LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-13-2005, 11:55 AM   #1
ksun
Member
 
Registered: Sep 2003
Posts: 52

Rep: Reputation: 15
logs and messages


Hey everyone, thanks in advance for the help.

I want to know more about what is going on on my system. I don't currently have a problem, but I want to have a cheat-sheet for when I do in the future.

Can anyone chip in and tell me the best places to check for your basic info a person might want to know when troubleshooting, from log files and other places?

I'll start with what I do know ...

/var/log - Has some self explanitory logs
dmesg - displays messages from the kernel


Others?
 
Old 01-13-2005, 12:31 PM   #2
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387
Hi,

A bit of a general question for such a big subject

Ok, here are my 2 cents worth:

- /var/log is indeed a good place to look. Do make sure that all the relevant information is logged. Take a look at: /etc/syslog.conf. It's kinda hard (and personal) to tell how you have to set this up. I do have one pointer: Log all messages to one file, regardless of all the other entries. Something like the following logs all messages to /var/log/allmessages:
*.* -/var/log/allmessages
Do remember to restart syslogd (kill -SIGHUP <PID>)

- User related:
who / w => who's on your box atm.
last / lastlog => who's been on your box when.

- Network related info:
ifconfig
route
netstat
lsof (not only for network related stuff, great tool!)

- hardware related:
lspci
lsusb
sar
e2fsck

There's a lot more, these came to mind first.

PS: Do read the manpages before using these programs/tools!!

Hope this helps.
 
Old 01-13-2005, 01:03 PM   #3
ksun
Member
 
Registered: Sep 2003
Posts: 52

Original Poster
Rep: Reputation: 15
Thanks, great info. I know how to use most of these utils but didn't necessarily think to use their info for logging, but I suppose I could write a script to poll that information.

Any other logs?
 
Old 01-18-2005, 12:49 PM   #4
ksun
Member
 
Registered: Sep 2003
Posts: 52

Original Poster
Rep: Reputation: 15
Sorry to re-post (not trying just to bump) but I have a more specific question:

In windoze there are the System and the Application logs. I would equate dmesg messages to the system log, and I want to know if there is a log that captures errors caused by applications.

I understand that applications can have logs, and you can redirect standard error for any command, but I didn't know if there was a place that would log when commands are interrupted.

Thanks in advance.
 
Old 01-18-2005, 05:24 PM   #5
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Quote:
Originally posted by ksun
Sorry to re-post (not trying just to bump) but I have a more specific question:

In windoze there are the System and the Application logs. I would equate dmesg messages to the system log, and I want to know if there is a log that captures errors caused by applications.
Not quite ... dmesg holds the kernel message buffer. I'd
define things in /var/log/* as the system log.

In terms of applications: there's no standard interface
to log that kind of info away, some gnome applications
will (stupidly, or at least I think it is) log to /var/log/messages
via gconfd... other apps will output info on how they're
doing to stdout (which you will never see if you invoke
them via icon or some menu). Many X apps will drop
info into ~/.xsession-errors

Quote:
I understand that applications can have logs, and you can redirect standard error for any command, but I didn't know if there was a place that would log when commands are interrupted.
See above - there's no generic place for that kind of
info, and if you wanted to implement it yourself you'd
have to intercept key-strokes in bash, associate things
like Ctrl-D with the previously entered command-line
and thus basically log the entire session.



Cheers,
Tink
 
Old 01-18-2005, 07:59 PM   #6
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,254

Rep: Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328
Loosely speaking, it goes like this:

/var/log/dmesg - boot up log
/var/log/messages - system services which don't have a private log
/var/log/xx - service xx has it's own log (which may be copied to the above)
/somedir/someprog.log - prog has its own log elsewhere, frequently in a
sub-dir of the exe dir

As noted above, if you can't find them using this guide, you'll have to RTFM/google and/or try something like this:
find / -name 'progname*'

HTH

Last edited by chrism01; 01-18-2005 at 08:01 PM.
 
Old 01-19-2005, 06:08 AM   #7
Kanon
Member
 
Registered: Sep 2004
Location: Norge
Distribution: Debian
Posts: 116

Rep: Reputation: 15
Quote:
Originally posted by druuna

Ok, here are my 2 cents worth:

- /var/log is indeed a good place to look. Do make sure that all the relevant information is logged. Take a look at: /etc/syslog.conf. It's kinda hard (and personal) to tell how you have to set this up. I do have one pointer: Log all messages to one file, regardless of all the other entries.
I like this idea too, but there are a security risk. If you have every thing log to one file its easy to setup an DoS attack where your syslog, disk space, bandwith, well the hole system is at great risk.

You might want to consider to get this book: ISBN: 0072230207 Page 16 bottom part.

Last edited by Kanon; 01-21-2005 at 08:20 PM.
 
Old 01-19-2005, 08:30 AM   #8
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387
Hi,

About security:

Even if you use multiple log files your system is at the same risk.

I cannot find (google) the isbn number your are revering to, so I cannot comment on what's on page 16.

Setting up your box as secure as possible and keeping it up-to-date with the available security related patches is always a good thing. But even if you have implemented all the patches you are not 100% sure your box is save......

About the syslogd logfiles:

Personally I have set up a rather extensive logging scheme.
- There's one file that holds all the generated messages (used by me and by logchecker).
- Every (major) facility and priorities have seperate logfile. I.e.: kernel.0.log -> kernel.7.log for the kern facility and auth.0.log -> auth.7.log for security/authorization etc etc.

I've also made sure that logfiles are only readable by root (or the user the facility belongs to).

Bottom line: The amount of logfiles do not make your box more/less secure (if setup correctly), it does give you the information you need if something goes wrong.
 
Old 01-21-2005, 08:22 PM   #9
Kanon
Member
 
Registered: Sep 2004
Location: Norge
Distribution: Debian
Posts: 116

Rep: Reputation: 15
Obs.. fixed the ISBN number.
BTW great book to start off checking ones own server.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Console error/warning messages not in logs sixerjman Linux - Software 7 11-08-2005 09:16 AM
ndiswrapper kernel messages filling my logs... TOO MUCH! jkassemi Linux - Wireless Networking 4 11-08-2005 03:12 AM
strange logs in /var/log/messages dominant Linux - Security 1 04-21-2004 01:12 PM
Separate firewall logs and general logs dominant Linux - General 3 04-20-2004 02:26 AM
Strange messages in system logs BajaNick Linux - Security 3 09-15-2003 11:52 PM


All times are GMT -5. The time now is 06:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration