/var/log/messages ANALYSIS

[eferre]

Hello guys,
I hope this is the correct section for my question...

I'm studying a little bit of the Linux logging, in particular I'm interested in understanding what syslogd report in /var/log/messages. Reading around and reading the file "messages" itself I suppose it contains everything related to applications' errors, new user's creation, user login, password's change (and maybe much more).

There are, in the file, a lot of informations, but nothing critical, my aim is to let the system do something critical, in order to see the corresponding log in the 'messages' file.

Do you have a suggestion? Or can you help me increasing my knowledge about this argument? Thank you!

[Irithori]

use logger.
With that, you can send messages to any facility and with any priority

Code:

man logger

[eferre]

Does logger work with rsyslogd too?

[Irithori]

yes it does.

[eferre]

Ok, thank you. I've just tested it... very helpful for my goals.

Do you know how I can configure rsyslogd to log DNS queries? Is it possible simply modifying /etc/rsyslog.conf? Or I can do that using logger?

[Irithori]

Depends on the DNS daemon.
Or any daemon/process for that matter.

Some can utilize syslog directly.
For example: php can do it, if you define error_log = syslog in php.ini

If the daemon/process can only write to its own logfile, then you need to use something like the the imfile module of rsyslog to "follow" that logfile.
It is basically a tail -F

Then there is a third category, daemons/processes, that do fancy stuff. Like buffering or writing not only to the end of the file.
Example: Jboss. For these category, you are depended on the available logging, syslog alone wont help too much.

[eferre]

Do you mean I have a DNS logging system yet? In other words, are my DNS queries saved somewhere yet?

If it is so, how can I know where these informations are?

[Irithori]

As I said, depends on your dns daemon (there are multiple) and its configuration.

It is not uncommon for a daemon to write its own logfiles for various actions: error, access, etc

One could say, that syslog is a step further.
If a daemon can write to syslog, then it is syslogs task to write the actual file.
What are the benefits?
- there is one place to look for log config
- syslog can write to multiple files
- and also send the logs over the net to e.g. a central logserver


So in your case it would be good to consult the documentation and man page of your DNS daemon

[eferre]

My problem is I have to use a log-analyzer on DNS traffic logs. What solution do you suggest? php can trace the DNS traffic by default?

[Irithori]

I suggest reading documentation.
No offence, but how should I know which dns daemon and log analyzer you use?