Presentation is loading. Please wait.

Presentation is loading. Please wait.

Syslog and log files1-1 Syslog and Log Files  From logfiles, you can find m important information m History m Errors/warnings  Logging policies m Reset.

Published byLinda Osborne Modified over 9 years ago

Similar presentations

Presentation on theme: "Syslog and log files1-1 Syslog and Log Files  From logfiles, you can find m important information m History m Errors/warnings  Logging policies m Reset."— Presentation transcript:

1 Syslog and log files1-1 Syslog and Log Files  From logfiles, you can find m important information m History m Errors/warnings  Logging policies m Reset log files at periodic intervals m Rotate log file m Compress and archive m Throw away

2 Syslog and log files1-2 Syslog and Log files  Where are the log files? m Random log names scattered across dirs/filesystems Two common places: –/var/adm –/var/log m To locate your log file: Read the man for individual daemons Read the system startup scripts Check syslog’s configuration file /etc/syslog.conf

3 Syslog and log files1-3 Logs (see P 208 for more) Fileprogramwherewhere freqfreq ownerowner contents messagesvariousSMROften the main system log file syslogvariousSMROften the main system log file shutdownlogshutdo wn SMRReasons for shutdown sulogsuHMRAuthorizations wtmp/wtmpxloginHMRConnect-time accounting Httpd/*_loghttpdFWRWeb Server Logs AcctkernelCDRSysV process accunting (binary)

4 Syslog and log files1-4 Syslog  Is a comprehensive logging system m Manage the information generated by the kernel the system utilities m Has two important function Liberate programmers Put administrators in control of logging m Very flexible Sort message by source, importance Route the message to –log file –users’ terminals, –Remote machines Thus, Centralize the logging for a network

5 Syslog and log files1-5 Example  Colossus m /var/adm/messages Kernel.notice – ufs quota auth.error – sshd pentential probe of service m /var/adm/sulog m /var/log/syslog m /var/log/authlog m /var/log/dmesg m /etc/syslog.conf  Wopr.csl.mtu.edu m /var/log/messages Lots of sshd messages m /etc/syslog.conf  Dafinn.cs.mtu.edu m Where is httpd log file? /etc/init.d/httpd /etc/httpd/conf –ServerRoot –ErrorLog –Symbolic links m Where is print log file? /etc/init.d/cups –/etc/cups/cupsd.conf –/var/log/cups

6 Syslog and log files1-6 Syslog  Syslog consists of three parts m The logging daemon: syslogd config file /etc/syslog.conf m Library routines: openlog et al. m User-level log submit command: logger  Syslogd m Is started at the boot time m Write the messages Reads message from special file /dev/log (or others depending on the system), then Consults with the configuration file, then Dispatches each message to the appropriate destination

7 Syslog and log files1-7 Syslog m Restart syslogd to make config change take effect truncate or rotate the log m Send a HUP signal # kill –HUP `/bin/cat /var/run/syslog.pid` m Configuring syslogd /etc/syslog.conf controls syslogd’s behavior The basic format is Selector action Selectors identify the program and message’s severity level with the format Facility:level Facility, level must be kernel ware names

8 Syslog and log files1-8 Syslog Valid facility names –Kern –User –mail –Daemon –Auth –Lpr –Cron –Syslog –Mark –local0-7 – ftp –… Valid levels (descending severity) – emerg – alert – crit – err – warning – notice – info – debug – none

9 Syslog and log files1-9 Syslog Selectors can be combined –Separated by semicolon ; –* to represent all facilities except mark Actions: –Filename –@hostname –@ipaddress –User1, user2, … –* Example: *.err;kern.debug;daemon.notice;mail.crit /var/adm/messages kern.notice /var/log/kern.notice *.alert;kern.err;daemon.err operator *.alert root

10 Syslog and log files1-10 Syslog  central logging host m Keep the log one place, easy to check. m Need a stable server What if netloghost is down? m The time stamp does not reflect the time on the originating host

11 Syslog and log files1-11 Using syslog from programs  Functions m Openlog m Syslog m Closelog  C calls void openlog(const char *ident, int option, int facility); void syslog(int priority, const char *format,...); void closelog(void);  Perl calls Use Sys::Syslog; Openlog(ident, logopt, facility) Syslog(priority, message, …) Closelog()

12 Syslog and log files1-12 Logger  Logger command m Create a log entry m Debug syslogd’s configuration file Example: –After a new line was added to syslog.conf Local5.warning/tmp/evi.log –Run $ logger –p local5.warning “test message” –To see if “test message” is written in /tmp/evi.log

13 Syslog and log files1-13 Log analyzer  Get the related info out of lines m Write up your own scripts Check for certain patterns Send email to you m Commonly used log postprocessors Swatch Logcheck  Couple of things to look for m Security-related messages m Disk full m Messages that are repeated many times

Download ppt "Syslog and log files1-1 Syslog and Log Files  From logfiles, you can find m important information m History m Errors/warnings  Logging policies m Reset."

