Manage System Logging in LINUX
Manage System Logging in LINUX
The working of Linux is completely different from other systems, as for logging.
You can tell the system what it should not log and where exactly it should log.
“The workhorse of the Linux logging system is the system logging daemon or syslogd. This daemon is normally started from the system start-up (rc) scripts when the system goes into run level 1. Once running, almost any part of the system, including applications, drivers, as well as other daemons can make log entries. There is even a command line interface so you can make entries from scripts or anywhere else.” (Linux knowledge….)
Syslogd can be configured to dispatch all of some of the messages to a remote machine, which takes possession of them and writes them to the relevant files. This means all the log messages of a particular type from all the machines in the network can be stored in one file. Accessing and administering those files becomes much easier. The additional advantage is, syslogd stores configuration information and log entries in text files.
“What is done and when it is done is determined by the syslogd configuration file, syslog.conf, which is usually in /etc. This is a typical Linux configuration file with one item (or rule) per line and comment lines begin with a pound-sign (#). Each rule consists of selector portion, which determines the events to react to and the action portion, which determines what is to be done.” (Linux Knowledge….)
The Linux syslogd has added a couple of functions that are not available in other versions of UNIX. By preceding a priority with an equal-sign (=), you tell syslogd only to react to that one priority. This is useful since syslogd normally reacts to everything with that priority and higher. One place where this is useful is when you want all debugging messages to be logged to a specific file, but everything logged to another file.
An important but common issue is that what to do with a large number of log messages.
With lot of logging, when everything is sent to a central server, file system gets filled faster than its normal capacity. It is, therefore prudent to remove them, when after a specific length of time or when they reach a particular size.It is a fairly simple matter to write a shell script that is started from cron, which looks at the log files and takes specific actions. The nice thing is that you do not have to. Linux provides this functionality for you in the form of the logrotate command.
“Unlike other UNIX dialects, the Linux cron daemon does not sleep until the next cron job is ready. Instead, when cron completes one job, it will keep checking once a minute for more jobs to run. Also, you should not edit the files directly. You can edit them with a text editor like vi, though there is the potential for messing things up. Therefore, you should use the tool that Linux provides: crontab.The crontab utility has several functions. It is the means by which files containing the cron jobs are submitted to the system. Second, it can list the contents of your crontab. If you are root, it can also submit and list jobs for any user. The problem is that jobs cannot be submitted individually. Using crontab, you must submit all of the jobs at the same time.” (Linux Knowledge…)
In a multi-user system like Linux, you should expect to find other users on your system. Although there are many built-in mechanisms to keep users separated, sometimes you will want to communicate with other users. Linux provides several tools to do this, depending on exactly what you want to accomplish. If you simply wish to send a quick message to someone, for example, to remind him or her of a meeting, you might use the write program, which sends (writes) a message to his or her terminal.
In Linux, e-mail is accessed through the mail command. Depending on your system, the mail program may be linked to something else.
Any operating system closely works with the hardware system, which is the foundation. Certain services required by the operating system can only be provided by the hardware. To understand the basics of the Linux operating system, you need to possess the knowledge of underlying hardware system. . In the early 1990’s, when Linus Torvalds started writing what was to become Linux, he picked the most plentiful and not so costly hardware, an Intel 80386 PC.
“Central Log Management System is a simple web based logging system which allows logging all syslog messages from various Network Devices, Unix, Linux, Solaris and Windows Servers. This allows the visibility of logs from all these devices in one single interface….
Imagine that eth0 is your internet interface and you want 192.168.0.102 as your local ip address. Change the /etc/network/interface file and save it.
iface eth0 inet static
You need to modify it for your own needs.
