04 system logging part 1
TRANSCRIPT
-
8/13/2019 04 System Logging Part 1
1/20
Autor: 26.04.13
CHAPTER 4 :
SYSTEM LOGGING
Puan Shahnita Binti Shaharin
-
8/13/2019 04 System Logging Part 1
2/20
Autor: 26.04.13
INTRODUCTION TO SYSTEM LOGS
Linux keeps detailed records of events withinthe system known as log files created by many programs
Sys. Admin refer to log file to determine the status of the system,
watch for intruders,
look for data about particular program or event
-
8/13/2019 04 System Logging Part 1
3/20
Autor: 26.04.13
INTRODUCTION TO SYSTEM LOGS
Commonly logged events and their log files
Event ath and filename of the log
!ain system messages "var"log"messages
#eb server transfer "var"log"httpd"access$log
%& server transfer "var"log"xferlog
E'mail server information "var"log"maillog
Automatic scriptexecution
"var"log"cron
messageslog file ("var"log"messages)contains message from Linux kernel and most ofthe programs in Linux
-
8/13/2019 04 System Logging Part 1
4/20
Autor: 26.04.13
PURPOSE OF LINUX LOG FILES
Events are in the background as the user logsin
*aemons special purpose background
process designed to watch for network activity
+un other programs
!onitor user actions the status information collected by daemon iswritten to log files, not displayed on the screen
-
8/13/2019 04 System Logging Part 1
5/20
Autor: 26.04.13
THE message FILE
!ain system log is stored in "var"log"messages !essage description of what is happening within a
program !ay report information, warning, serious error indicating a
program is about to crash ses a standard format
Each line makes up an individual log message Each message consists of - parts
&he date and t mewhen event being logged t mestamp
&he hostname(or computer name of the system which theevent occurred
&he name of the programgenerating the log message &he message textitself (may be more than one line)
-
8/13/2019 04 System Logging Part 1
6/20
Autor: 26.04.13
THE message FILE - example
Apr /0 12-3/1 shahnita kernel 4/-255./6/7/68 usb 2'/.7 roduct9C!/1-0
Apr /0 12-3/1 shahnita kernel 4/-255./6/7278 usb 2'/.7 !anufacturer9roadcom Corp
Apr /0 12-3/1 shahnita bluetoothd46338 :C; dev 1 registered
Apr /0 12-3/1 shahnita bluetoothd46338 Listening for :C; events on hci1
Apr /0 12-3/1 shahnita info? (eth1) preparingdevice.
Apr /0 12-3/1 shahnita info? (eth1)deactivating device (reason @managed@) 4/8
Apr /0 12-3/1 shahnita kernel 4/-255.2100738 ;v3A**+C
-
8/13/2019 04 System Logging Part 1
7/20
Autor: 26.04.13
syslogd and klogd DAEMONS
Every program uses a set of common function stored insystem libraries shared by many programs
System can use resources more efficiently %unct on set of computer programming code that
completes a certain task for any program that uses the
function Syslogis one of the function in the shared libraries
Any program can call this function, passing it amessage
Syslog function then writes these messages to the"var"log"messages file All the call to syslog function is manage by
background program called syslogd (system loggingdaemon)
urpose to watch for message submit by program
-
8/13/2019 04 System Logging Part 1
8/20
Autor: 26.04.13
syslogd and klogd DAEMONS
logd (kernel logging daemon) urpose Logs message submitted by Linux kernel
to "var"log"message file
:ow syslogd and klogd accept messages for the log files
-
8/13/2019 04 System Logging Part 1
9/20
Autor: 26.04.13
VIEWING BOOT MESSAGES
#hen turn on computer system, kernel bootsand initialiDe the comp hardware
&hen kernel starts the n tprogram start thesystem logging daemon syslogd and klogd
logd is not available when kernel initialiDe thecomp hardware
ernel writes messages to screen during system
startup (before klogd is active) this messageis also stored in the kernel ring buffer
-
8/13/2019 04 System Logging Part 1
10/20
Autor: 26.04.13
VIEWING BOOT MESSAGES
