix provides the logger command, which is an extremely useful command to deal with
system logging. The logger command sends logging messages to the syslogd daemon, and
consequently provokes system logging.

This means we can check from the command line at any time the syslogd daemon and its
configuration. The logger command provides a method for adding one-line entries to the
system log file from the command line.

The format of the command is −

logger [-i] [-f file] [-p priority] [-t tag] [message]...

Here is the detail of the parameters −

7 of 9 03/04/20, 5:26 pm
Unix / Linux - System Logging - Tutorialspoint https://www.tutorialspoint.com/unix/unix-system...

Sr.No. Option & Description

1
-f filename

Uses the contents of file filename as the message to log.

2
-i

Logs the process ID of the logger process with each line.

3
-p priority

Enters the message with the specified priority (specified selector entry); the
message priority can be specified numerically, or as a facility.priority pair. The
default priority is user.notice.

4
-t tag

Marks each line added to the log with the specified tag.

5
message

The string arguments whose contents are concatenated together in the specified
order, separated by the space.

You can use Manpage Help to check complete syntax for this command.

Log Rotation
Log files have the propensity to grow very fast and consume large amounts of disk space.
To enable log rotations, most distributions use tools such as newsyslog or logrotate.

These tools should be called on a frequent time interval using the cron daemon. Check the
man pages for newsyslog or logrotate for more details.

Important Log Locations


All the system applications create their log files in /var/log and its sub-directories. Here are
few important applications and their corresponding log directories −

8 of 9 03/04/20, 5:26 pm
Unix / Linux - System Logging - Tutorialspoint https://www.tutorialspoint.com/unix/unix-system...

Application Directory

httpd /var/log/httpd

samba /var/log/samba

cron /var/log/

mail /var/log/

mysql /var/log/

9 of 9 03/04/20, 5:26 pm

You might also like