mkdir /logs (let’s make a directory for our logs) Modify /etc/syslog.conf and add the next rule if you really would like to log everything: (don’t forget to save it) *.* /logs/logger.log
It’s possible you’re only interested in some of the following things:
auth – authentication (login) messages
cron – messages from the memory-resident scheduler
daemon – messages from resident daemons
kern – kernel messages
lpr – printer messages
mail – messages from Sendmail
user – messages from user-initiated processes/apps
local0-local7 – user-defined (see below)
syslog – messages from the syslog process itself
0 – Emergency (emerg)
1 – Alerts (alert)
2 – Critical (crit)
3 – Errors (err)
4 – Warnings (warn)
5 – Notification (notice)
6 – Information (info)
7 – Debug (debug)
When you like to log everything from auth, cron, lpr error and only syslogs warnings then you have to add next lines to /etc/syslog.conf
Now modify /etc/init.d/ksyslogd with your favourite editor and do the next:
SYSLOGD=”” Change this line by the next line and save:
Restart networking again: /etc/init.d/networking restart
Install Apache2 and stuff:
Apt-get installs apache2 php5 libapache2-mod-php5 mysql-server mysql-client
Check cat /etc/hostname, and the hostname that you are seeing here you have to
place in your /etc/hosts file, together with your local static ip address. /etc/hosts:
192.168.0.102 myhostname Don’t forget to change the above to your own needs! I decided to host on Port 8070, my ISP (Telenet Belgium) has blocked all ports under 1024. Modify /etc/apache2/ports.conf: (Listen 80 must be replaced by Listen 8070)
If you are behind a NAT, don’t forget to open this port on your router.
Now we’re going to install our virtual hosts. cd /etc/apache2/sites-available
Now edit your myname.homelinux.com file with your favorite editor and make sure it looks like this:
ServerAdmin [email protected]
Ok, now we’re going to etc/apache2/sites-enabled
ln -s /etc/apache2/sites-available/myname.homelinux.com myname.homelinux.com This symbolic link (ln -s) is absolutely necessary. Ok, now we’re going to our logs directory and we place there an index.php file cd /logs
Modify index.php now with your favorite editor. This is how it should look like:
Restart apache: /etc/init.d/apache2 force-reload
Ok, go to www.dyndns.com and www.whatsmyip.org (memorize your ip)
And on dyndns you registrate yourself, you log in, then click DNS services ->
Dynamic DNS -> Add Host -> and you registrate myname.homelinux.com.
Mention your remote IP (what you saw at whatsmyip.org at the ip line)
If you visit now your myname.homelinux.com/:8070 webpage you will be able to see your syslogs!
4) Only I want to see the log files (by using an .htacces file)
Now we take measures: Only you will have the possibility to see your syslogs.
cd /logs (Yes we go again to the /logs directory)
Touch .htaccess (We’ll make an .htaccess file)
Modify .htaccess with your favorite editor. This is how your .htaccess file should look like:
AuthName ‘Access is limited here’
cd /root (go to the /root directory)
htpasswd -c .htpasswd webmaster (let’s make a valid account)
Now modify the /etc/apache2/sites-available/default file with your favorite editor:
Options Indexes FollowSymLinks MultiViews
Allow from all
# Uncomment this directive is you want to see apache2’s
# default start page (in /apache2-default) when you go to /
#RedirectMatch ^/$ /apache2-default/
This AllowOverride all tells apache2 it has to deal with a .htaccess file.
Restart apache2 again: /etc/init.d/apache2 force-reload
Go to your site now, you’ll have to give a password that you’ve specified.
Now you have a syslog server that’s using the virtual host technique on apache2. And only you is able to read the information, caused by the .htaccess file.” (Linux.com….)
“The majority of Linux distributions uses the good old syslogd system logger by default, which is based on the original 4.3BSD syslogd daemon. Syslogd is a fine system logger, but it lacks some advanced features modern alternatives offer. We will use syslog-ng instead, which provides all the functionality of the traditional syslogd along with some nice enhancements. Among others, it provides powerful filtering capabilities based on message content, and can also be used in a fire walled environment without problems.” (Linux.com: Build …)
Linux Knowledge Base and Tutorial….
<www.linux-tutorial.info/modules.php?name=MContent&pageid=56 – 27k –>Retrieved on October 20, 2008
Linux.com: Central Log Management System
<www.linux.com/feed/119089 – 26k ->–Retrieved on October 20, 2008
Linux.com: Build a centralized log management and monitoring system7…
<www.linux.com/feature/57220 – 37k -> Retrieved on October 20, 2008