Syslog

Syslog is the logging system for UNIX and Linux

Logging Polices
1. Reset log files at periodic intervals (grow to fixed size and then reset to zero size)
2. Rotate log files, keeping date for a fixed time (e.g. log.1, log.2)
3. Compress and Archive log to Tape

syslog config file (/etc/syslog.conf)
/var/log/file default permission should be chmod 600

klogd - Kernel ongoing logging
initlog capture O/P of startup command and submit to syslog

Syslog Architecture
syslogd writes its process id to /var/run/syslog.pid

1. syslogd Logging Daemon
2. openlog Library Routine that submit message to syslogd
3. logger User-level command that submit log entry from shell

Log facility and level are configured in /etc/initlog.conf
selector actions
selector has
facility  - program that is sending the log messages
level – messages severity level
facility.level action
mail.info /var/log/maillog

facilty names include
auth - security and authorization related commands
daemon - system daemons
kern - the kernel
mail - sendmail and other mail related softwares
syslog - syslogd internel messges
user - user process

syslog severity levels
emerg - panic situations
alert - urgent situations
crit - critical conditions
err - error conditions
warning - warning messages
notice - things need investigation
info - information messages
debug - debugging only

logger command is used for submitting log entries from shell script
$logger –p local5.warning “test msg”
And add [local5.warning /tmp/evi.log] in syslogd’s config file

Using syslog from programs
use Sys::Syslog
openlog Routine to initialize logging
syslog Send a message to syslogd which log
closelog closes the logging channel