logo
Linux User
OpenSource Apache Embedded C Linux MySQL Perl PHP Samba

This site is owned by GBDirect, the UK's leading Open Source training company.

Part of the Open Source Training UK directory.


Navigation
Project News
Backups
Cron
Logging
Environment
Internet Resources
Documentation
Runlevels
Booting
Disk Quotas
Filesystem Structure
Filesystem Integrity
Mounting & Unmounting
Partitions & Filesystems
Ownership and Permissions
Fileystem Concepts
Advanced Shell Usage
Job Control
Regular Expressions
Pipes and Redirects
Basic File Management
Unix Command Line
Filtering Text Streams
Vendor Neutral Certification
Project Overview
Downloads
Partnerships
Linux Training Courses
About Us
Course Diary

Module Release November 2003: Logging and Log Rotation

This month's offering deals with system logging, i.e., recording significant system events and managing the records created.

LPI Objective 1.111.3 (‘Configure and use system log files to meet administrative and security needs’) expects you to be able to:

“configure system logs … managing the type and level of information logged, manually scanning log files for notable activity, monitoring log files, arranging for automatic rotation and archiving of logs and tracking down problems noted in logs”

This module begins by explaining how the syslog dæmon can be used to log administratively significant events from key services on the system.

The daemon is configured in the /etc/syslog.conf file. Each line of the file simply contains two items: the facility.level and destination. The facility is the creator of the message — one of auth, authpriv, cron, daemon, kern, lpr, mail, news, syslog, user, or local0 through to local7. The level is a severity threshold beyond which messages will be logged — one of (from lowest to highest): debug, info, notice, warning, err, crit, alert, emerg. The meanings of the shorthand should be fairly clear. The destination indicates where messages selected by the facility and level will be sent and normally the name of a log file (under /var/log), or /dev/console to send messages to the system console.

The module then looks at how the syslog dæmon can be started, stopped or forced to reread it's configuration. A few pointers are provided on how to read the different logs using tools like less and grep.

Finally, the module ends by describing how log rotation and tools like logrotate can be used to manage the problem of ever-growing log files. In essence, logorotate periodically starts a new log file for each service, making a copy of the original log file for archive purposes.