Cernel r ng buffer small area of memorythat holds internel kernel messages
;f kernel ring buffer becomes full the firstmessage (the oldest message) will be discarded
Ensures most recent message can be found in thebuffer
dmesgutility shows the content of the kernelring buffer view on the screen
Can be executed by any user not only root
F dmesg G less use less to browse file using
page up and page down
-
8/13/2019 04 System Logging Part 1
11/20
Autor: 26.04.13
VIEWING BOOT MESSAGES
F dmesg G less
4/31=6.7-5/138 usbcore registered new interface driver cdc$ether
4/31==.16=3708 scsi 3111 C*'+! C#;* S9 SCS; C*'
+! /.27 H 1 A
-
8/13/2019 04 System Logging Part 1
12/20
Autor: 26.04.13
VIEWING BOOT MESSAGES
*mesg contain much detailed info about howlinux recogniDe and initialiDe hardware of thesystem
Linux system store the dmesg output right after the
system started in case of hardware problem with linux
&he original boot messages are preserved even ifother messages are written to th kernel ring bufferlater on.
-
8/13/2019 04 System Logging Part 1
13/20
Autor: 26.04.13
CONFIGURING THE message LOG FILE
"var"log"message contain many types ofmessages from many different programs
9oth syslogd and klogd are configured usingsyslog.confconfiguration file stored in "etcdirectory
Syslog.conf determines where each type ofmessage from different programs will be logged
-
8/13/2019 04 System Logging Part 1
14/20
Autor: 26.04.13
FORMAT OF syslog.conf
Example J.infoKmail.noneKauthpriv.none "var"log"message
Lines begin with hash mark () are considered
comments ignored
facility.priorityK facility.priority Action
selector ptionaladditional selector
%ormat of each line in syslog.conf file
-
8/13/2019 04 System Logging Part 1
15/20
Autor: 26.04.13
FORMAT OF syslog.conf
Each line in syslog.conf contain / parts Selector set of code words that select what
events are being logged Action filename or username
%ilename determines which file the message of anevent will be written to sername determine which user@s screen the message
appears on (can also refer to a file on remotecomputer)
&he selector part is composed of / parts %acility code word that specifies which type ofprogram is being selected
riority code word that specifies the type ofmessage being selected for logging
-
8/13/2019 04 System Logging Part 1
16/20
-
8/13/2019 04 System Logging Part 1
17/20
Autor: 26.04.13
Facility
#hen a program wants to write a messsagein "var"log"messages
&he program issue a programming call to syslogfunction
rogram will indicate its program type or category
&he syslogd daemon use the category info todetermine where to write the message based onthe syslog.conf configuration file.
-
8/13/2019 04 System Logging Part 1
18/20
Autor: 26.04.13
Facility%acility description %acility name
!essage from user authentication utilities such as login auth
Special purpose (private) user authentication messages auth'priv
!essages from the cron program (used to control automated,scheduled tasks)
cron
!essages from all standard daemon or servers daemon
ernel messages (through klogd) kernrinter server messages lpr
!ail server messages (from !ail &ransfer Agent) mail
-
8/13/2019 04 System Logging Part 1
19/20
Autor: 26.04.13
Priorities
rogram in linux generate different types ofmessages
Eg ;nformation messages how the program is using
resources !essage indicate potential problem !essage indicate serious or critical problem
Each program can generate messages with
different priorities depend on seriousness ofthe event
-
8/13/2019 04 System Logging Part 1
20/20
Autor: 26.04.13
Priorities
riority description riority name
*ebungging messages used by programmers or thosetesting how a program works
debug
;nformational messages about what a progra is doing info
;nformation about noteworthy events occuring as aprogram executes notice
#arnings about potential problems with a program warning