Many Linux servers and daemons generate log messages for errors, warnings, requests, and diagnostic information. In most cases, these logs are not written directly to a file—instead, they are passed to the UNIX logging program syslog which decides what to do with each log message. Logs can be written to a file, sent to another server, passed to another program via a pipe, or even broadcast to all users logged into the system. Different types of messages from different servers can be logged using each of these methods.
Normally logs are written to files in the /var/log directory. On most Linux distributions the file /var/log/messages contains general information, error and warning messages, the file /var/log/mail records incoming and outgoing mail, and /var/log/secure records successful and failed logins. However, your system may have a totally different syslog configuration and so use different logfiles.
Each log message that is sent to syslog has three attributes—the program that it comes from, a facility, and a priority. The facility classifies the message, indicating which part of the system it is coming from. Facilities that are recognized on Linux are seen in Table 13.1.
The priority or log level associated with each message indicates how serious it is. Many servers generate messages with low priorities that contain only diagnostic or debugging information, which can safely be ignored. However, messages with higher priorities indicate a serious problem with a server or possibly the entire system. The recognized priorities on Linux (in order from least to most serious) are seen in Table 13.2.
The file /etc/syslog.conf contains the syslog configuration that controls which messages are logged to which files and destinations. Webmin reads and modifies this file directly to change your system's logging settings, and reads from the files in /var/log to display log messages.
Not all logs generated by all programs are controlled by syslog. For example, the Apache Web server writes directly to a log file that records every HTTP request that it receives. Other programs like Squid and Qmail also have their own private log files that are not under the control of syslog and so cannot be configured using the System Logs Webmin module. Some of these servers can be configured to log via syslog, but this is never the default and is usually a bad idea for programs that generate large numbers of log messages, such as Apache. See Chapters 29, 38, and 44 for more information on configuring logging in these servers.
18.227.0.249