/var/log
 

I find that within the /var/log folder it periodically creates the following files ksyms.0, ksyms.1, ksyms.2, etc. What are these files?

I also noticed going through my messages file that /var/log/wtmp changed mode from 664 to 600? Why is this so?

well, the .0 or .1 files are old logs that are rotated. All your log files should be 600 for security reasons.

Archite,

Thank you however what is the difference between syslog, messages and ksyms.0, etc? They can't be logging the same events.

Logfiles are somewhat distro specific I've found ... you should check your /etc/syslog.conf to see exactly what's being logged where. On many distros, messages logs everything except user authentication logging, which is handled by secure. I think ksyms may have something to do with the kernel, but I'm not totally sure. Most distros don't use syslog (Slackware being the one exception I can think of). In any case, you can view your logging setup in the aforementioned /etc/syslog.conf and change it if you don't like the way things are set up.

btmiller,

I don't mind the way things are setup but it helps to know what each file does before I blindly change any settings. I am aware logging differs from distribution to distribution however would you be able to advice what is common between most distributions?

The one thing that is basically the same in all is that log files are in /var/log. Anything else can be fair game.

Thank you all for your help

sorry. I wish that I could help you more. Send a few lines of output from that log file in question and maybe we can figure out what it is.

Archite,

Thanks, I did to a degree find out what each file does. I just went through them comparing one another although it remains vague to me which "software" writes to messages, secure, user.log, kysms.0[etc]. Would you have any idea?

Read the man page for ksyms.

stickman,

Thanks for the point of reference. Would you however know which "software" creates those logs? I'm guessing at this stage syslogd.

Look in rc.sysinit.

stickman,

what do I look for within the rc.sysinit file?

I think the obvious thing would be ksyms...

stickman,

Of course but saying that syslogd nor /etc/syslog.conf have any reference to ksyms.0, etc. Also the man pages on ksyms seems very arbitrary (to me at least since I'm relatively new to the world of Linux)