Windows-to-Linux roadmap: Part 5. Linux logging - La page d'accueil

November 11, 2003 ... example, there may be logs associated with running a mail server, resource sharing, automatic ... Any text tool can be used to work with log files. .... You can also sign up to receive a free Linux Software Evaluation Kit, ...
Télécharger le PDF
122KB taille 1 téléchargements 349 vues
commentaire
Report
Windows-to-Linux roadmap: Part 5. Linux logging

Search for:

within Use + - ( ) " "

IBM home IBM developerWorks

|

Products & services

All of dW Search help

|

Support & downloads

|

My account

> Linux

Windows-to-Linux roadmap: Part 5. Linux logging Contents:

Working with logs

Ready? Rotate!

Level: Introductory

Log tools Customized logging

Chris Walden (cmwalden-at-us.ibm.com) e-business Architect, IBM Developer Relations November 11, 2003

Log configuration in Webmin Logging in your life Resources About the author Rate this article

IBM e-business architect Chris Walden is your guide through a nine-part developerWorks series on moving your operational skills from a Windows to a Linux environment. In this part, we track, manipulate, and rotate logs for security and informational purposes.

Related content: Rest of the roadmap Addressing security issues in Linux Understanding Linux configuration files Technical FAQ for Linux users

One of the keys to success in managing any system is to know what is happening on the system. Linux offers exceptional logging, and the detail in the logs is configurable.

Subscribe to the developerWorks newsletter developerWorks Toolbox subscription

Also in the Linux zone:

Linux logs are in plain text, so you can search and read them without having to use special tools. You can also write scripts that scan through logs and perform automatic functions based on the contents.

Tutorials Tools and products Code and components Articles

Linux logs are contained in the /var/log directory. There are several log files that are maintained by the system, but other services and programs may put their log files here too. Most logs are only readable by root, but that can be changed by simply changing the access rights to the file.

/var/log/messages The messages log is the core system log file. It contains the boot messages when the system came up as well as other status messages as the system runs. Errors with IO, networking, and other general system errors are reported in this file. Other information, such as when someone becomes root, is listed here as well. If services are running, such as DHCP servers, you can watch the action in the messages file. /var/log/messages is generally your first place to look when you are troubleshooting.

/var/log/XFree86.0.log This log shows the results of the last execution of the Xfree86 Xwindows server. If you are having problems getting the graphical mode to come up, this file will usually provide answers as to what is failing.

Other logs There will be other log files in the /var/log directory depending on your distribution of Linux and the services and applications that you are running. For example, there may be logs associated with running a mail server, resource sharing, automatic tasks, and others.

Ready? Rotate! You will see some files in the /var/log directory that end with a number. These are rotated archives. Log files can get rather large and cumbersome. Linux provides a command to rotate these logs so that you don't have current log information mixed with older irrelevant data. Generally logrotate runs automatically on a timed basis, but it can also be run manually. When executed, logrotate will take the current version of the log files and add a ".1" to the end of the filename. Then any other previously rotated files are sequenced with ".2," ".3," etc. The larger the number after a filename, the older the log is. http://www-106.ibm.com/developerworks/library/l-roadmap5/ (1 of 5)11/19/2003 5:45:05 AM

Windows-to-Linux roadmap: Part 5. Linux logging

You can configure the automatic behavior for logrotate by editing the /etc/logrotate.conf file. Learn the full details about logrotate with man logrotate.

Log tools Any text tool can be used to work with log files. Here are some tools that are particularly helpful. dmesg To get a quick view of the boot log for the last system boot, use the command dmesg. It generally puts out a lot of text, so you will generally want to pipe it through a viewer. dmesg | more

The command above will show the boot messages one screen page at a time. tail Sometimes you want to keep an eye on a log file as activity is occurring. Tail is designed to show the last few lines of a text file. By adding the -f switch, tail will continue to show new output as it occurs. tail -f /var/log/messages

The command above will show the last ten lines of /var/log/messages, then continue to monitor the file and output any new activity. To stop the tail -f command, use Ctrl + C to break the processing. more More works the same as the DOS version. You can point it to a file, or pipe output through it to see the information one screen page at a time. For example, to show the contents of the Xfree86 startup log file one screen page at a time: more /var/log/XFree86.0.log

Use "q" or [Ctrl]-C to stop looking at a file. less Less is another text viewer, but it allows you to scroll through a file and search for information. less /var/log/messages

The command above will display the contents of the /var/log/messages file. Use "q" to quit viewing the file. Use "h" to get help on using less. logger You may want to put your own messages into the log file. You could just append the log message to the correct text file, but you would have to duplicate the log information style. Also, you would have to change your code if the logging system had been customized. The logger command lets you send your own messages to the logging facility. Use it in scripts to provide messages about execution and errors.

Customized logging There are two services, or daemons, that control logging, klogd and syslogd. klogd only deals with kernel messages. syslogd deals with other system messages, such as applications. You can configure the behavior of both by editing the files / etc/syslog.conf and /etc/sysconfig/syslog. Full custom logging is beyond the scope of this article, but full details can be found in the Resources listed at the end of this article. You can also learn much by looking at the man page for /etc/sylogd.conf. Essentially, each message generated by software provides some information to identify where the message came from and what message it is. The /etc/syslog.conf file allows you to specify what you want done with that kind of message. You can http://www-106.ibm.com/developerworks/library/l-roadmap5/ (2 of 5)11/19/2003 5:45:05 AM

Windows-to-Linux roadmap: Part 5. Linux logging

dump it to the messages file. You can dump it to a custom file. You can have it sent to a remote host where that host will process it according to its own syslogd configuration. Remote logging is an excellent security feature. By placing your logs on a remote system, you can prevent a security breach from easily covering its tracks by altering the log files. Here is an example of customized logging taken from the man /etc/syslog.conf page: Customized logging # Kernel messages are first, stored in the kernel # file, critical messages and higher ones also go # to another host and to the console # kern.* /var/adm/kernel kern.crit @finlandia kern.crit /dev/console kern.info;kern.!err /var/adm/kernel-info

The first rule directs any message that has the kernel facility to the file /var/adm/kernel. The second statement directs all kernel messages of the priority crit and higher to the remote host finlandia. This is useful, because if the host crashes and the disks get irreparable errors, you might not be able to read the stored messages. If they're on a remote host, too, you still can try to find out the reason for the crash. The third rule directs these messages to the actual console, so the person who works on the machine will get them, too. The fourth line tells the syslogd to save all kernel messages that come with priorities from info up to warning in the file /var/ adm/kernel- info. Everything from err and higher is excluded. The ability to customize logging like this provides a great deal of flexibility and control over the Linux environment.

Log configuration in Webmin Webmin has a module for working with log files. Figure 1. Webmin system log view

All configured log files are shown. Click on a log file to edit its configuration. http://www-106.ibm.com/developerworks/library/l-roadmap5/ (3 of 5)11/19/2003 5:45:05 AM

Windows-to-Linux roadmap: Part 5. Linux logging

Figure 2. Webmin log edit screen

Or you can click the View to see the contents of a log file. The Webmin module interacts with the /etc/syslog.conf file, so anything you do in one is reflected in the other.

Logging in your life Log files in Linux are critical to troubleshooting and maintaining your system. Linux logging is done to text files, so no proprietary tools are required to view the files. Text files are also easy to use with custom scripts and programs.

Viewing log files from the console Since log files in Linux are written in plain text, they do not require a special tool to interpret them. Any text file viewer can show a Linux log file. A browser, such as Mozilla, can display a log file, and provide search capability. Linux also has console tools to view text files. more, shows you a file one page at a time, just like the MS DOS version. The less command will display the file in a read-only viewer, which provides bi-directional scrolling and search capabilities. Try it now by entering less /var/log/messages at the command line.

Logs are rotated to keep them from getting too large and to separate the current information from much older data. Log rotation is configurable. Logging is highly configurable, and logs can even be stored on a separate system for security or backup purposes. You can generate system log messages out of your own scripts and programs that will be recognized and processed by the syslogd daemon.

Resources ●



Check out the other parts in the Windows-to-Linux roadmap series (developerWorks, November 2003). The syslog.conf man page contains an excellent description of how to configure logging. To access it, type info syslog.conf.



The syslogd man page has a good overall description of how syslogd works, including security issues. Type info syslogd.



The IBM developerWorks LPI certification 101 exam prep, Part 2: Basic administration covers shell pipelines,

http://www-106.ibm.com/developerworks/library/l-roadmap5/ (4 of 5)11/19/2003 5:45:05 AM

Windows-to-Linux roadmap: Part 5. Linux logging

redirection, and text processing commands. ●











Working with system logs is also covered in the IBM developerWorks tutorial "LPI certification 101 exam prep, Part 4: Advanced administration. The IBM developerWorks article "Addressing security issues in Linux" will help you get started with Linux security. You'll find more information on .config files in the IBM developerWorks article "Understanding Linux configuration files". Another great resource for those transitioning from Windows to Linux is the Technical FAQ for Linux users. For getting started with IBM software on Linux, there's no better resource than the Speed-start your Linux app page. You'll find installation tips and links to resources for DB2, Lotus Domino, WebSphere Application Server, WebSphere Studio, and more. You can also sign up to receive a free Linux Software Evaluation Kit, containing trial software and training resources. Find more resources for Linux developers in the developerWorks Linux zone.

About the author Chris Walden is an e-business Architect for IBM Developer Relations Technical Consulting (also known as the dragonslayers) in Austin, Texas, providing education, enablement, and consulting to IBM Business Partners. He is the official Linux fanatic on his hallway and does his best to spread the good news to all who will hear it. In addition to his architect duties, he manages the area's all-Linux infrastructure servers, which include file, print, and other application services in a mixed-platform user environment. Chris has ten years of experience in the computer industry ranging from field support to Web application development and consulting. You can reach Chris at cmwalden-at-us.ibm.com.

What do you think of this document? Killer! (5)

Good stuff (4)

So-so; not bad (3)

Comments?

Submit feedback IBM developerWorks

> Linux

About IBM

|

Privacy

|

Terms of use

|

Contact

http://www-106.ibm.com/developerworks/library/l-roadmap5/ (5 of 5)11/19/2003 5:45:05 AM

Needs work (2)

Lame! (1)