Similar presentations

Managing logs with syslog-ng and SWATCH AfNOG 11, Kigali/Rwanda.

Managing logs with syslog-ng and SWATCH AfNOG 11, Kigali/Rwanda.
NetComm Wireless Logging Architecture Feature Spotlight.

NetComm Wireless Logging Architecture Feature Spotlight.
Xinwen Fu Linux Logging Mechanisms 91.580.203 Computer & Network Forensics.

Xinwen Fu Linux Logging Mechanisms Computer & Network Forensics.
Detecting Intruders from log files and traces Special Intruder Detection Systems (IDS) are now a market niche, and there are many products on the market.

Detecting Intruders from log files and traces Special Intruder Detection Systems (IDS) are now a market niche, and there are many products on the market.
CIS 193A – Lesson3 Vigilance! Logging & Monitoring Syslog Logrotate Logwatch Accounting.

CIS 193A – Lesson3 Vigilance! Logging & Monitoring Syslog Logrotate Logwatch Accounting.
Netprog: daemons and inetd1 Daemons & inetd Refs: Chapter 13.

Netprog: daemons and inetd1 Daemons & inetd Refs: Chapter 13.
2000 Copyrights, Danielle S. Lahmani UNIX Tools G22.2245-001, Fall 2000 Danielle S. Lahmani Lecture 12.

2000 Copyrights, Danielle S. Lahmani UNIX Tools G , Fall 2000 Danielle S. Lahmani Lecture 12.
Chapter 11 Syslog and Log Rotate. Computer Center, CS, NCTU 2 Log files  Execution information of each services sshd log files httpd log files ftpd log.

Chapter 11 Syslog and Log Rotate. Computer Center, CS, NCTU 2 Log files  Execution information of each services sshd log files httpd log files ftpd log.
Lesson 22 – Introduction to Linux Systems Administration.

Lesson 22 – Introduction to Linux Systems Administration.
Syslogd Tracking system events. Log servers Applications are constantly encountering events which should be recorded –users attempt to login with bad.

Syslogd Tracking system events. Log servers Applications are constantly encountering events which should be recorded –users attempt to login with bad.
Unix Network Programming Chapter 13: Daemon processes and the inetd superserver 22.4.2005 Jani Peusaari.

Unix Network Programming Chapter 13: Daemon processes and the inetd superserver Jani Peusaari.
Daemon Processes and inetd Superserver

Daemon Processes and inetd Superserver
Information Networking Security and Assurance Lab National Chung Cheng University Investigating Unix System.

Information Networking Security and Assurance Lab National Chung Cheng University Investigating Unix System.
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
Lecture 16: UNIX Forensics 6/26/2003 CSCE 590 Summer 2003.

Lecture 16: UNIX Forensics 6/26/2003 CSCE 590 Summer 2003.
Syslog and Log files Haiying Bao June 15, 1999. Outline Log files –What need to be logged –Logging policies –Finding log files Syslog: the system event.

Syslog and Log files Haiying Bao June 15, Outline Log files –What need to be logged –Logging policies –Finding log files Syslog: the system event.
CIT 470: Advanced Network and System AdministrationSlide #1 CIT 470: Advanced Network and System Administration Logging.

CIT 470: Advanced Network and System AdministrationSlide #1 CIT 470: Advanced Network and System Administration Logging.
NOC TOOLS syslog AfNOG 2009 - Cairo, SI-E, 2 of 5 Sunday Folayan.

NOC TOOLS syslog AfNOG Cairo, SI-E, 2 of 5 Sunday Folayan.
AfChix 2011 Blantyre, Malawi Log management. Log management and monitoring ■ What is log management and monitoring ? ● It's about keeping your logs in.

AfChix 2011 Blantyre, Malawi Log management. Log management and monitoring ■ What is log management and monitoring ? ● It's about keeping your logs in.
Services, logging, accounting Todd Kelley CST8177– Todd Kelley1.

Services, logging, accounting Todd Kelley CST8177– Todd Kelley1.

Similar presentations

Ads by Google