Administration – Working with System Logs
Most Linux systems are configured to log many of the activities that occur on those systems. Those activities are then written to log files located in the /var/log directory or its subdirectories. This logging is done by the Syslog facility.
Linux uses the syslogd (system log daemon) and klogd (kernel log daemon) from the sysklogd and klogd packages to manage system logging. Those daemons are started automatically from the syslog init script (/etc/init.d/sysklogd). Information about system activities is then directed to files in the /var/log directory such as messages, secure, cron, and boot.log, based on settings in the /etc/syslog .conf file.
Automatic log rotation is handled by logrotate, based on settings in the /etc/logrotate.conf file and /etc/logrotate.d directory. The /etc/cron.daily/logrotate cronjob causes this daily log rotating to take place.
You can check any of the log files manually (using vi or another favorite text editor). However, if you install the logwatch package, highlights of your log files will automatically be mailed to your root user’s mailbox every day. You can change both the recipient and the sender address of that mail by editing the /etc/cron.daily/0logwatch file. To prevent e-mail loops, you should change the sender address to a real e-mail address when the recipient is not on the local machine. Another way to change the recipient is to forward root’s e-mail to another address by editing /etc/aliases and running newaliases to enact the changes. Otherwise, just log in as root and use a mail client, as described in Chapter 12, to read the logwatch email messages:
You can send your own messages to the syslogd logging facility using the logger command. Here are a couple of examples:
Message added to messages file
$ logger Added new video card
Priority, tag, message file
$ logger -p info -t CARD -f /tmp/my.txt
In the first example, the words Added new video card are sent to the messages file. In the second example, the priority of the message is set to info, and a tag of CARD is added to each line in the message.