04 system logging part 1

8/13/2019 04 System Logging Part 1

1/20

Autor: 26.04.13

CHAPTER 4 :

SYSTEM LOGGING

Puan Shahnita Binti Shaharin


2/20

Autor: 26.04.13

INTRODUCTION TO SYSTEM LOGS

Linux keeps detailed records of events withinthe system known as log files created by many programs

Sys. Admin refer to log file to determine the status of the system,

watch for intruders,

look for data about particular program or event


3/20

Autor: 26.04.13

INTRODUCTION TO SYSTEM LOGS

Commonly logged events and their log files

Event ath and filename of the log

!ain system messages "var"log"messages

#eb server transfer "var"log"httpd"access$log

%& server transfer "var"log"xferlog

E'mail server information "var"log"maillog

Automatic scriptexecution

"var"log"cron

messageslog file ("var"log"messages)contains message from Linux kernel and most ofthe programs in Linux


4/20

Autor: 26.04.13

PURPOSE OF LINUX LOG FILES

Events are in the background as the user logsin

*aemons special purpose background

process designed to watch for network activity

+un other programs

!onitor user actions the status information collected by daemon iswritten to log files, not displayed on the screen


5/20

Autor: 26.04.13

THE message FILE

!ain system log is stored in "var"log"messages !essage description of what is happening within a

program !ay report information, warning, serious error indicating a

program is about to crash ses a standard format

Each line makes up an individual log message Each message consists of - parts

&he date and t mewhen event being logged t mestamp

&he hostname(or computer name of the system which theevent occurred

&he name of the programgenerating the log message &he message textitself (may be more than one line)


6/20

Autor: 26.04.13

THE message FILE - example

Apr /0 12-3/1 shahnita kernel 4/-255./6/7/68 usb 2'/.7 roduct9C!/1-0

Apr /0 12-3/1 shahnita kernel 4/-255./6/7278 usb 2'/.7 !anufacturer9roadcom Corp

Apr /0 12-3/1 shahnita bluetoothd46338 :C; dev 1 registered

Apr /0 12-3/1 shahnita bluetoothd46338 Listening for :C; events on hci1

Apr /0 12-3/1 shahnita info? (eth1) preparingdevice.

Apr /0 12-3/1 shahnita info? (eth1)deactivating device (reason @managed@) 4/8

Apr /0 12-3/1 shahnita kernel 4/-255.2100738 ;v3A**+C


7/20

Autor: 26.04.13

syslogd and klogd DAEMONS

Every program uses a set of common function stored insystem libraries shared by many programs

System can use resources more efficiently %unct on set of computer programming code that

completes a certain task for any program that uses the

function Syslogis one of the function in the shared libraries

Any program can call this function, passing it amessage

Syslog function then writes these messages to the"var"log"messages file All the call to syslog function is manage by

background program called syslogd (system loggingdaemon)

urpose to watch for message submit by program


8/20

Autor: 26.04.13

syslogd and klogd DAEMONS

logd (kernel logging daemon) urpose Logs message submitted by Linux kernel

to "var"log"message file

:ow syslogd and klogd accept messages for the log files


9/20

Autor: 26.04.13

VIEWING BOOT MESSAGES

#hen turn on computer system, kernel bootsand initialiDe the comp hardware

&hen kernel starts the n tprogram start thesystem logging daemon syslogd and klogd

logd is not available when kernel initialiDe thecomp hardware

ernel writes messages to screen during system

startup (before klogd is active) this messageis also stored in the kernel ring buffer


10/20

Autor: 26.04.13


Cernel r ng buffer small area of memorythat holds internel kernel messages

;f kernel ring buffer becomes full the firstmessage (the oldest message) will be discarded

Ensures most recent message can be found in thebuffer

dmesgutility shows the content of the kernelring buffer view on the screen

Can be executed by any user not only root

F dmesg G less use less to browse file using

page up and page down


11/20

Autor: 26.04.13


F dmesg G less

4/31=6.7-5/138 usbcore registered new interface driver cdc$ether

4/31==.16=3708 scsi 3111 C*'+! C#;* S9 SCS; C*'

+! /.27 H 1 A


12/20

Autor: 26.04.13


*mesg contain much detailed info about howlinux recogniDe and initialiDe hardware of thesystem

Linux system store the dmesg output right after the

system started in case of hardware problem with linux

&he original boot messages are preserved even ifother messages are written to th kernel ring bufferlater on.


13/20

Autor: 26.04.13

CONFIGURING THE message LOG FILE

"var"log"message contain many types ofmessages from many different programs

9oth syslogd and klogd are configured usingsyslog.confconfiguration file stored in "etcdirectory

Syslog.conf determines where each type ofmessage from different programs will be logged


14/20

Autor: 26.04.13

FORMAT OF syslog.conf

Example J.infoKmail.noneKauthpriv.none "var"log"message

Lines begin with hash mark () are considered

comments ignored

facility.priorityK facility.priority Action

selector ptionaladditional selector

%ormat of each line in syslog.conf file


15/20

Autor: 26.04.13

FORMAT OF syslog.conf

Each line in syslog.conf contain / parts Selector set of code words that select what

events are being logged Action filename or username

%ilename determines which file the message of anevent will be written to sername determine which user@s screen the message

appears on (can also refer to a file on remotecomputer)

&he selector part is composed of / parts %acility code word that specifies which type ofprogram is being selected

riority code word that specifies the type ofmessage being selected for logging


16/20


17/20

Autor: 26.04.13

Facility

#hen a program wants to write a messsagein "var"log"messages

&he program issue a programming call to syslogfunction

rogram will indicate its program type or category

&he syslogd daemon use the category info todetermine where to write the message based onthe syslog.conf configuration file.


18/20

Autor: 26.04.13

Facility%acility description %acility name

!essage from user authentication utilities such as login auth

Special purpose (private) user authentication messages auth'priv

!essages from the cron program (used to control automated,scheduled tasks)

cron

!essages from all standard daemon or servers daemon

ernel messages (through klogd) kernrinter server messages lpr

!ail server messages (from !ail &ransfer Agent) mail


19/20

Autor: 26.04.13

Priorities

rogram in linux generate different types ofmessages

Eg ;nformation messages how the program is using

resources !essage indicate potential problem !essage indicate serious or critical problem

Each program can generate messages with

different priorities depend on seriousness ofthe event


20/20

Autor: 26.04.13

Priorities

riority description riority name

*ebungging messages used by programmers or thosetesting how a program works

debug

;nformational messages about what a progra is doing info

;nformation about noteworthy events occuring as aprogram executes notice

#arnings about potential problems with a program warning

04 system logging part 1

Documents