All proficient Linux users rely heavily on log files. These files are used to access information not only about the user’s operating system itself, but also the services and applications that run off of it. Log files may also be used for information about system security, troubleshooting and cron jobs. In this post we will be discussing log files using the popular Red Hat distribution.
Viewing Your Log Files
Usually, log files can be found in the /var/log/ directory. Certain applications may have their own directories within /var/log/ where the log files to those applications can be found. When viewing log files, many of the files can contain a timestamp that is appended to the title name. An example would be “cron-20150317,” with “20153017” representing the date on which a process was last completed.
Understanding and Managing “Rsyslogd”
There are some log files controlled by the “rsyslogd” daemon. In case any readers are unfamiliar with that terminology, daemon simply means “background process” as it describes a process that is running automatically instead of being controlled directly by a user. The “rsyslogd” is used to create filters, encrypt messages, support TCP or UDP protocols and, of course, as a part of many setting configurations. Remember here that rsyslog is compatible with sysklogd.
To view or manage the log files that are maintained by rsyslogd, the user can check the configuration file, /etc/rsyslog.conf. This is where the user will specify global directives, modules and rules. Comments may also be added here using a pound, or hash, sign (#). The rules added here will define criteria for both filter and action components. In a sense, these can be thought of as “if, then” commands.
The Importance of Log Rotation & Management
Log rotation is the function of managing how data is collected and recorded to keep files from becoming too large. These can be viewed and configured in the /etc/logrotate.conf file. This configuration file can be used to manage global options that are applied to every log file on a system. More specific configuration requirements may be assigned to specific log files as well.
Some of the parameters that a user may manage with the logrotate configuration file include how frequently logs are rotated (daily, weekly, monthly or yearly), file compression standards (nocompress, compresscmd, uncompresscmd, compressext, compressoptions and delaycompress) and several others.
Using Queues in Rsyslog
When using rsyslog, queues are used to deliver all content (primarily syslog messages) between its components. Queues allow the rsyslog to process several messages at the same time. They also enable the daemon to take action on these messages. Queue directives can be managed in the /etc/rsyslog.conf configuration file. The most common of these are direct queues, disk queues, in-memory queues and disk-assisted in-memory queues.
Monitoring Your Own Log Files
While there is much more to discuss in terms of reaching the full potential of Linux configuration, this post was meant to serve as a quick introduction to managing your own log files on Red Hat. For more information, view the official documentation for yourself and get started!