Kernel Logging   «Prev  Next»

Lesson 8

Redhat Linux Logging Conclusion

Logfiles store information about the system's operation. Applications log debugging, warning, and error messages into Linux's centralized logging facility, which sends the message to the configured logfile. System administrators can completely configure the Linux system logging facility through the /etc/syslog.conf file.
Red Hat Linux provides tools to help administrators maintain and monitor their logfiles. The logrotate utility, which is turned on by default in Red Hat Linux, keeps logfiles to a reasonable size by frequently rotating them into backups. The logwatch utility helps administrators monitor their logfiles by tailoring the output to their needs.
In this module, you learned about Linux's logging capabilities and how to use them to identify system problems. You learned how to monitor system logs and what significant events to look for. You also learned to access recent kernel messages using the dmesg command.

Learning objectives

Having completed this module, you should be able to
  1. List logfiles for troubleshooting
  2. Display recent and old kernel messages
  3. Examine system logs' contents for significant events
  4. Configure the system log
  5. Describe the Red Hat Linux method for rotating logs
  6. Monitor logs with logwatch

Red Hat Reference

Glossary terms

This module introduced you to the following terms.
  1. Action: Actions make up the second part of an /etc/syslog.conf rule. They are associated with selectors and perform tasks such as log the message to a file, broadcast the message to all logged-in users, write the message to the system console, or transmit the message to remote logging daemons across the network.
  2. Console: The console is the terminal display.
  3. Facility: Facilities are simply programs that can be configured to send notices to the system log. Common facilities include user, kern, mail, daemon, auth, lpr, news, uucp, and cron.
  4. Kernel ring buffer: The kernel ring buffer is an area of kernel memory with fixed size that holds the kernel's log message.
    As the kernel logs messages, older logs are overwritten.
  5. Logfiles: Logfiles are files that store information about the system's operation.
  6. Rule: Every line in the /etc/syslog.conf file is called a rule. Rules map selectors to actions, which allows the Linux system logging facility to route messages of certain types to different locations.
  7. Selector: Selectors make up the first part of an /etc/syslog.conf rule. A facility and severity combine to form a selector. mail.warn is an example of a typical selector.
  8. Severity: The severity level indicates the importance of a given message. The severity levels listed from most importance to least important are: emerg, alert, crit, err, warning, notice, info, debug, and none.
The next module introduces you to basic troubleshooting techniques.

System Kernel Logging - Quiz

Before moving on to the next module, click the Quiz link below to check your understanding of system and kernel logging.
System Kernel Logging - Quiz