13.1. Introduction to Logging

Many Linux servers and daemons generate log messages for errors, warnings, requests, and diagnostic information. In most cases, these logs are not written directly to a file—instead, they are passed to the UNIX logging program syslog which decides what to do with each log message. Logs can be written to a file, sent to another server, passed to another program via a pipe, or even broadcast to all users logged into the system. Different types of messages from different servers can be logged using each of these methods.

Normally logs are written to files in the /var/log directory. On most Linux distributions the file /var/log/messages contains general information, error and warning messages, the file /var/log/mail records incoming and outgoing mail, and /var/log/secure records successful and failed logins. However, your system may have a totally different syslog configuration and so use different logfiles.

Each log message that is sent to syslog has three attributes—the program that it comes from, a facility, and a priority. The facility classifies the message, indicating which part of the system it is coming from. Facilities that are recognized on Linux are seen in Table 13.1.

The priority or log level associated with each message indicates how serious it is. Many servers generate messages with low priorities that contain only diagnostic or debugging information, which can safely be ignored. However, messages with higher priorities indicate a serious problem with a server or possibly the entire system. The recognized priorities on Linux (in order from least to most serious) are seen in Table 13.2.

Table 13.1. System Logging Facilities and Their Sources
auth or authprivAll messages related to successful or failed authentication attempts will use this facility.
cronUsed for log messages from the Cron and At daemons.
daemonUsed for messages from other daemons, such as the NFS, NIS, and DHCP servers.
kernFor error, warning, and informational log messages that come from the kernel.
lprFor messages from the printer server and print commands.
mailFor email delivery logs, and error messages from Sendmail or Postfix.
newsFor messages from news servers like INN.
syslogUsed for log messages generated by the syslog daemon itself.
userFor generic user-level messages. Not often used.
uucpFor messages from the UUCP (UNIX to UNIX Copy) server programs, which are hardly ever used anymore.
local0 to local7These facilities are reserved for local use, such as by a server that can be configured to use a different facility.

Table 13.2. System Logging Priorities and Their Meanings
debugDebugging information only, which can be safely ignored.
infoAn information message indicating that something has occurred, but nothing serious.
noticeIndicates a normal but significant event.
warningA warning about some potential problem.
errAn error message indicating that something has failed.
critIndicates a critical problem of some kind.
alertAn extremely serious problem that must be looked into immediately.
emergIndicates imminent or actual system failure.

The file /etc/syslog.conf contains the syslog configuration that controls which messages are logged to which files and destinations. Webmin reads and modifies this file directly to change your system's logging settings, and reads from the files in /var/log to display log messages.

Not all logs generated by all programs are controlled by syslog. For example, the Apache Web server writes directly to a log file that records every HTTP request that it receives. Other programs like Squid and Qmail also have their own private log files that are not under the control of syslog and so cannot be configured using the System Logs Webmin module. Some of these servers can be configured to log via syslog, but this is never the default and is usually a bad idea for programs that generate large numbers of log messages, such as Apache. See Chapters 29, 38, and 44 for more information on configuring logging in these servers.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.227.0.249