DistributedNetworks DistributedNetworks


Kernel Logging   «Prev  Next»

Configuring System Log

This page describes how to add entries to /etc/syslog.conf to personally configure the system logging.
The following screen illustrates the results.
/etc/rc.d/init.d/syslog restart
Entries to /etc/syslog.conf to personally configure the system logging.

Administrative log files

One of the things that Linux does well is keep track of itself. This is a good thing, when you consider how much can go wrong with a complex operating system. Sometimes you are trying to get a new facility to work and it fails without giving you the foggiest reason why. Other times you want to monitor your system to see if people are trying to access your computer illegally. In any of those cases, you can use log files to help track down the problem.
The main utilities for logging error and debugging messages for Linux are the syslogd and klogd daemons. General system logging is done by syslogd. Logging that is specific to kernel activity is done by klogd. Logging is done according to information in the /etc/syslog.conf file. Messages are typically directed to log files that are usually in the /var/log directory. Here are some common log files from that directory and the messages they contain:

  1. boot.log: Contains messages related to system services starting and stopping when Linux boots up and shuts down, respectively.
  2. cron: Contains messages output by the cron command (which is used to run tasks at set times). Here you can see when tasks start and any error conditions that may have occurred.
  3. dmesg: Contains boot-up messages that can be useful in debugging hardware failures. (You can run the dmesg command to see these messages.)
  4. maillog: Activities of the sendmail daemon (which forwards e-mail to other computers) are logged in this file.
  5. messages: Messages associated with many daemon processes are directed to the messages file.
  6. secure: Contains messages that may indicate security breeches. Connections from remote hosts are logged, as are attempts to log in to your system.
  7. xferlog: Shows which files have been transferred to and from your FTP server.

Run debugging

If you are not getting connected at all, the first thing to do is to turn on logging for PPP. This will help you track down the problem. If you are still stumped after looking at the logging output, take the log file and have an expert review it. Make sure that debugging is turned on by setting DEBUG=yes in the ifcfg−ppp0 file. Tip I recommend posting your failed PPP output to the comp.protocol.ppp newsgroup, where some very smart PPP experts can help answer your questions. Before you post, however, read a few days’ worth of messages from the group. Chances are that someone has already run into the same problem and has a solution. Also, post only the parts of the log file that are relevant. To have debugging directed to a separate log file for PPP, add these lines to the /etc/syslog.conf file:

daemon.* /var/log/pppmsg
local2.* /var/log/pppmsg

After this, restart the syslogd daemon process as follows: # service syslog restart
It is best to try to do this debugging process from the desktop because it helps to have several Terminal windows open (I would suggest at least three). From the first window, start a command that lists the contents of the log file we just defined above (pppmsg) as debug messages come in:
# tail −f /var/log/pppmsg