Syslog Viewer Ubuntu Stage 1




All activities on UNIX systems (and variants such as Linux, FreeBSD, Solaris, AIX, HPUX and the like) can be recorded. The recording was used for the needs of the audit, i.e. checking system if needed. For example, if an error occurred (error) then administrators can more easily find the source of the error because the information is neatly tercatatdengan. Similarly in case of misuse of the facility, then it can be known who did it and what it does.

Registration activities performed by writing the data into the file record that is often referred to by the name "logfile" or a log file. This process itself is often referred to by the term logging.

In the beginning of the recording is done according the will of the Creator program. The log file can be stored anywhere with a different format. Imagine a UNIX system that has many functions such as database server, web server, email server, and so on. Different record-keeping is certainly will confuse the administrator so that finally appeared the standard logging facilities or programs that use "syslog".



Syslog program at first dikembangan by Eric Allman (who also make the program mail send mail). Currently there are several variations of the syslog program. But at its core functionality is the same. This syslog program records the events in a standard format. Layout of the logfile and anything that is recorded can be set by a configuration file (syslog. conf) are usually located in the/etc. directory For example, on a Debian Linux system I use, the configuration file is located at/etc/syslog.conf. For more information about the content and configuration of these files can be viewed by using the command "man 5 syslog. conf". For his own syslog can be seen by looking at the manual syslogd on section 8 of the manual.

debian# man 5 syslog.conf
debian# man 8 syslogd

For example, on my server/var/log/syslog file noted some instances in the system. The contents of this file are:
Dec 9 09:06:15 mx tcplogd: www connection attempt from kalasan.ntt.net.id [202.171.0.67]
the above example shows a web of connections

Dec 9 09:08:25 mx tcplogd: ssh connection attempt from research.indocisc.com [192.168.1.1]
the above example shows the existence of a ssh connection from the machine research.indocisc.com

There are still many examples of the contents of a syslog file. Please see the contents of this file to see what is recorded. Keep in mind that these files are typically set can be read only by the superuser (root). For that you must become superuser (root) to be able to read the contents of the file.

Configuring syslog. conf
In general the format of the file contents syslog. conf is as follows: <TAB> action facilities

It should be noted that separating "facilities" and the "action" tab is. This is often not seen and considered as a space only. Some versions of syslog can no way if you use a space. So please note if you are using the facilities of the cust-and-paste that often change tabs into spaces. Syslog file contents example. conf: mail.info/var/log/mail.log.

The above example says that the message of the email system is stored in the file/var/log/mail.log. In General, parts facilities still can be divided into:-floor level of the facility.

In the example above, the level of info from the email system are stored in a log file. In addition to the info level there are several other levels such as emerg, alert, crit, err, warning, notice, and debug. Complete information about the level and the sequence (in order of priority the decrease) can be seen in the following table.

Levels Of Meaning
emerg - critical Situation (panic)
alert - urgent Situation
Crit - critical situations (critical)
Err - error Condition
warning - warning (warning)
Notice - please note
Info - Just information
Debug - for debugging



Next
Previous
Click here for Comments

0 comments: