| Lesson 5 | Configuring the system log |
| Objective | Configure the System Log. |
Configuring System Log
To configure the Linux system logging facility, use the
A facility[1] and severity[2] combine to form a selector. Linux predefines valid facilities and severities, which applications use to log entries to the system logger. To make a selector, place the facility name followed by a period in front of the severity. For example, an email program might use the
/etc/syslog.conf file. This file enables you to specify how log messages will be handled when they arrive, such as what file or host will log them. Every line in this file is called a rule. Rules map selectors to actions, which allows the Linux system logging facility to route messages of certain types to different locations.
For example, you might want to route debugging messages and critical messages to different locations.
A facility[1] and severity[2] combine to form a selector. Linux predefines valid facilities and severities, which applications use to log entries to the system logger. To make a selector, place the facility name followed by a period in front of the severity. For example, an email program might use the
mail.warn selector if it is unable to download your email.
Sending log messages to Different Locations
The system logger checks a log message's selector against selectors defined in
You can specify actions that
By default, emergency messages (those with a severity of
/etc/syslog.conf.
If the selector is configured in /etc/syslog.conf, the system logger performs the associated action.
You can specify actions that
- log the message to a file
- broadcast the message to all logged-in users
- write the message to the system console
- transmit the message to remote logging daemons across the network
By default, emergency messages (those with a severity of
emerg) are broadcast to all users, and most other messages are written to the standard system logfile /var/log/messages.
Click the link below to see how to configure the
/etc/syslog.conf file to log a selector to a particular logfile.
Configuring System Log
Alphanumeric Pager
If you would like to be notified immediately of emergency messages, you can configure Linux to send them to your alphanumeric pager.For firewall machines, you should send all logs to an internal machine for safekeeping. If a cracker breaks in and deletes your logs, you will have a copy on another machine. To erase those, the cracker would have to break into that machine as well, which takes time.
For example, to send a copy of every logged message to the
backup.internal.net machine, include the following entry in /etc/syslog.conf:
*.* @backup.internal.net
The asterisks (
*) are wildcards and indicate that anything matches. The "at" sign (@) signals that the following name (backup.internal.net) is a remote host on which to log messages.
More information on configuring system logging is available in the syslog.conf man page.
Restarting System Logger
Once you have made configuration changes, restart the system logging facility with
The next lesson explains how to maintain logs.
/etc/rc.d/init.d/syslog restart.
The next lesson explains how to maintain logs.
Configuring System Log
Before moving on to the next lesson, click the link below to read about configuring a system log.
Configuring System Log
Configuring System Log
[1]
Facility: Facilities are simply programs that can be configured to send notices to the system log. Common facilities include user, kern, mail, daemon, auth, lpr, news, uucp, and cron.
[2]
Severity: The severity level indicates the importance of a given message. The severity levels listed from most importance to least important are: emerg, alert, crit, err, warning, notice, info, debug, and none.