Location and name of SYSLOG in SUSE Linux

 
Thread Tools Search this Thread
Operating Systems Linux SuSE Location and name of SYSLOG in SUSE Linux
# 1  
Old 03-09-2015
Location and name of SYSLOG in SUSE Linux

Esteemed listers,

Where is the location of SYSLOG file?

In etc/auditd.conf script, the log_file location is '/var/log/audit/audit.log' as below. Is this the location where SYSLOG is stored?

Thank you in advance,



log_file = /var/log/audit/audit.log
log_format = RAW
priority_boost = 3
flush = INCREMENTAL
freq = 20
num_logs = 4
dispatcher = /usr/sbin/audispd
disp_qos = lossy
max_log_file = 5
max_log_file_action = ROTATE
space_left = 75
space_left_action = SYSLOG
action_mail_acct = root
admin_space_left = 50
admin_space_left_action = SUSPEND
disk_full_action = SUSPEND
disk_error_action = SUSPEND
# 2  
Old 03-09-2015
Have a look into /etc/*syslog.conf; name dependig on the syslog version used. Here, or in the included files, the log files are identified, like
Code:
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err   /var/log/messages
security.*                                      /var/log/security
auth.info;authpriv.info                         /var/log/auth.log
mail.info                                       /var/log/maillog

.
# 3  
Old 03-09-2015
On newer SUSE and openSUSE systems, they use systemd. You can install rsyslog and get a /var/log/messages file (for example) and/or the ability to send logs to a remote syslogger, etc...

It's one of the bigger gripes against systemd. It uses its own binary database to house logs. So normally you run a command, journalctl, (if you don't have rsyslog installed) to see the logs.
This User Gave Thanks to cjcox For This Post:
# 4  
Old 03-11-2015
In /etc/auditd.conf script
  1. Does this option 'space_left_action = SYSLOG' send log messages to SYSLOG?

  2. Does this option 'space_left_action = EMAIL' send log messages to SYSLOG and email accounts specified?
Thanks,

---------- Post updated at 03:09 PM ---------- Previous update was at 02:56 PM ----------

I think I got the answers for these 2 questions.

---------- Post updated 03-11-15 at 12:19 PM ---------- Previous update was 03-10-15 at 03:09 PM ----------

When I restarted auditd I get a message saying 'exit status of parent...' as below. I expected to see 'Starting auditd' only. Is this normal?
Thanks,

Code:
 XXXXX:/#/etc/init.d/auditd restart
  
 Shutting down auditd
 Starting auditd startproc; exit status of parent of /sbin/auditd: 6

---------- Post updated at 03:09 PM ---------- Previous update was at 12:19 PM ----------

Found the answer.

Last edited by rbatte1; 03-11-2015 at 03:02 PM..
Login or Register to Ask a Question

Previous Thread | Next Thread

3 More Discussions You Might Find Interesting

1. Linux

SUSE Linux

i'm new linux ... after reboot ...... my keyboard is notworking automatically boot ..... after few mins Waiting for mandatory devices: eth-id-00:10:a7:08:cb:4b 12 11 9 8 7 5 4 3 1 0 eth0 interface could not be set up failed Setting up service network . . . . . . . . . . . . . ... (2 Replies)
Discussion started by: coolboys
2 Replies

2. SuSE

Suse LINUX

What is the equivalent of sun explorer in suse linux? Thanks (1 Reply)
Discussion started by: hassan2
1 Replies

3. UNIX for Dummies Questions & Answers

suse linux 6.4-8.1

i need some help from somone familiar with suse linux. i am wanting to update my suse linux 6.4 box to suse linux 8.1. i am trying to do it with yast. and i want to do it via ftp. now, to do this the first thing i need to do is change my source media settings in yast, right now it is the cdrom.... (3 Replies)
Discussion started by: norsk hedensk
3 Replies
Login or Register to Ask a Question