Search This Blog

Sunday, February 20, 2011

Linux Log File Information.

The Best way to view log file is to use

#tail -f log_file_name

-f option helps to the changes online.

Boot log files:

You need to be super user to see these file contents.
This file contains log of processes that were started during the boot.
for example:NFS startup,print servers startup
Basically all the messages that you see during the boot processes such as
Starting up NFS service ok

You may see dmesg command for boot related information.

One of the major task of system administrator is to regularly check various log files.
So It is Very Important to know where your hosts keep their log files as the directory is different for different flavors of *nix.

Failed login attempts:

Following log file records failed login attempts to the system


Following line get added when xxx host tries to login with wrong login credentials of root.


Mail Logs:

All Mail Logs are stored in.


Log Rotate:

As log files grows in size .It is important to restrict their size limit.This can be done by a utility called logrotate.
:Important Files:
Here are the three important files used for log rotating.

1) /usr/sbin/logrotate : Original Log rotate command. Its a binary file and we can't see the contents inside it.

2) /etc/logrotate.conf : Configuration file used for logrotate .
Contents of files are as below.

# cat /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones

# uncomment this if you want your log files compressed

# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
minsize 1M
create 0664 root utmp
rotate 1

# system-specific logs may be also be configured here.

3) /etc/cron.daily/logrotate
By default logrotate script executed daily in cron.(This however a different file than binary logrotate we discussed )

content of logrotate file are as below.
# cat /etc/cron.daily/logrotate

/usr/sbin/logrotate /etc/logrotate.conf
if [ $EXITVALUE != 0 ]; then
/usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
exit 0

As you can see in /etc/cron.daily/logrotate each day binary /usr/sbin/logrotate is getting executed using /etc/logrotate.conf .

More information on Log rotate can be found very described in below article.

No comments:

Post a Comment