How to enable syslog logging.


Trivia Category: Science: Computers
Difficulty: Medium
All program codes have to be compiled into an executable file in order to be run. This file can then be executed on any machine.
True or False?

 
Thread Tools Search this Thread
# 1  
How to enable syslog logging.

Hi,

my question is probably quite easy. On one linux machine I have messages being constantly being written to /var/log/messages. An ntpd message comes in every few seconds. I can see new ones with tail messages. On the other machine there seems to be no messages arriving in /var/log/messages. I can do a "logger 'hello world' " on both of them and it is written to the messages file. syslogd and klogd are running on both machines. It's just that the second machine doesn't seem to be receiving any messages.
# 2  
Syslog is configured in /etc/syslog.conf.

Basically, there are three things to configure:
  • facilities are the subsystems which generate the messages. There are, for instance "auth", "cron", "mail", etc.. The messages they generate are classified in
  • priorities. Priorities denote the "severity" of an event a message tells about. This starts with "emerg" for emergency conditions and goes over "crit", "err", etc. down to "debug". Every lower class contains all the messages from the higher class plus some of its own. Once such a message is generated it triggers an
  • action. This can be a file name, then the message is stored there. It could also be a remote machine, which would then handle the message (store it, or some other action). It could also be a "list of users", which would then get a mail with the message as text or a terminal, which will display the messages then - even without anybody being logged on there.

Every line in syslog.conf describes a facility/priority-combination and an action to start in case such a message is encountered. Notice, that priorities are inclusive: if you configure an action for "somefacility.warning" the action will be started for messages of the type "somefacility.err", "somefacility.crit", "somefacility.alert" and "somefacility.emerg" too.

It is also possible to use placeholders to specifiy the same rule for every facility (or some of them) at once.

See the man page of syslog.conf and probably sysklogd.conf for details.

I hope this helps.

bakunin
# 3  
Thanks bakunin,

But the syslogd.conf file is the exact same on both machines and both machines are running the syslogd daemon as syslogd -m 0.

One machine gets constant messages written to the messages file, the other gets pretty much nothing. it has regular bursts of messages then they just stop when the audit daemon rotates the log files:

Jul 18 11:31:41 rtpclabpcrfl41 avahi-daemon[8761]: Registering new address record for 172.26.100.63 on eth1.
Jul 18 11:31:41 rtpclabpcrfl41 avahi-daemon[8761]: Withdrawing address record for 172.26.100.63 on eth1.
Jul 18 11:31:41 rtpclabpcrfl41 avahi-daemon[8761]: Registering new address record for 172.26.100.63 on eth1.
Jul 18 11:31:41 rtpclabpcrfl41 avahi-daemon[8761]: Withdrawing address record for 172.26.100.63 on eth1.
Jul 18 11:31:42 rtpclabpcrfl41 avahi-daemon[8761]: Registering new address record for 172.26.100.63 on eth1.
Jul 18 16:48:54 rtpclabpcrfl41 avahi-daemon[8761]: Withdrawing address record for 172.26.100.67 on eth1.
Jul 19 03:50:19 rtpclabpcrfl41 auditd[7157]: Audit daemon rotating log files
Jul 20 06:19:33 rtpclabpcrfl41 root: System rebooted for hard disk upgrade
Jul 20 06:20:05 rtpclabpcrfl41 root: System rebooted for hard disk upgrade



The "system reboot" messages are just test messages I sent via logger.
# 4  
Quote:
Originally Posted by jackiebaron
Jul 18 11:31:41 rtpclabpcrfl41 avahi-daemon[8761]: Registering new address record for 172.26.100.63 on eth1.
Jul 18 11:31:41 rtpclabpcrfl41 avahi-daemon[8761]: Withdrawing address record for 172.26.100.63 on eth1.
Jul 18 11:31:41 rtpclabpcrfl41 avahi-daemon[8761]: Registering new address record for 172.26.100.63 on eth1.
Jul 18 11:31:41 rtpclabpcrfl41 avahi-daemon[8761]: Withdrawing address record for 172.26.100.63 on eth1.
Jul 18 11:31:42 rtpclabpcrfl41 avahi-daemon[8761]: Registering new address record for 172.26.100.63 on eth1.
Jul 18 16:48:54 rtpclabpcrfl41 avahi-daemon[8761]: Withdrawing address record for 172.26.100.67 on eth1.
To me this looks like something in Avahi has gone awry. Syslog is just the place where that condition is showing.

