Unix/Linux Go Back    


SuSE SUSE Linux is a major operating system. The developer rights are owned by Novell, Inc.

Location and name of SYSLOG in SUSE Linux

SuSE


Closed    
 
Thread Tools Search this Thread Display Modes
    #1  
Old Unix and Linux 03-09-2015   -   Original Discussion by JDBA
JDBA's Unix or Linux Image
JDBA JDBA is offline
Registered User
 
Join Date: Apr 2014
Last Activity: 10 June 2015, 8:44 AM EDT
Location: College Park, MD
Posts: 20
Thanks: 2
Thanked 0 Times in 0 Posts
Location and name of SYSLOG in SUSE Linux

Esteemed listers,

Where is the location of SYSLOG file?

In etc/auditd.conf script, the log_file location is '/var/log/audit/audit.log' as below. Is this the location where SYSLOG is stored?

Thank you in advance,



log_file = /var/log/audit/audit.log
log_format = RAW
priority_boost = 3
flush = INCREMENTAL
freq = 20
num_logs = 4
dispatcher = /usr/sbin/audispd
disp_qos = lossy
max_log_file = 5
max_log_file_action = ROTATE
space_left = 75
space_left_action = SYSLOG
action_mail_acct = root
admin_space_left = 50
admin_space_left_action = SUSPEND
disk_full_action = SUSPEND
disk_error_action = SUSPEND
Sponsored Links
    #2  
Old Unix and Linux 03-09-2015   -   Original Discussion by JDBA
RudiC's Unix or Linux Image
RudiC RudiC is offline Forum Staff  
Moderator
 
Join Date: Jul 2012
Last Activity: 23 June 2018, 6:40 AM EDT
Location: Aachen, Germany
Posts: 12,922
Thanks: 429
Thanked 3,969 Times in 3,650 Posts
Have a look into /etc/*syslog.conf; name dependig on the syslog version used. Here, or in the included files, the log files are identified, like

Code:
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err   /var/log/messages
security.*                                      /var/log/security
auth.info;authpriv.info                         /var/log/auth.log
mail.info                                       /var/log/maillog

.
Sponsored Links
    #3  
Old Unix and Linux 03-09-2015   -   Original Discussion by JDBA
cjcox's Unix or Linux Image
cjcox cjcox is offline
Registered User
 
Join Date: May 2005
Last Activity: 27 June 2016, 2:12 PM EDT
Posts: 614
Thanks: 4
Thanked 110 Times in 107 Posts
On newer SUSE and openSUSE systems, they use systemd. You can install rsyslog and get a /var/log/messages file (for example) and/or the ability to send logs to a remote syslogger, etc...

It's one of the bigger gripes against systemd. It uses its own binary database to house logs. So normally you run a command, journalctl, (if you don't have rsyslog installed) to see the logs.
The Following User Says Thank You to cjcox For This Useful Post:
JDBA (03-10-2015)
    #4  
Old Unix and Linux 03-11-2015   -   Original Discussion by JDBA
JDBA's Unix or Linux Image
JDBA JDBA is offline
Registered User
 
Join Date: Apr 2014
Last Activity: 10 June 2015, 8:44 AM EDT
Location: College Park, MD
Posts: 20
Thanks: 2
Thanked 0 Times in 0 Posts
In /etc/auditd.conf script
  1. Does this option 'space_left_action = SYSLOG' send log messages to SYSLOG?

  2. Does this option 'space_left_action = EMAIL' send log messages to SYSLOG and email accounts specified?
Thanks,

---------- Post updated at 03:09 PM ---------- Previous update was at 02:56 PM ----------

I think I got the answers for these 2 questions.

---------- Post updated 03-11-15 at 12:19 PM ---------- Previous update was 03-10-15 at 03:09 PM ----------

When I restarted auditd I get a message saying 'exit status of parent...' as below. I expected to see 'Starting auditd' only. Is this normal?
Thanks,



Code:
 XXXXX:/#/etc/init.d/auditd restart
  
 Shutting down auditd
 Starting auditd startproc; exit status of parent of /sbin/auditd: 6

---------- Post updated at 03:09 PM ---------- Previous update was at 12:19 PM ----------

Found the answer.

Last edited by rbatte1; 03-11-2015 at 02:02 PM..
Sponsored Links
Closed

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes



All times are GMT -4. The time now is 11:51 AM.