• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

The Geek Diary

CONCEPTS | BASICS | HOWTO

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • Linux Services
    • VCS
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
    • Data Guard
  • DevOps
    • Docker
    • Shell Scripting
  • Interview Questions
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

Linux OS Service ‘syslog’

By admin

Syslog is the general standard for logging system and program messages in the Linux environment. This service constitutes the system log daemon, where any program can do its logging (debug, security, normal operation) through in addition the Linux kernel messages.

In principle, the logs handled by syslog are available in the /var/log/ directory on Linux system:

# ls /var/log
boot.log                 cloud-init-output.log                   firewalld           maillog            rhsm              tallylog
anaconda                 btmp             cron                   gdm                 maillog-20151219   samba             tuned
audit                    btmp-20151219    cron-20151219          grubby              messages           secure            wpa_supplicant.log
auth.log                 choose_repo.log  dmesg                  grubby_prune_debug  messages-20151219  secure-20151219   wtmp
yum.log                  chrony           dmesg.old              lastlog             pm-powersave.log   spooler           xrdp.log

where some of the logs are dumped under a subdirectory like cups, samba, httpd. Among the logs under /var/log the /var/log/messages is the most common one as the kernel/core system logs are held there. The kernel modules generally dumps there too. So, for problem diagnosis / monitoring the /var/log/messages is the primary log file to examine.

The logs are rotated every week (renaming the existing log to filename.number order):

# ls -l /var/log/messages*
-rw------- 1 root root   1973 Jun 10 15:07 /var/log/messages
-rw------- 1 root root  10866 Jun  6 04:02 /var/log/messages.1
-rw------- 1 root root  19931 May 30 04:02 /var/log/messages.2
-rw------- 1 root root 238772 May 23 04:02 /var/log/messages.3
-rw------- 1 root root 171450 May 14 18:29 /var/log/messages.4

the weekly rotated log file is deleted after 4 weeks passed (total logs span a time of 5 weeks). This rotation mechanism is provided by crond and logrotate.

There is also rsyslogd provided by the rsyslog package which is a more reliable and extended version of syslogd. For more information install the rsyslog package and check man page of rsyslogd.

Service Control

To start the syslog service use any one of the below commands:

# service syslog start
# /etc/init.d/syslog start

To stop the syslog service use any one of the below commands:

# service syslog stop
# /etc/init.d/syslog stop

To see runlevel and service availability run:

# chkconfig --list syslog
syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off

If the service is disabled you can enable the service by:

# chkconfig --list syslog
syslog          0:off   1:off   2:off   3:off   4:off   5:off   6:off
# chkconfig syslog on
# chkconfig --list syslog
syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off

Configuration

The configuration file for syslogd service is /etc/sysconfig/syslog. The default file is like below:

# Options to syslogd
# -m 0 disables 'MARK' messages.
# -r enables logging from remote machines
# -x disables DNS lookups on messages recieved with -r
# See syslogd(8) for more details
SYSLOGD_OPTIONS="-m 0"
# Options to klogd
# -2 prints all kernel oops messages twice; once for klogd to decode, and
#    once for processing with 'ksymoops'
# -x disables all klogd processing of oops messages entirely
# See klogd(8) for more details
KLOGD_OPTIONS="-x"
#
SYSLOG_UMASK=077
# set this to a umask value to use for all log files as in umask(1).
# By default, all permissions are removed for "group" and "other".

There you see two different group of options for:
klogd – Kernel Log Daemon: This is the daemon that catches the messages from Linux kernel and logs them into files.
syslogd – System Log Daemon: Other message interception and logging.

The default configuration file lists some options where we can describe further:
syslogd options:

  • -m interval: Put a line with “MARK” every interval minutes. “-m 0” disables “MARK”‘ing entirely
  • -r: Used to enable the facility to receive message from the network using an internet domain socket with the syslog service.
  • -x: When logs arrive in from network (via -r option) the source addresses will be provided in the created logs. The addresses are to be looked up in DNS. If there are too frequent remote logging happening (and generally that is the case when there is a problem at the remote site), it is not preferred to spend time on DNS lookups. This option can be used to disable DNS lookups.
  • -S: verbose logging
  • -d: debug mode for syslogd

klogd options:

  • -2: Print the lines once with raw text, and once more with addresses converted to symbols. This would be needed for ksymoops to do processing on original data.
  • -x: Do not do EIP translation (for OOPS) not to read the System.map file (increased dump speed)
  • -d: debug mode for klogd
  • -c n: Default log level of console messages

umask: SYSLOG_UMASK controls the default access privileges / permissions for the generated log files.

Filed Under: Linux, Linux Services

Some more articles you might also be interested in …

  1. CentOS / RHEL : How to Install and Configure OpenSSH Server and Client
  2. /var/cache/yum Constantly Filling Files System in CentOS/RHEL
  3. CentOS / RHEL 7 : How to Enable the Old ethX Style Network Interfaces Names
  4. CentOS / RHEL 7 : How to configure kdump
  5. lvremove Command Fails With Error “LVM – Can’t remove open logical volume”
  6. What are DNS Nameserver Types in Linux
  7. CentOS / RHEL 6,7 : Why the files in /tmp directory gets deleted periodically
  8. How to create and mount Btrfs file system (explained with examples)
  9. lvcreate/lvremove Failed with Error “Can’t remove merging snapshot logical volume”
  10. How to enable the automatic extension for a thin LVM volume

You May Also Like

Primary Sidebar

Recent Posts

  • Failed to start LSB: Bring up/down networking – On restarting network service CentOS/RHEL (DHCP client)
  • How To Add Timestamps To dmesg Kernel Boot Log in CentOS/RHEL
  • How to disable ICMP redirects on CentOS/RHEL
  • What are Oracle Key Vault Roles
  • Archives
  • Contact Us
  • Copyright

© 2021 · The Geek Diary