Unix / Linux - System Logging

Hello there, future Unix/Linux wizards! Today, we're diving into the fascinating world of system logging. Don't worry if you're new to this – I'll be your friendly guide through this journey, just as I've been for countless students over the years. Let's get started!

Unix / Linux - System Logging

What is System Logging?

Before we jump into the nitty-gritty, let's understand what system logging is all about. Imagine you're a detective trying to solve a mystery in your computer. System logs are like your trusty notebook, recording everything that happens in your system. Cool, right?

Why is it Important?

System logging is crucial for:

  1. Troubleshooting issues
  2. Monitoring system health
  3. Detecting security breaches
  4. Compliance with regulations

Now that we know why it's important, let's explore the components of system logging.

Syslog Facilities

Syslog facilities are like different departments in a big company. Each department handles specific types of information. Here's a table of some common syslog facilities:

Facility Description
auth Authentication and security events
cron Cron daemon (scheduled tasks)
daemon Various system daemons
kern Kernel messages
mail Mail system
user User-level messages

For example, if you see a log entry with "mail" as the facility, you know it's related to your email system. Pretty handy, isn't it?

Syslog Priorities

Now, not all logs are created equal. Some are more urgent than others. That's where syslog priorities come in. Think of them as the urgency levels of a hospital.

Here's a table of syslog priorities, from most to least severe:

Priority Keyword Description
0 emerg System is unusable
1 alert Action must be taken immediately
2 crit Critical conditions
3 err Error conditions
4 warning Warning conditions
5 notice Normal but significant condition
6 info Informational messages
7 debug Debug-level messages

For instance, if your system encounters a "crit" (critical) event, it's time to put on your superhero cape and save the day!

The /etc/syslog.conf File

Now, let's talk about the mastermind behind system logging: the /etc/syslog.conf file. This file is like the director of a play, telling each actor (log) where to go and what to do.

Here's an example of what you might find in this file:

mail.*                  /var/log/mail
*.err                   /var/log/errors
kern.*                  /var/log/kernel

Let's break this down:

  • mail.* means "all mail facility logs"
  • *.err means "all error priority logs from any facility"
  • kern.* means "all kernel facility logs"

The part after the space tells where these logs should be stored. Cool, right?

Logging Actions

Logging actions determine what happens to the logs. Here are some common actions:

  1. File logging: Logs are written to a file Example: mail.* /var/log/mail

  2. Named pipes: Logs are sent to a named pipe Example: mail.* |/usr/bin/mypipe

  3. Console/terminal: Logs are displayed on the console Example: *.emerg *

  4. Remote machine: Logs are sent to another machine Example: *.* @192.168.1.100

The logger Command

The logger command is like your personal messenger for the syslog system. You can use it to create your own log entries. Here's how:

logger "Hello, syslog!"

This will create a log entry with the message "Hello, syslog!". You can check it in /var/log/messages or wherever your system stores user logs.

You can also specify the priority:

logger -p user.err "Oops, something went wrong!"

This creates an error-level log in the user facility.

Log Rotation

Imagine if we never cleaned out our closets – they'd get pretty full, right? The same goes for log files. That's where log rotation comes in. It's like a regular spring cleaning for your logs.

Log rotation typically:

  1. Renames the current log file
  2. Creates a new empty log file
  3. Compresses old log files
  4. Deletes very old log files

Here's a simple example of a log rotation configuration (/etc/logrotate.d/myapp):

/var/log/myapp.log {
    weekly
    rotate 4
    compress
    missingok
    notifempty
}

This configuration:

  • Rotates the log weekly
  • Keeps 4 old versions
  • Compresses old logs
  • Doesn't complain if the log is missing
  • Doesn't rotate empty logs

Important Log Locations

Finally, let's look at where you can find some important logs. It's like a treasure map for system information!

Log File Description
/var/log/messages General system messages
/var/log/auth.log Authentication logs
/var/log/kern.log Kernel logs
/var/log/cron.log Cron job logs
/var/log/maillog Mail server logs
/var/log/apache2/error.log Apache error logs
/var/log/mysql/error.log MySQL error logs

Remember, these locations might vary depending on your specific Linux distribution.

And there you have it, folks! You've just completed a whirlwind tour of Unix/Linux system logging. From understanding what logging is and why it's important, to exploring the various components like facilities, priorities, and log rotation, you're now equipped with the knowledge to start your system logging adventure.

Remember, the best way to learn is by doing. So don't be afraid to explore your system's logs, try out the logger command, and maybe even set up some custom logging rules. Happy logging, and may your systems always run smoothly!

Credits: Image by storyset