Find the answer to your Linux question:
Page 1 of 3 1 2 3 LastLast
Results 1 to 10 of 27
Hello guys, I hope this is the correct section for my question... I'm studying a little bit of the Linux logging, in particular I'm interested in understanding what syslogd report ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2011
    Posts
    38

    /var/log/messages ANALYSIS


    Hello guys,
    I hope this is the correct section for my question...

    I'm studying a little bit of the Linux logging, in particular I'm interested in understanding what syslogd report in /var/log/messages. Reading around and reading the file "messages" itself I suppose it contains everything related to applications' errors, new user's creation, user login, password's change (and maybe much more).

    There are, in the file, a lot of informations, but nothing critical, my aim is to let the system do something critical, in order to see the corresponding log in the 'messages' file.

    Do you have a suggestion? Or can you help me increasing my knowledge about this argument? Thank you!

  2. #2
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,356
    use logger.
    With that, you can send messages to any facility and with any priority
    Code:
    man logger
    You must always face the curtain with a bow.

  3. #3
    Just Joined!
    Join Date
    Apr 2011
    Posts
    38
    Does logger work with rsyslogd too?

  4. #4
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,356
    yes it does.
    You must always face the curtain with a bow.

  5. #5
    Just Joined!
    Join Date
    Apr 2011
    Posts
    38
    Ok, thank you. I've just tested it... very helpful for my goals.

    Do you know how I can configure rsyslogd to log DNS queries? Is it possible simply modifying /etc/rsyslog.conf? Or I can do that using logger?

  6. #6
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,356
    Depends on the DNS daemon.
    Or any daemon/process for that matter.

    Some can utilize syslog directly.
    For example: php can do it, if you define error_log = syslog in php.ini

    If the daemon/process can only write to its own logfile, then you need to use something like the the imfile module of rsyslog to "follow" that logfile.
    It is basically a tail -F

    Then there is a third category, daemons/processes, that do fancy stuff. Like buffering or writing not only to the end of the file.
    Example: Jboss. For these category, you are depended on the available logging, syslog alone wont help too much.
    You must always face the curtain with a bow.

  7. #7
    Just Joined!
    Join Date
    Apr 2011
    Posts
    38
    Do you mean I have a DNS logging system yet? In other words, are my DNS queries saved somewhere yet?

    If it is so, how can I know where these informations are?

  8. #8
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,356
    As I said, depends on your dns daemon (there are multiple) and its configuration.

    It is not uncommon for a daemon to write its own logfiles for various actions: error, access, etc

    One could say, that syslog is a step further.
    If a daemon can write to syslog, then it is syslogs task to write the actual file.
    What are the benefits?
    - there is one place to look for log config
    - syslog can write to multiple files
    - and also send the logs over the net to e.g. a central logserver


    So in your case it would be good to consult the documentation and man page of your DNS daemon
    You must always face the curtain with a bow.

  9. #9
    Just Joined!
    Join Date
    Apr 2011
    Posts
    38
    My problem is I have to use a log-analyzer on DNS traffic logs. What solution do you suggest? php can trace the DNS traffic by default?

  10. #10
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,356
    I suggest reading documentation.
    No offence, but how should I know which dns daemon and log analyzer you use?
    You must always face the curtain with a bow.

Page 1 of 3 1 2 3 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •