Developer Forums | About Us | Site Map


Useful Lists

Web Host
site hosted by netplex

Online Manuals

Windows-to-Linux roadmap: Part 5 Linux Loggin
By Chris Walden - 2004-06-08 Page:  1 2 3 4

Customized logging

There are two services, or daemons, that control logging, klogd and syslogd. klogd only deals with kernel messages. syslogd deals with other system messages, such as applications. You can configure the behavior of both by editing the files /etc/syslog.conf and /etc/sysconfig/syslog. Full custom logging is beyond the scope of this article, but full details can be found in the Resources listed at the end of this article. You can also learn much by looking at the man page for /etc/sylogd.conf.

Essentially, each message generated by software provides some information to identify where the message came from and what message it is. The /etc/syslog.conf file allows you to specify what you want done with that kind of message. You can dump it to the messages file. You can dump it to a custom file. You can have it sent to a remote host where that host will process it according to its own syslogd configuration. Remote logging is an excellent security feature. By placing your logs on a remote system, you can prevent a security breach from easily covering its tracks by altering the log files.

Here is an example of customized logging taken from the man /etc/syslog.conf page:

Customized logging

              # Kernel messages are first, stored in the kernel
              # file, critical messages and higher ones also go
              # to another host and to the console
              kern.*                       /var/adm/kernel
              kern.crit                    @finlandia
              kern.crit                    /dev/console
    ;kern.!err          /var/adm/kernel-info

The first rule directs any message that has the kernel facility to the file /var/adm/kernel.

The second statement directs all kernel messages of the priority crit and higher to the remote host finlandia. This is useful, because if the host crashes and the disks get irreparable errors, you might not be able to read the stored messages. If they're on a remote host, too, you still can try to find out the reason for the crash.

The third rule directs these messages to the actual console, so the person who works on the machine will get them, too.

The fourth line tells the syslogd to save all kernel messages that come with priorities from info up to warning in the file /var/adm/kernel- info. Everything from err and higher is excluded.

The ability to customize logging like this provides a great deal of flexibility and control over the Linux environment.

View Windows-to-Linux roadmap: Part 5 Linux Loggin Discussion

Page:  1 2 3 4 Next Page: Log configuration in Webmin

First published by IBM developerWorks

Copyright 2004-2017 All rights reserved.
Article copyright and all rights retained by the author.