Troubleshooting Linux using syslog.conf

Posted in Linux,Technical by linuxsolutions on January 11th, 2008

Different Linux packages have their own configuration files for Linux network configuration and troubleshooting. Due to this reason Linux system administration becomes daunting. However most of Linux applications use syslog utility for handling errors and status messages for the files stored in /var/log directory path. Linux troubleshooting for each Linux core like fedora, redhat and ubuntu etc becomes easy using syslog file. It is very useful to know that all applications do not display errors and status messages on computer screen. Linux log server contains Linux syslog file and logrotate utility makes it easier handle computer network troubleshooting same like windows network troubleshooting.
The error messages in syslog could be very helpful in finding malfunctions in the products manuals, items manuals and web searchers documentation. The both syslog and logrotate files relatively easy to configure but it needs some special skills to troubleshoot all Linux applications of which information is included in each Linux system syslog file. Syslog utility is used for tracking and handling all error messages which are critical in Linux system syslog server.
An error message contains tow information first function information which has generated it like applications such as mail and cron which could be identified easily and second is degree of severity of that error message. There are eight messages which could display in syslog file are listed below. Syslog’s configuration file like /etc/syslog.conf could be configured by placing all different facilities.
Table: Syslog facilities details
Severity Level Keyword Description
0 emergencies System not usable
1 alerts Action required immediately
2 critical Critical condition
3 errors Error conditions
4 warnings Warning conditions
5 notifications Significant and Normal conditions
6 informational messages with information
7 debugging Debugging messages

The /etc/syslog.conf File

Each type of message is written to syslog configuration file /etc/syslog.conf and this file contains two columns. First column contains facilities included in syslog and second column contains description of each keyword in syslog file. Redhat and Fedora /etc/syslog.conf file is configured to store all messages in file /var/log/messages like
*info;mail.none;authpriv.nono;cron.none /var/log/messages
In this message all info messages are logged in syslog without mail, cron or facilities. This logging could be more insightful by replacing this line and debug severity and /var/log/messages file. Here is a example
*.debug /var/log/messages

All syslog debug messages excluding auth,news,mail and authpriv are logged to /var/log/ debug file. You can however change configuration syntax in several lines by using slash () at the end of every line. Here is example
news.none;mail.none -/var/log/debug
/var/log/ messages files is configured to store only info and warning messages only excluding news,mail,auth and authpriv facilites like
auth.arhtpriv.none; -/var/log/messages

There are specific type of messages sent to the screen for all users logged in. File definition is normally replaced using an asterisk like
*.emerg 8

Some specific applications can log to have their own application log files and independent syslog.conf files. Here is example of these files and directories and using them you can make syslog analysis and handle errors.
/var/log/maillog : Mail information
/var/log/httpd/access_log : Apache web server page access logs

/var/log/samba : Samba messages
/var/log/mrtg : MRTG messages
/var/log/httpd : Apache webserver messages
Restart syslog.conf using this command.

[root@linux-server tmp]# service syslog restart

To restart syslog in Ubuntu:

root@u-linux-server:~# /etc/init.d/sysklogd restart

Leave a Comment