Testing System Logging System Logging Configuration
9.2.3 The logger Command
UNIX provides the logger command, which is an extremely useful command to deal with system logging. The logger command sends logging messages to the syslogd daemon, and consequently provokes system logging. This means we can check from the command line at any time the syslogd daemon and its configuration. The command itself can also be a part of a user programscript to generate necessary operational logging messages. The logger command provides a method for adding one−line entries to the system log file from the command line. One or more message arguments can be entered with options on the command line, in which case each of them is logged immediately. If an optional message is not specified, either an optional file specified with the −f option or the standard input is added to the log. The format of the command is: logger [ −i ] [ −f file ] [ −p priority ] [ −t tag ] [ message ]... Where the available options and operands are: −f filename Use the contents of file filename as the message to log. −i Log the process ID of the logger process with each line. −p priority Enter the message with the specified priority specified selector entry; the message priority can be specified numerically, or as a facility.level pair. The default priority is user.notice. −t tag Mark each line added to the log with the specified tag. message The string arguments whose contents are concatenated together in the specified order, separated by the space a quoted message presents a single string argument.9.2.4 Testing System Logging
It is a good idea to test the system logging after it has been configured and the syslogd daemon has been recycled. The logger command allows efficient and detailed logging testing. Here is an example from the HP−UX 10.20 system; it is named black and has the following configuration: cat etcsyslog.conf This is the etcsyslog.conf file Time marks 212 We will test the mail subsystem, or, to use the system logging terminology, the mail facility. All entries in the configuration file relevant to the mail logging are printed in bold. The system is configured to enable logging of all mail log messages above the info level in the varlogmaillog file; this includes everything except debug messages. Critical−level and above mail messages are also logged in the system log file varlogsyslog besides many other system messages, and they are sent to the remote loghost, as well. Further processing and logging of the sent messages is defined by the logging configuration file etcsyslog at the remote system. Finally, all emergency panic messages are sent to all logged−in users. The user bjl has issued a sequence of the logger command from the command line with different logging options and test messages. The syslogd daemon should catch all generated messages and forward them into corresponding logging files, according to the actual logging configuration. logger −p mail.debug Testing mail.debug logger −p mail.info Testing mail.info logger −p mail.notice Testing mail.notice logger −p mail.warning Testing mail.warning logger −p mail.err Testing mail.err logger −p mail.crit Testing mail.crit logger −p mail.alert Testing mail.alert logger −p mail.emerg Testing mail.emerg Next, we check the local log files: cat varlogmaillog | grep Testing May 11 16:57:38 black bjl: Testing mail.info May 11 16:58:04 black bjl: Testing mail.notice May 11 16:58:23 black bjl: Testing mail.warning May 11 16:58:39 black bjl: Testing mail.err May 11 16:58:54 black bjl: Testing mail.crit May 11 16:59:12 black bjl: Testing mail.alert May 11 16:59:29 black bjl: Testing mail.emerg Simultaneously, the panic emerg message was sent to all logged−in users: Message from syslogdblack at Tue May 11 16:59:29 1999 ... black bjl: Testing mail.emerg As expected, all test messages have been logged in the varlogmaillog file except the debug message; the emergency message was also sent, and displayed, on the terminals of all logged−in users. cat varlogsyslog ..... 213 May 11 16:00:19 black syslogd: restart May 11 16:03:42 black inetd[964]: Rereading configuration May 11 16:03:42 black inetd[964]: bootpsudp: Deleted service May 11 16:03:42 black inetd[964]: Configuration complete May 11 16:14:32 black − MARK −− May 11 16:34:32 black −− MARK −− May 11 16:45:21 black syslogd: restart May 11 16:54:32 black −− MARK −− May 11 16:58:54 black bjl: Testing mail.crit May 11 16:59:12 black bjl: Testing mail.alert May 11 16:59:29 black bjl: Testing mail.emerg May 11 17:14:32 black −− MARK −− ..... ..... Only the section of the interest in the huge varlogsyslog file is presented; the mail messages higher than the level: crit are presented in bold. Pay attention to the MARK messages generated by the syslogd daemon, in which logging is defined by the entry: mark.info varlogsyslog Generated mail log messages are also forwarded to the loghost for remote logging; this is the Solaris 2.6 system. Consequently, the loghosts etcsyslog.conf configuration file defines the way these messages will be locally logged. The loghost process receives remote messages in the same way as locally generated ones. The following syslog.conf entries at the loghost are related to the mail messages, and define their logging: .err;kern.debug;daemon.notic;mail.crit varadmmessages mail.debug varlogmaillog Checking the log files on the loghost: cat varadmmessages | grep black | grep mail May 11 16:58:54 black.logview.com bjl: Testing mail.crit May 11 16:59:12 black.logview.com bjl: Testing mail.alert May 11 16:59:29 black.logview.com bjl: Testing mail.emerg Only mail log messages received with a level higher than crit are logged in the varadmmessages file. However, all received mail log messages are logged in the loghosts file varlogmaillog, because the lowest logging level is defined as debug however, the debug mail message was not sent from the host black, because of the local logging configuration: cat varlogmaillog | grep black | grep Testing mail May 11 16:57:38 black.logview.com bjl: Testing mail.info May 11 16:58:04 black.logview.com bjl: Testing mail.notice May 11 16:58:23 black.logview.com bjl: Testing mail.warning May 11 16:58:39 black.logview.com bjl: Testing mail.err May 11 16:58:54 black.logview.com bjl: Testing mail.crit May 11 16:59:12 black.logview.com bjl: Testing mail.alert May 11 16:59:29 black.logview.com bjl: Testing mail.emerg9.3 Accounting Log Files