Avahi is a network discovery service, which polls for printers and similar devices. If you don't have a laptop or a very rapidly-changing network environment you probably should disable it altogether.

I hope this helps.

bakunin
 

Previous Thread | Next Thread
Thread Tools Search this Thread
Search this Thread:
Advanced Search

10 More Discussions You Might Find Interesting

1. AIX

How could I enable logging of bind 9 forwarders messages?

How could I enable logging of bind 9 forwarders messages? I have the following but forwarded requests do not show up in the logs even when running named in debug 10 mode: logging { channel syslog_errors { // this channel will send errors or ... (0 Replies)
Discussion started by: Devyn
0 Replies

2. Linux

Syslog not logging successful logging while unlocking server's console

When unlocking a Linux server's console there's no event indicating successful logging Is there a way I can fix this ? I have the following in my rsyslog.conf auth.info /var/log/secure authpriv.info /var/log/secure (1 Reply)
Discussion started by: walterthered
1 Replies

3. Shell Programming and Scripting

Enable logging from within the shell script

Bash on Oracle Linux 6.3 I have a shell script whose output I want to redict to a log file. So, I can simply redirect the output as shown below. # cat myscript.sh #### I actually want some logging mechanism here which will redirect the output to a log file echo 'hello world' #... (3 Replies)
Discussion started by: John K
3 Replies

4. UNIX for Dummies Questions & Answers

Why cant I use enable command

Why can I not use the enable command? *sofiazoe* (2 Replies)
Discussion started by: anglenasalt
2 Replies

5. Fedora

Enable a Key

Hi team, Print Screen key is disabled in my machine. How can i enable it?? How do i do that via command line?? Or tell me in GUI.. Am using Linux Fedora 14 OS. (2 Replies)
Discussion started by: Adhi
2 Replies

6. Solaris

How to enable logging in Solaris 10?

hi all, i want to log every thing happen in my server is any body can provide me with articals, pdf's is that correct to log every thing in the system what is the most important thing i should i log it (4 Replies)
Discussion started by: corvinusbsd
4 Replies

7. Post Here to Contact Site Administrators and Moderators

Constant Logging In (After Logging Out)

Hi Everyone. First, I want to thank all of you for letting me participate in this great group. I am having a bit of a problem. After I get an email from a responder, I login to make my reply. In the mean time I get another response by email from another member, I go to reply to them and I... (6 Replies)
Discussion started by: Ccccc
6 Replies

8. AIX

How to enable XDMCP?

Hello everyone, I installed AIX the other day (several times!) but I can't get XDMCP to work. I remember from when I installed it the last time it worked out of the box. So why doesn't it work now? This is the error message I get: XDMCP fatal error: Session failed Session 2 failed for... (3 Replies)
Discussion started by: Kotzkroete
3 Replies

9. UNIX and Linux Applications

how do i enable messaging

hi guyz i work as a system administrator for some organization(am a newbie). one of the solaris machines is loaded with the messenger server...all configured by a former administrator. my task was to create user accounts for the mail and calendar services and as i checked its not working .....i... (0 Replies)
Discussion started by: henokia4j
0 Replies

10. Solaris

editing syslog to stop a particular daemon logging

Hi there I get the following message im my messages file 2 or 3 times a second Dec 4 11:44:18 my-box in.timed: connect from localhost I would like to stop in.timed from logging to syslog altogether as this message is filling up my disk. I dont want to stop daemon.info altogether... (0 Replies)
Discussion started by: hcclnoodles
0 Replies

Featured Tech Videos