System logs

This is a wiki page. Be bold and improve it!

If you have any questions about the content on this page, don't hesitate to open a new ticket and we'll do our best to assist you.

General information

http://linux.overshoot.tv/var/log
http://en.wikipedia.org/wiki/Syslog

System loggers

There are several different system loggers. The best strategy for you would be to use whichever one comes as default with your distribution. On Ubuntu systems, the default is rsyslog.

sysklogd

http://www.infodrom.org/projects/sysklogd/

syslog-ng

http://www.balabit.com/network-security/syslog-ng
http://en.wikipedia.org/wiki/Syslog-ng

rsylog

http://www.rsyslog.com/
http://en.wikipedia.org/wiki/Rsyslog

why does the world need another syslogd? (aka rsyslog vs. syslog-ng)
http://blog.gerhards.net/2007/08/why-does-world-need-another-syslogd.htm...
(an interesting read, providing some insight into different ways of thinking in the open source software world.)

rsyslog vs. syslog-ng
http://www.rsyslog.com/doc/rsyslog_ng_comparison.html
(outdated document. It boils down to a choice of licenses and different perspective on open source software).

Gentoo

https://wiki.gentoo.org/wiki/Complete_Handbook/Configuring_the_system#Sy...

Concepts

Importance of logs

Logs are important, especially with regard to error logs. When trying to troubleshoot a problem, the first thing a user should do is check the error logs.
Unfortunately, the logs by some applications are not clear, not complete or even misleading.

Logs, especially error logs, should provide:
- a clear timestamp.
- an error code that can tie the error to a specific place in the code, making it easier to debug the application.
- a clear error message, indicating what went wrong.
- a clear indication on how the user could remedy the situation and where documentation relevant to the error can be found (man page section, web page, etc.)

logging format

Each application apparently implements its own log, with its own format. What's worse, some logs are now increasingly maintained in a binary format.
What logging format exist? Where are they documented?

Some application have separate logs for error and for normal operations. Others combine those in the same log file.

Issues related to this page:

ProjectSummaryStatusPriorityCategoryLast updatedAssigned to
Linux serverNo manual entry for syslog.conf, no /etc/syslog…activenormalsupport request4 years 50 weeks