Red Hat Enterprise Linux 4: System Administration Guide Prev
Next
Chapter 28. Log Files Log files are files that contain messages about the system, including the kernel, services, and applications running on it. There are different log files for different information. For example, there is a default system log file, a log file just for security messages, and a log file for cron tasks. Log files can be very useful when trying to troubleshoot a problem with the system such as trying to load a kernel driver or when looking for unauthorized log in attempts to the system. This chapter discusses where to find log files, how to view log files, and what to look for in log files. Some log files are controlled by a daemon called syslogd. A list of log messages maintained by syslogd can be found in the /etc/syslog.conf configuration file.
28.1. Locating Log Files Most log files are located in the /var/log/ directory. Some applications such as httpd and samba have a directory within /var/log/ for their log files. You may notice multiple files in the log file directory with numbers after them. These are created when the log files are rotated. Log files are rotated so their file sizes do not become too large. The logrotate package contains a cron task that automatically rotates log files according to the /etc/logrotate.conf configuration file and the configuration files in the /etc/logrotate.d/ directory. By default, it is configured to rotate every week and keep four weeks worth of previous log files. Prev Additional Resources
Home Up
Next Viewing Log Files
Red Hat Enterprise Linux 4: System Administration Guide Prev
Chapter 28. Log Files
Next
28.2. Viewing Log Files Most log files are in plain text format. You can view them with any text editor such as Vi or Emacs. Some log files are readable by all users on the system; however, root privileges are required to read most log files.
To view system log files in an interactive, realtime application, use the Log Viewer. To start the application, go to Applications (the main menu on the panel) => System Tools => System Logs, or type the command systemlogviewer at a shell prompt.
The application only displays log files that exist; thus, the list might differ from the one shown in Figure 281. To filter the contents of the log file for keywords, type the keyword(s) in the Filter for text field, and click Filter. Click Reset to reset the contents.
Figure 281. Log Viewer By default, the currently viewable log file is refreshed every 30 seconds. To change the refresh rate, select Edit => Preferences from the pulldown menu. The window shown in Figure 282 appears. In the Log Files tab, click the up and down arrows beside the refresh rate to change it. Click Close to return to the main window. The refresh rate is changed immediately. To refresh the currently viewable file manually, select File => Refresh Now or press [Ctrl][R]. On the Log Files tab in the Preferences, the log file locations can be modified. Select the log file from the list, and click the Edit button. Type the new location of the log file or click the Browse button to locate the file location using a file selection dialog. Click OK to return to the preferences, and click Close to return to the main window.
Figure 282. Log File Locations Prev
Home
Log Files
Up
Next Adding a Log File
Red Hat Enterprise Linux 4: System Administration Guide Prev
Chapter 28. Log Files
Next
28.3. Adding a Log File To add a log file to the list, select Edit => Preferences, and click the Add button in the Log Files tab.
Figure 283. Adding a Log File Provide a name, description, and the location of the log file to add. After clicking OK, the file is immediately added to the viewing area, if the file exists. Prev
Home
Viewing Log Files
Up
Next Examining Log Files
Red Hat Enterprise Linux 4: System Administration Guide Prev
Chapter 28. Log Files
Next
28.4. Examining Log Files Log Viewer can be configured to display an alert icon beside lines that contain key alert words and a warning icon beside lines that contain key warning words. To add alerts words, select Edit => Preferences from the pulldown menu, and click on the Alerts tab. Click the Add button to add an alert word. To delete an alert word, select the word from the list, and click Delete. The alert icon is displayed to the left of the lines that contains any of the alert words.
Figure 284. Alerts To add warning words, select Edit => Preferences from the pulldown menu, and click on the Warnings tab. Click the Add button to add a warning word. To delete a warning word, select the word from the list, and click Delete. The warning icon is displayed to the left of the lines that contains any of the warning words.
Figure 285. Warning Prev Adding a Log File
Home Up
Next Manually Upgrading the Kernel