Manage Linux Essay

                                     Manage System Logging in LINUX

Manage System Logging in LINUX


     The working of Linux is completely different from other systems, as for logging.

You can tell the system what it should not log and where exactly it should log.

“The workhorse of the Linux logging system is the system logging daemon or syslogd. This daemon is normally started from the system start-up (rc) scripts when the system goes into run level 1. Once running, almost any part of the system, including applications, drivers, as well as other daemons can make log entries. There is even a command line interface so you can make entries from scripts or anywhere else.” (Linux knowledge….)

Syslogd can be configured to dispatch all of some of the messages to a remote machine, which takes possession of them and writes them to the relevant files. This means all the log messages of a particular type from all the machines in the network can be stored in one file. Accessing and administering those files becomes much easier. The additional advantage is, syslogd stores configuration information and log entries in text files.

Configuring syslogd

     “What is done and when it is done is determined by the syslogd configuration file, syslog.conf, which is usually in /etc. This is a typical Linux configuration file with one item (or rule) per line and comment lines begin with a pound-sign (#). Each rule consists of selector portion, which determines the events to react to and the action portion, which determines what is to be done.” (Linux Knowledge….)

     The Linux syslogd has added a couple of functions that are not available in other versions of UNIX. By preceding a priority with an equal-sign (=), you tell syslogd only to react to that one priority. This is useful since syslogd normally reacts to everything with that priority and higher. One place where this is useful is when you want all debugging messages to be logged to a specific file, but everything logged to another file.

     An important but common issue is that what to do with a large number of log messages.

With lot of logging, when everything is sent to a central server, file system gets filled faster than its normal capacity.  It is, therefore prudent to remove them, when after a specific length of time or when they reach a particular size.It is a fairly simple matter to write a shell script that is started from cron, which looks at the log files and takes specific actions. The nice thing is that you do not have to. Linux provides this functionality for you in the form of the logrotate command.

     “Unlike other UNIX dialects, the Linux cron daemon does not sleep until the next cron job is ready. Instead, when cron completes one job, it will keep checking once a minute for more jobs to run. Also, you should not edit the files directly. You can edit them with a text editor like vi, though there is the potential for messing things up. Therefore, you should use the tool that Linux provides: crontab.The crontab utility has several functions. It is the means by which files containing the cron jobs are submitted to the system. Second, it can list the contents of your crontab. If you are root, it can also submit and list jobs for any user. The problem is that jobs cannot be submitted individually. Using crontab, you must submit all of the jobs at the same time.” (Linux  Knowledge…)

     In a multi-user system like Linux, you should expect to find other users on your system.  Although there are many built-in mechanisms to keep users separated, sometimes you will want to communicate with other users. Linux provides several tools to do this, depending on exactly what you want to accomplish. If you simply wish  to send a quick message to someone, for example, to remind him or her of a meeting, you might use the write program, which sends (writes) a message to his or her terminal.

In Linux, e-mail is accessed through the mail command. Depending on your system, the mail program may be linked to something else.

     Any operating system closely works with the hardware system, which is the foundation. Certain services required by the operating system can only be provided by the hardware. To understand the basics of the Linux operating system, you need to possess the knowledge of underlying hardware system. . In the early 1990’s, when Linus Torvalds started writing what was to become Linux, he picked the most plentiful and not so costly hardware, an Intel 80386 PC.

     “Central Log Management System is a simple web based logging system which allows logging all syslog messages from various Network Devices, Unix, Linux, Solaris and Windows Servers. This allows the visibility of logs from all these devices in one single interface….

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!

order now

     Imagine that eth0 is your internet interface and you want as your local ip address. Change the /etc/network/interface file and save it.

auto eth0

iface eth0 inet static





You need to modify it for your own needs.

