Difference between revisions of "Bering-uClibc 7.x - User Guide - Basic Configuration - Log Files"

From bering-uClibc
Jump to: navigation, search
(Log Files)
 
(One intermediate revision by the same user not shown)
Line 10: Line 10:
 
==Log Files==
 
==Log Files==
 
This chapter explains the location and contents of log files generated on a LEAF Bering-uClibc router, the configuration
 
This chapter explains the location and contents of log files generated on a LEAF Bering-uClibc router, the configuration
in <code class="filename">syslog-ng</code>, maintenance with <code class="filename">logrotate</code> and how to use <code class="filename">spacecheck</code> in <code class="filename">lrp.conf</code>.
+
in <code class="filename">rsyslog.conf</code>, maintenance with <code class="filename">logrotate</code> and how to use <code class="filename">spacecheck</code> in <code class="filename">lrp.conf</code>.
  
 
In a space constraint and long running environment like LEAF Bering-uClibc, it will be useful to understand how log files, which tends to grow unlimited, are created and maintained.
 
In a space constraint and long running environment like LEAF Bering-uClibc, it will be useful to understand how log files, which tends to grow unlimited, are created and maintained.
Line 21: Line 21:
 
Log files present by default are:
 
Log files present by default are:
  
 +
* <code class="filename">syslog</code> - This file keeps general log information, if not defined otherwise programs writes into this file.
 
* <code class="filename">auth.log</code> - This file keeps login information, e.g. the <code class="filename">login</code> and the ssh server <code class="filename">dropbear</code> writes into this file.
 
* <code class="filename">auth.log</code> - This file keeps login information, e.g. the <code class="filename">login</code> and the ssh server <code class="filename">dropbear</code> writes into this file.
 
* <code class="filename">cron.log</code> - Keeps information of jobs started from cron.
 
* <code class="filename">cron.log</code> - Keeps information of jobs started from cron.
 
* <code class="filename">daemon.log</code> - The daemon log at <code class="filename">/var/log/daemon.log</code> and contains information about running system and application daemons such as <code class="filename">hostapd</code> daemon, the dns daemon <code class="filename">dnsmasq</code> or the MySQL database daemon <code class="filename">mysqld</code>. This can help you trouble-shoot problems with a particular daemon.  
 
* <code class="filename">daemon.log</code> - The daemon log at <code class="filename">/var/log/daemon.log</code> and contains information about running system and application daemons such as <code class="filename">hostapd</code> daemon, the dns daemon <code class="filename">dnsmasq</code> or the MySQL database daemon <code class="filename">mysqld</code>. This can help you trouble-shoot problems with a particular daemon.  
* <code class="filename">debug</code> -  The debug log provides detailed debug messages from system and applications which log to <code class="filename">syslogd</code> at the DEBUG level.  
+
* <code class="filename">debug</code> -  The debug log provides detailed debug messages from system and applications which log to <code class="filename">rsyslogd</code> at the DEBUG level.  
* <code class="filename">dmesg</code> - It's a copy of the <code class="filename">dmesg</code> output from the kernel booting, showing the devices it has found and if it has been able to configure them at all (aside from userland configuration).
+
* <code class="filename">dmesg</code> - It's a copy of the <code class="filename">dmesg</code> output from the kernel booting, showing the devices it has found and if it has been able to configure them at all (aside from user land configuration).
 +
* <code class="filename">shorewall.log</code> - This file keeps ipv4 shorewall logs, e.g. packets dropped with source, destination, ports etc..
 +
* <code class="filename">shorewall6.log</code> - This file keeps ipv6 shorewall6 logs, e.g. packets dropped with source, destination, ports etc..
 +
 
  
 
tbc
 
tbc
  
===Configuration of syslog-ng===
+
===Configuration of rsyslog===
 
tbd
 
tbd
 +
 
===Log file maintenance===
 
===Log file maintenance===
 
The task of log file maintenance is accomplished by <code class="filename">/usr/bin/logrotate</code>.
 
The task of log file maintenance is accomplished by <code class="filename">/usr/bin/logrotate</code>.

Latest revision as of 12:41, 31 October 2020

Basic Configuration - Log Files
Prev Bering-uClibc 7.x - User Guide Next

Log Files

This chapter explains the location and contents of log files generated on a LEAF Bering-uClibc router, the configuration in rsyslog.conf, maintenance with logrotate and how to use spacecheck in lrp.conf.

In a space constraint and long running environment like LEAF Bering-uClibc, it will be useful to understand how log files, which tends to grow unlimited, are created and maintained.

Note: Remote logging is not described in this chapter.

Location and contents of main log files

The log files are usually written into /var/log. Some programs writes their log files in subdirectory of /var/log.

Log files present by default are:

  • syslog - This file keeps general log information, if not defined otherwise programs writes into this file.
  • auth.log - This file keeps login information, e.g. the login and the ssh server dropbear writes into this file.
  • cron.log - Keeps information of jobs started from cron.
  • daemon.log - The daemon log at /var/log/daemon.log and contains information about running system and application daemons such as hostapd daemon, the dns daemon dnsmasq or the MySQL database daemon mysqld. This can help you trouble-shoot problems with a particular daemon.
  • debug - The debug log provides detailed debug messages from system and applications which log to rsyslogd at the DEBUG level.
  • dmesg - It's a copy of the dmesg output from the kernel booting, showing the devices it has found and if it has been able to configure them at all (aside from user land configuration).
  • shorewall.log - This file keeps ipv4 shorewall logs, e.g. packets dropped with source, destination, ports etc..
  • shorewall6.log - This file keeps ipv6 shorewall6 logs, e.g. packets dropped with source, destination, ports etc..


tbc

Configuration of rsyslog

tbd

Log file maintenance

The task of log file maintenance is accomplished by /usr/bin/logrotate. logrotate is started daily, weekly and monthly from /etc/cron.daily/multicron-d, /etc/cron.weekly/multicron-w and /etc/cron.monthly/multicron-m. Log files will be compressed and rotated if a given size (default 1MB) is reached. It also restarts a daemon after log rotation if needed. The files are rotated up to four generations.

logrotate keeps the configuration files in /etc/logrotate.d, usually named after the application generating the log file (e.g /etc/logrotate.d/ulogd.

For the default log files (syslog, user.log, cron.log, daemon.log, auth.log, debug, wtmp) the logrotation configuration has been added to /etc/logrotate.d/syslog.

logrotate options

The following example is the default logrotate.d file /etc/logrotate.d/syslog for /var/log/syslog and other common log files created by LEAF Bering-uClibc at boot time.

# add files to be rotated (daily, weekly, monthly)
# NOTE: depends if LOGSIZE has been reached
LOGS_DAILY="syslog user.log daemon.log cron.log auth.log debug"
LOGS_WEEKLY=""
LOGS_MONTLY="wtmp"
# LOGSIZE - size in kb when logrotate move and compress log files
LOGSIZE=1024
# DAEMON - restart this service after logrotation
DAEMON=syslog-ng
# METHOD - restart command
METHOD=restart
# USER - set user permission 
#USER=sh-httpd
# GROUP - set group permission
#GROUP=adm
# if set to one the first iteration will be compressed
COMPRESS_ALL=1

Using Spacecheck in lrp.conf

tbd


Prev Up Next