Navigate

Linux OS Service ‘syslog’

Syslog is the general standard for logging system and program messages in the Linux environment. This service constitutes the system log daemon, where any program can do its logging (debug, security, normal operation) through in addition the Linux kernel messages.

In principle, the logs handled by syslog are available in the /var/log/ directory on Linux system:

# ls /var/log
boot.log                 cloud-init-output.log                   firewalld           maillog            rhsm              tallylog
anaconda                 btmp             cron                   gdm                 maillog-20151219   samba             tuned
audit                    btmp-20151219    cron-20151219          grubby              messages           secure            wpa_supplicant.log
auth.log                 choose_repo.log  dmesg                  grubby_prune_debug  messages-20151219  secure-20151219   wtmp
yum.log                  chrony           dmesg.old              lastlog             pm-powersave.log   spooler           xrdp.log

where some of the logs are dumped under a subdirectory like cups, samba, httpd. Among the logs under /var/log the /var/log/messages is the most common one as the kernel/core system logs are held there. The kernel modules generally dumps there too. So, for problem diagnosis / monitoring the /var/log/messages is the primary log file to examine.

The logs are rotated every week (renaming the existing log to filename.number order):

# ls -l /var/log/messages*
-rw------- 1 root root   1973 Jun 10 15:07 /var/log/messages
-rw------- 1 root root  10866 Jun  6 04:02 /var/log/messages.1
-rw------- 1 root root  19931 May 30 04:02 /var/log/messages.2
-rw------- 1 root root 238772 May 23 04:02 /var/log/messages.3
-rw------- 1 root root 171450 May 14 18:29 /var/log/messages.4

the weekly rotated log file is deleted after 4 weeks passed (total logs span a time of 5 weeks). This rotation mechanism is provided by crond and logrotate.

There is also rsyslogd provided by the rsyslog package which is a more reliable and extended version of syslogd. For more information install the rsyslog package and check man page of rsyslogd.

Service Control

To start the syslog service use any one of the below commands:

# service syslog start
# /etc/init.d/syslog start

To stop the syslog service use any one of the below commands:

# service syslog stop
# /etc/init.d/syslog stop

To see runlevel and service availability run:

# chkconfig --list syslog
syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off

If the service is disabled you can enable the service by:

# chkconfig --list syslog
syslog          0:off   1:off   2:off   3:off   4:off   5:off   6:off
# chkconfig syslog on
# chkconfig --list syslog
syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off

Configuration

The configuration file for syslogd service is /etc/sysconfig/syslog. The default file is like below:

# Options to syslogd
# -m 0 disables 'MARK' messages.
# -r enables logging from remote machines
# -x disables DNS lookups on messages recieved with -r
# See syslogd(8) for more details
SYSLOGD_OPTIONS="-m 0"
# Options to klogd
# -2 prints all kernel oops messages twice; once for klogd to decode, and
#    once for processing with 'ksymoops'
# -x disables all klogd processing of oops messages entirely
# See klogd(8) for more details
KLOGD_OPTIONS="-x"
#
SYSLOG_UMASK=077
# set this to a umask value to use for all log files as in umask(1).
# By default, all permissions are removed for "group" and "other".

There you see two different group of options for:
klogd – Kernel Log Daemon: This is the daemon that catches the messages from Linux kernel and logs them into files.
syslogd – System Log Daemon: Other message interception and logging.

The default configuration file lists some options where we can describe further:
syslogd options:

  • -m interval: Put a line with “MARK” every interval minutes. “-m 0” disables “MARK”‘ing entirely
  • -r: Used to enable the facility to receive message from the network using an internet domain socket with the syslog service.
  • -x: When logs arrive in from network (via -r option) the source addresses will be provided in the created logs. The addresses are to be looked up in DNS. If there are too frequent remote logging happening (and generally that is the case when there is a problem at the remote site), it is not preferred to spend time on DNS lookups. This option can be used to disable DNS lookups.
  • -S: verbose logging
  • -d: debug mode for syslogd

klogd options:

  • -2: Print the lines once with raw text, and once more with addresses converted to symbols. This would be needed for ksymoops to do processing on original data.
  • -x: Do not do EIP translation (for OOPS) not to read the System.map file (increased dump speed)
  • -d: debug mode for klogd
  • -c n: Default log level of console messages

umask: SYSLOG_UMASK controls the default access privileges / permissions for the generated log files.
Related Post
  1. mk Command Examples

    mk is a task runner tool commonly used for controlling the compilation process of executables…

  2. mixxx Command Examples

    Mixxx is a free and open-source DJ software designed for DJs of all skill levels.…

  3. mix Command Examples

    Mix is a versatile build tool designed specifically for Elixir projects. It offers a wide…

  4. mitmproxy Command Examples

    mitmproxy is an interactive HTTP proxy tool that operates as a man-in-the-middle (MITM) between a…

  5. mitmdump Command Examples

    mitmdump is a command-line tool that is part of the mitmproxy suite, which is designed…