Preparing syslog

mkdir /logs (let’s make a directory for our logs) Modify /etc/syslog.conf and add the next rule if you really would like to log everything: (don’t forget to save it) *.* /logs/logger.log

It’s possible you’re only interested in some of the following things:

auth – authentication (login) messages

cron – messages from the memory-resident scheduler

daemon – messages from resident daemons

kern – kernel messages

lpr – printer messages

mail – messages from Sendmail

user – messages from user-initiated processes/apps

local0-local7 – user-defined (see below)

syslog – messages from the syslog process itself

0 – Emergency (emerg)

1 – Alerts (alert)

2 – Critical (crit)

3 – Errors (err)

4 – Warnings (warn)

5 – Notification (notice)

6 – Information (info)

7 – Debug (debug)

When you like to log everything from auth, cron, lpr error and only syslogs warnings then you have to add next lines to /etc/syslog.conf

auth.* /logs/logger.log

cron.* /logs/logger.log

kern.* /logs/logger.log

lpr.3 /logs/logger.log

syslog.4 /logs/logger.log

Now modify /etc/init.d/ksyslogd with your favourite editor and do the next:

SYSLOGD=”” Change this line by the next line and save:

SYSLOGD=”-r -m0”

Restart networking again: /etc/init.d/networking restart

Install Apache2 and stuff:

Apt-get installs apache2 php5 libapache2-mod-php5 mysql-server mysql-client


Check cat /etc/hostname, and the hostname that you are seeing here you have to

place in your /etc/hosts file, together with your local static ip address. /etc/hosts: myhostname Don’t forget to change the above to your own needs! I decided to host on Port 8070, my ISP (Telenet Belgium) has blocked all ports under 1024. Modify /etc/apache2/ports.conf: (Listen 80 must be replaced by Listen 8070)

Listen 8070

If you are behind a NAT, don’t forget to open this port on your router.

Now we’re going to install our virtual hosts. cd /etc/apache2/sites-available


Now edit your file with your favorite editor and make sure it looks like this:

ServerAdmin [email protected]



DirectoryIndex index.php

DocumentRoot /logs

Ok, now we’re going to etc/apache2/sites-enabled

cd /etc/apache2/sites-enabled

ln -s /etc/apache2/sites-available/ This symbolic link (ln -s) is absolutely necessary. Ok, now we’re going to our logs directory and we place there an index.php file cd /logs

Touch index.php

Modify index.php now with your favorite editor. This is how it should look like:

Restart apache: /etc/init.d/apache2 force-reload

Ok, go to and (memorize your ip)

And on dyndns you registrate yourself, you log in, then click DNS services ->

Dynamic DNS -> Add Host -> and you registrate

Mention your remote IP (what you saw at at the ip line)

If you visit now your webpage you will be able to see your syslogs!

4) Only I want to see the log files (by using an .htacces file)

Now we take measures: Only you will have the possibility to see your syslogs.

cd /logs (Yes we go again to the /logs directory)

Touch .htaccess (We’ll make an .htaccess file)

Modify .htaccess with your favorite editor. This is how your .htaccess file should look like:

AuthUserFile /root/.htpasswd

AuthName ‘Access is limited here’

AuthType basic

Require valid-user

cd /root (go to the /root directory)

htpasswd -c .htpasswd webmaster (let’s make a valid account)

Now modify the /etc/apache2/sites-available/default file with your favorite editor:

DocumentRoot /var/www

Options FollowSymLinks

AllowOverride None

Options Indexes FollowSymLinks MultiViews

AllowOverride All

Order allow,deny

Allow from all

# Uncomment this directive is you want to see apache2’s

# default start page (in /apache2-default) when you go to /

#RedirectMatch ^/$ /apache2-default/

This AllowOverride all tells apache2 it has to deal with a .htaccess file.

Restart apache2 again: /etc/init.d/apache2 force-reload

Go to your site now, you’ll have to give a password that you’ve specified.

Now you have a syslog server that’s using the virtual host technique on apache2. And only you is able to read the information, caused by the .htaccess file.” (….)

“The majority of Linux distributions uses the good old syslogd system logger by default, which is based on the original 4.3BSD syslogd daemon. Syslogd is a fine system logger, but it lacks some advanced features modern alternatives offer. We will use syslog-ng instead, which provides all the functionality of the traditional syslogd along with some nice enhancements. Among others, it provides powerful filtering capabilities based on message content, and can also be used in a fire walled environment without problems.” ( Build …)


                                                  References Cited:

Linux Knowledge Base and Tutorial….

< – 27k –>Retrieved on October 20, 2008 Central Log Management System

< – 26k ->–Retrieved on October 20, 2008 Build a centralized log management and monitoring system7…

< – 37k -> Retrieved on October 20, 2008



I'm James!

Would you like to get a custom essay? How about receiving a customized one?

Check it out