Logging
Logging is the process by which systems record notable events to provide users and administrators with a view of what is happening while a machine is running. Many programs/daemons generate logs according to the syslog specification that can be marshaled by a system wide logging tool - other software may manage it's own log files.
Gentoo provides a choice of logging systems, to be installed by the administrator. System logs can be used to monitor activity, or to alert users of particular events, depending on what logger is chosen, and how it is set up.
System logs are often a vital tool for system security.
See the Handbook about installing a system logger.
Available software
This is just a partial selection of logging tools available in Gentoo.
Name | Package | Description |
---|---|---|
Metalog | app-admin/metalog | Highly configurable replacement for syslogd/klogd. |
Rsyslog | app-admin/rsyslog | Open-source system for high performance log processing. |
Sysklogd | app-admin/sysklogd | Standard log daemons. |
Syslog-ng | app-admin/syslog-ng | Powerful, highly configurable monitoring and logging daemon. |
Systemd | sys-apps/systemd | Init system that has its own way of handling log files. |
It is a bad idea to run more than one system logger on a physical host.
Linux system log files
Generally, all system logs are found in the /var/log/ directory. Logging file names may vary, example files of interest:
- /var/log/auth.log : user connection log
- /var/log/dmesg : diagnostic messages, see also dmesg
- /var/log/emerge.log : events when managing packages with Portage, see also Portage log
- /var/log/kern.log : kernel event log
- /var/log/syslog : all system messages
- /var/log/Xorg.1.log : xorg log, useful when diagnosing xorg startup issues
See also
- logcheck — tool to analyze the system logs.
- Logrotate — a tool to periodically rotate (archive), delete, and optionally compress and/or mail historic log files.
- OpenRC — a dependency-based init system for Unix-like systems that maintains compatibility with the system-provided init system -- OpenRC generates some of the first output seen on the screen during boot - this can be logged to a file.
- Portage log — provides information when installing, updating, or removing packages.