Working with Log - Syslog
Saturday, June 20, 2009
Working with Log - Syslog
Linux applications use syslog utility to log application related error and status messages to a file, by default in /var/log directory.
By default the syslog utility is running in your system to log messages. By default your syslog server accepts log messages from your local system. We can configure a centralized log server in our network that eventually eases track log messaging.
The files related with syslog are /etc/syslog.conf and /etc/sysconfig/syslog.
The /etc/syslog.conf defines in which files log messages will be written. The /etc/sysconfig/syslog file defines mode of operation, whether it will allow remote system to send log messages or not.
A sample /etc/syslog.conf is as follows –
In the default file, it defines –
/var/log/messages is a “general purpose” log, many application logs messages here.
/var/log/secure records login attempts, session related information.
/var/log/maillog contains information about mailing
/var/log/cron allows crond daemon to log messages
/var/log/boot.log contains log messages related to service – start/stop/shutdows information.
Briefly, the syslog service accepts log messages from different programs and writes the messages to appropriate files,generally in /var/log directory.
If you want to configure syslog service to accept log-messages from remote system, you have to configure /etc/sysconfig/syslog file as follows. Note the highlighted section in the following screen shot of /etc/sysconfig/syslog file –
in Syslog Server
Here, what I have done is, replace SYSLOGD_OPTIONS=”-m 0” with
SYSLOGD_OPTIONS=”-m 0 –r”
Now, go to the Linux Client, the system that will send log-messages to your log-server, and do the following – assuming the IP address and name of your log-server is 172.16.1.230 and redhatlinux .
Modify /etc/hosts file by adding the following entry -
172.16.1.230 redhatlinux
Modify /etc/syslog.conf as follows –
authpriv.* @redhatlinux
The above syntax will tell the syslog service to send authentication related information to your syslog server.
Now, restart the syslog service in both, client and server, system. Execute –
service syslog restart
One important thing I must tell. The log files are really helpful. If you are getting problem always check the related log file.
And for students preparing for RHCE exam, “If you fail to log in to your linux system, reboot your computer in single-user mode, check the /var/log/secure file”.
Linux applications use syslog utility to log application related error and status messages to a file, by default in /var/log directory.
By default the syslog utility is running in your system to log messages. By default your syslog server accepts log messages from your local system. We can configure a centralized log server in our network that eventually eases track log messaging.
The files related with syslog are /etc/syslog.conf and /etc/sysconfig/syslog.
The /etc/syslog.conf defines in which files log messages will be written. The /etc/sysconfig/syslog file defines mode of operation, whether it will allow remote system to send log messages or not.
A sample /etc/syslog.conf is as follows –
In the default file, it defines –
/var/log/messages is a “general purpose” log, many application logs messages here.
/var/log/secure records login attempts, session related information.
/var/log/maillog contains information about mailing
/var/log/cron allows crond daemon to log messages
/var/log/boot.log contains log messages related to service – start/stop/shutdows information.
Briefly, the syslog service accepts log messages from different programs and writes the messages to appropriate files,generally in /var/log directory.
If you want to configure syslog service to accept log-messages from remote system, you have to configure /etc/sysconfig/syslog file as follows. Note the highlighted section in the following screen shot of /etc/sysconfig/syslog file –
in Syslog Server
Here, what I have done is, replace SYSLOGD_OPTIONS=”-m 0” with
SYSLOGD_OPTIONS=”-m 0 –r”
Now, go to the Linux Client, the system that will send log-messages to your log-server, and do the following – assuming the IP address and name of your log-server is 172.16.1.230 and redhatlinux .
Modify /etc/hosts file by adding the following entry -
172.16.1.230 redhatlinux
Modify /etc/syslog.conf as follows –
authpriv.* @redhatlinux
The above syntax will tell the syslog service to send authentication related information to your syslog server.
Now, restart the syslog service in both, client and server, system. Execute –
service syslog restart
One important thing I must tell. The log files are really helpful. If you are getting problem always check the related log file.
And for students preparing for RHCE exam, “If you fail to log in to your linux system, reboot your computer in single-user mode, check the /var/log/secure file”.
Labels: command, configuration, Linux, linux administrator guide, linux security, log error, log messages, pocket linux guide, red hat linux guide, syslog, syslog server, syslog service, working with log
posted by Gautam at 1:30 AM, | 
Post a Comment