Log files

As we explained in the previous section, another important task for the System Administrator is to verify that the system runs efficiently, guaranteeing us that all the services are ready to be used.

Since the beginning Unix has includedd some daemons that run on the system continuously to control what happens on the system. In fact, the name login means exactly "start the log process - log into the system" and "logout" end of the log process that writes in a file, the "log file", all the user operations.

These files in UNIX were encrypted using a complex algorithm that was different for each variant of UNIX. In Linux these log files are written so that any person can understand them, without any strange decompressing procedure, but in real time to know what happens.

RedHat implements two daemons by default: "syslogd" and "klogd" as we see in the boot process.

Look, they are running now!

[root@heaven /etc]# ps ax | grep gd
  373  ?  S    0:00 syslogd
  377  ?  S    0:00 klogd -k /boot/System.map-2.0.35
[root@heaven /etc]#

The configuration file for syslogd is in the "/etc" directory. It's the file "syslog.conf" :

bash# more syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;news.none;authpriv.none                                /var/log/
messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  /var/log/maillog

# Everybody gets emergency messages, plus log them on another
# machine.
*.emerg                                                 *

# Save mail and news errors of level err and higher in a
# special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

#
# INN
#
news.=crit                                        /var/log/news/news.crit
news.=err                                         /var/log/news/news.err
news.notice                                       /var/log/news/news.notice
 

As we see, the default messages are "logged" in the file "/var/log/messages" and other messages of secondary importance are logged in the files "/var/log/maillog", "/var/log/news/news.notice" and "/var/log/spooler" respectively.

In fact, in the file "messages" we find the boot messages, the phone numbers that are calling your company if the caller has a phone ID and you are using an ISDN line, the messages at any new init level, including reboot (init 6); in other words all messages.

Using this file, we can write scripts for obtaining various information like, for example, when the last system shutdown occurred:

[root@heaven Shells]# more ./lastshutdown
cat /var/log/messages | grep "syslogd: exiting on signal 15" | tail -1 | awk '{print "The last shutdown or reboot was on: "$1 $2 " at: " $3}'

[root@heaven Shells]# !$
./lastshutdown
The last shutdown or reboot was on: Dec2 at: 20:36:19
[root@heaven Shells]#

It's also possible to write a program in Tcl/Tk that shows the callers' phone numbers and therefore find out what they were doing on the system.

In the syslog.conf file, we find that kernel messages are not activated, so they will not be printed on the console.

To activate or display these messages just remove  the comment before the line :

#kern.*                                                 /dev/console

and reboot the machine and start up the machine again or do the command:

[root@heaven /root]#/etc/rc.d/init.d/syslog reload

In fact, some boot scripts also include the parameter "reload", equivalent to stop and start of a service.

This a list of the scripts that include this feature:

[root@heaven init.d]# f "reload)" *
cron:38: reload)
logoutd:38:#reload)
lpd:42: reload)
mta:48: reload)
skeleton:41:#reload)
syslog:44: reload)
[root@heaven init.d]#

Once the comment is removed, the boot messages will be more accurate we will have more information on the system concerning all operations at any time.

Therefore, with these log files the System Administrator can manage the control level of the system or of a particular service by checking if something isn't working properly and applying the necessary corrections.

The "/var" directory

The "/var" directory includes files that reflect some actual configurations like the boot messages, special files included by other vendors and spool files, e.g. the files created by printer jobs, faxes (either received or sent), in other words this is a directory for a special variable use.

Under the directory "/var" we have only these subdirectories :

[root@heaven /var]# l
./         ../        adm/       catman/    lib/       local/     lock/      log/       named/
nis/       preserve/  run/       spool/     state/     tmp/       xig/
[root@heaven /var]#

For example, we observe that in "adm" we have the files for Accelerated-X :

[root@heaven adm]# pwd
/var/adm
[root@heaven adm]# more X0m* | grep -v Serial
Xaccel 4.1 (build 4100,AX) Accelerated-X (tm) Display Server
Copyright (c) 1993-97 by Xi Graphics, Inc.
All Rights Reserved
Unpublished -- Rights reserved under the Copyright Laws of the United States

User:          Dr. Giovanni A. Orlando
Organisation:  Future Technologies

Configuration file: /etc/Xaccel.ini
LINUX using /dev/tty7

VGA,1: VGA (256k, [25.175,28.322MHz])
[root@heaven adm]#

Another important directory is "/var/lib", which includes various files that reflect the current system configuration.

In the directory "/var/lib/dosemu" we have the images DR-DOS loaded by "dosemu" :

[root@heaven dosemu]# pwd
/var/lib/dosemu
[root@heaven dosemu]# ll
total 9293
-rw-r--r--   1 root     root      1474560 Aug 22 15:03 floppy.od
-rw-r--r--   1 root     root       264320 Aug 19 13:45 hdimage
-rw-r--r--   1 root     root      7735936 Aug 22 15:03 hdimage.od
[root@heaven dosemu]#

In the directory "/var/lib/rpm" we have all the files relative to the RPM DataBase applications installed with the program :

[root@heaven rpm]# pwd
/var/lib/rpm
[root@heaven rpm]# ll
total 6691
-rw-r--r--   1 root     root        16384 Dec  3 08:10 conflictsindex.rpm
-rw-r--r--   1 root     root      2621440 Dec  3 08:10 fileindex.rpm
-rw-r--r--   1 root     root        16384 Dec  3 08:10 groupindex.rpm
-rw-r--r--   1 root     root        16384 Dec  3 08:10 nameindex.rpm
-rw-r--r--   1 root     root      4637320 Dec  3 08:10 packages.rpm
-rw-r--r--   1 root     root        16384 Dec  3 08:10 providesindex.rpm
-rw-r--r--   1 root     root        24576 Dec  3 08:10 requiredby.rpm
-rw-r--r--   1 root     root        16384 Dec  3 08:10 triggerindex.rpm
[root@heaven rpm]#

In the directory "/var/run" we have the files that contain the Process ID of the log files that are running in the system:

[root@heaven run]# pwd
/var/run
[root@heaven run]# more syslogd.pid
373
[root@heaven run]# more klogd.pid
377
[root@heaven run]# ps ax | grep gd | fgrep -v 'grep'
  373  ?  S    0:00 syslogd
  377  ?  S    0:00 klogd -k /boot/System.map-2.0.35
[root@heaven run]#

In the directory "/var/spool" we find all the files generated by the printer jobs, internal or remote mail, received or sent faxes and also other services :

[root@heaven spool]# pwd
/var/spool
[root@heaven spool]# l
./           ../          atjobs/      atspool/     cron/        fax/         lpd/         mail/
mqueue/      news/        samba/       uucp/        uucppublic/  voice/
[root@heaven spool]#

Printer jobs were explained in Chapter 14. Mail was explained in Chapters 7, 9 and 10 while fax will be explained in Chapter 22.

The setup of time scheduling with the commands "cron" and "at" will be explained in the next section.

The other directories are not important for an introductory BASE course.

Press the button to go to the next section.