Syslog is the general standard (IETF) for logging system and program messages in the Linux environment.
This service constitutes the system log daemon, where any program can do its logging (debug, security, normal operation) through in addition the Linux kernel messages.
1 service syslog start
2 /etc/init.d/syslog start
# Options to syslogd
# -m 0 disables 'MARK' messages.
# -r enables logging from remote machines
# -x disables DNS lookups on messages recieved with -r
# See syslogd(8) for more details
# Options to klogd
# -2 prints all kernel oops messages twice; once for klogd to decode, and
# once for processing with 'ksymoops'
# -x disables all klogd processing of oops messages entirely
# See klogd(8) for more details
# set this to a umask value to use for all log files as in umask(1).
# By default, all permissions are removed for "group" and "other".
In principle, the logs handled by syslog are available in the /var/log/ directory on Linux system:
# ls /var/log
acpid cron.1 maillog.3 rpmpkgs.3 spooler.3
anaconda.log cron.2 maillog.4 rpmpkgs.4 spooler.4
anaconda.syslog cron.3 messages sa squid
anaconda.xlog cron.4 messages.1 samba tallylog
audit cups messages.2 scrollkeeper.log vbox
boot.log dmesg messages.3 secure wtmp
boot.log.1 faillog messages.4 secure.1 Xorg.0.log
boot.log.2 gdm oracle-validated secure.2 Xorg.0.log.old
boot.log.3 httpd pm secure.3 YaST2
boot.log.4 lastlog ppp secure.4 yum.log
btmp mail prelink setroubleshoot
conman maillog rpmpkgs spooler
conman.old maillog.1 rpmpkgs.1 spooler.1
cron maillog.2 rpmpkgs.2 spooler.2
where some of the logs are dumped under a subdirectory like cups, samba, httpd. Among the logs under /var/log the /var/log/messages is the most common one as the kernel / core system logs are held there. The kernel modules generally dumps there too. So, for problem diagnosis / monitoring the /var/log/messages is the primary log file to examine.
The logs are rotated every week (renaming the existing log to filename.number order):
# ls -l /var/log/messages*
-rw------- 1 root root 1973 Jun 10 15:07 /var/log/messages
-rw------- 1 root root 10866 Jun 6 04:02 /var/log/messages.1
-rw------- 1 root root 19931 May 30 04:02 /var/log/messages.2
-rw------- 1 root root 238772 May 23 04:02 /var/log/messages.3
-rw------- 1 root root 171450 May 14 18:29 /var/log/messages.4
Rsyslogd可以看作是syslogd的改良版，可通过man 8 rsyslogd查看详细信息。
- /var/log/messages – Contains global system messages, including the messages that are logged during system startup. There are several things that are logged in /var/log/messages including mail, cron, daemon, kern, auth, etc.
- /var/log/dmesg – Contains kernel ring buffer information. When the system boots up, it prints number of messages on the screen that displays information about the hardware devices that the kernel detects during boot process. These messages are available in kernel ring buffer and whenever the new message comes the old message gets overwritten. You can also view the content of this file using the dmesg command.
- /var/log/auth.log – Contains system authorization information, including user logins and authentication machinsm that were used.
- /var/log/boot.log – Contains information that are logged when the system boots
- /var/log/daemon.log – Contains information logged by the various background daemons that runs on the system
- /var/log/dpkg.log – Contains information that are logged when a package is installed or removed using dpkg command
- /var/log/kern.log – Contains information logged by the kernel. Helpful for you to troubleshoot a custom-built kernel.
- /var/log/lastlog – Displays the recent login information for all the users. This is not an ascii file. You should use lastlog command to view the content of this file.
- /var/log/maillog /var/log/mail.log – Contains the log information from the mail server that is running on the system. For example, sendmail logs information about all the sent items to this file
- /var/log/user.log – Contains information about all user level logs
- /var/log/Xorg.x.log – Log messages from the X
- /var/log/alternatives.log – Information by the update-alternatives are logged into this log file. On Ubuntu, update-alternatives maintains symbolic links determining default commands.
- /var/log/btmp – This file contains information about failed login attemps. Use the last command to view the btmp file. For example, “last -f /var/log/btmp | more”
- /var/log/cups – All printer and printing related log messages
- /var/log/anaconda.log – When you install Linux, all installation related messages are stored in this log file
- /var/log/yum.log – Contains information that are logged when a package is installed using yum
- /var/log/cron – Whenever cron daemon (or anacron) starts a cron job, it logs the information about the cron job in this file
- /var/log/secure – Contains information related to authentication and authorization privileges. For example, sshd logs all the messages here, including unsuccessful login.
- /var/log/wtmp or /var/log/utmp – Contains login records. Using wtmp you can find out who is logged into the system. who command uses this file to display the information.
- /var/log/faillog – Contains user failed login attemps. Use faillog command to display the content of this file.
来自 “ ITPUB博客 ” ，链接：http://blog.itpub.net/27203330/viewspace-737138/，如需转载，请注明出处，否则将追究法律责任。