Log In | Register | March 28, 2024

Share
 

Linux - June 19, 2012

Locate and interpret system log files.

Logs are a good way to pin point issues or security breaches. You can configure what is logged by editing the /etc/rsyslog.conf file. The priority of the message will determine which file the logged text is going to be written to. There are 9 priorities that you should be familiar with. The priorities are none, debug, info, notice, warn, err, crit, alert, emerg where debug is the lowest priority and emerg is the highest and none means not to log anything. .

In order to assure that your logs are being written you need to make sure that the rsyslog service is running. You can do this by running the following.

service rsyslog status

The above command will inform you if the rsyslog is running or stopped. If its stopped you can start it using the following.

service rsyslog start

To make sure that rsyslog is started each time your system is booted you can run the following.

chkconfig rsyslog on

Locating Log Files
Your log files can be found in the /var/log directory. Here you will see a list of different log files each with a different purpose. You can familiarize yourself with each log by reading through the /etc/rsyslog.conf file. Below are some examples I often check.

Log Files
/var/log/messages = Logs anything of the info level or higher except for mail and authentication messages.
/var/log/secure = Logs all of the authentication attempts on the server.
/var/log/cron = Logs all cron related information.
/var/log/maillog = Logs all mail messages.
/var/log/boot.log = Logs boot related messages.

Post By: | FavoriteLoadingAdd to favorites

1 Comments

mducanada
Thursday, October 18, 2012

see also :

1.utmpdump /var/log/wtmp

(if you do it with vi, the file won’t be human readable)

2. dmesg
to print all boot messages

Leave a Comment



Need Help? Ask a Question

Ask anything you want from how to questions to debug. We're here to help.

You Must Be Logged In To Post A Question.

Log In or Register