Parts
» Unix Administration. 7485KB Mar 29 2010 05:04:17 AM
» UNIX Operating System UNIX — Introductory Notes
» Berkeley Standard Distribution — BSD UNIX System V or ATT UNIX
» System Administrators Job UNIX System and Network Administration
» Computing Policies UNIX System and Network Administration
» Legal Acts Administration Guidelines
» Code of Ethics Administration Guidelines
» USENIX System Administrators Guild — SAGE
» In This Book UNIX System and Network Administration
» Introduction The Unix Model — Selected Topics
» Access Classes File ProtectionFile Access
» Default File Mode File ProtectionFile Access
» Plain Regular File Socket Named Pipe
» Special File Names Special File Creation
» Process Types Process Attributes
» Process Life Cycles Processes
» System V ATT Flavored ps Command
» Destroying Processes The UNIX kill command will eliminate a process entirely:
» Becoming a Superuser Communicating with Other Users
» The man Command UNIX Online Documentation
» The uptime Command The uptime command displays:
» Personal Documentation UNIX Administration Starters
» Shell Script Execution UNIX Shell Scripts
» Shell Variables UNIX Shell Scripts
» Double Command−Line Scanning
» Introductory Notes System Startup and Shutdown
» The Bootstrap Program System Startup
» The Kernel Execution System Startup
» System States System Startup
» The Outlook of a Startup Procedure
» Initialization Scripts System Startup
» The BSD rc Scripts BSD Initialization Sequence
» BSD−Like Initialization System V Initialization
» An Example Shutdown Procedures
» Introduction to the UNIX Filesystem
» System V Filesystem Directory Organization
» Mounting a Filesystem home, users
» Dismounting a Filesystem home, users
» Automatic Filesystem Mounting Removable Media Management
» BSD Filesystem Configuration File
» Filesystem Types A Few Other Filesystem Issues
» Swap Space — Paging and Swapping
» Loopback Virtual Filesystem A Few Other Filesystem Issues
» Display Filesystem Statistics: The df Command
» Checking Filesystems: The fsck Command
» Introduction UNIX Filesystem Layout
» Disk Partitions Physical Filesystem Layout
» Filesystem Structures Physical Filesystem Layout
» The mkfs Command Filesystem Creation
» File Identification and Allocation
» File Storage vs. File Transfer
» Reserved Free Space Filesystem Performance Issues
» Logical Volume Manager — AIX Flavor
» Logical Volume Manager — Solaris Flavor
» Redundant Array of Inexpensive Disks RAID
» The Volume Snapshot Snapshot
» The Filesystem Snapshot Snapshot
» Virtual UNIX Filesystem Logical Filesystem Layout
» Disk Space Upgrade UNIX Filesystem Layout
» User Database — File etcpasswd
» Initialization Template Files UNIX Login Initialization
» User Login Initialization Files
» Systemwide Login Initialization Files
» Restricted User Accounts Users and Secondary Groups
» Assigning User Passwords Standard UNIX Users and Groups
» Managing Disk Usage by Users
» System V Accounting Accounting
» AIX−Flavored Accounting Accounting
» Physical Security Passwords UNIX Lines of Defense
» File Permissions UNIX Lines of Defense
» Backups Password Encryption UNIX Lines of Defense
» Setting Password Restrictions UNIX Lines of Defense
» The Wheel Group Secure Terminals — Other Approaches
» History of the Root Account Tracking User Activities
» The syslogd Daemon The Concept of System Logging
» The Configuration File etcsyslog.conf
» Linux Logging Enhancements The logger Command
» Testing System Logging System Logging Configuration
» The last Command Limiting the Growth of Log Files
» BSD Printing Subsystem UNIX Printing Subsystem
» The lp, lpstat, and cancel Commands
» The etcprintcap File BSD Printer Configuration and the Printer Capability Database
» Filters BSD Printer Configuration and the Printer Capability Database
» The Printer Database Directory Hierarchy on System V
» Setting a Remote Printer on HP−UX
» BSD and AIX Cross−Printing Solaris and BSD Cross−Printing
» Third−Party Printer Spooling Systems
» The tput Command The tset, tput, and stty Commands
» The stty Command The tset, tput, and stty Commands
» The tar Command Tape−Related Commands
» The cpio Command Tape−Related Commands
» The dd Command Tape−Related Commands
» The mt Command Magnetic Tape Devices and Special Device Files
» The SVR3 and SVR4 backup Commands
» The fbackup Command Backup and Dump Commands
» The dumpufsdump Command Backup and Dump Commands
» Interactive Restore The restore Commands
» The frecover Command Restoring Files from a Backup
» Tape Control UNIX Backup and Restore
» The NTP Daemon Network Time Distribution
» The crontab Files Network Time Distribution
» The crontab Command Network Time Distribution
» Linux Approach Network Time Distribution
» Programs Scheduled for a Specific Time
» UNIX and Networking Network Fundamentals
» TCPIP and the Internet ISO OSI Reference Model
» TCPIP Protocol Architecture Computer Networks
» Internet Protocol IP Internet Layer and IP Protocol
» Network Access Layer Transport Layer and TCP and UDP Protocols
» Application Layer TCPIP Layers and Protocols
» IP Address Classes Data Delivery
» Dynamic Routing Internet Routing
» Protocols, Ports, and Sockets
» UNIX Database Files Multiplexing
» The arp Command Address Resolution ARP
» The portmapper Daemon The etcrpc File
» The ifconfig Command Configuring the Network Interface
» The netstat Command Configuring the Network Interface
» The inetd Daemon Super Internet Server
» Further Improvements and Development
» Host Names and Addresses Domain Name Service DNS
» The Local Host Table — etchosts
» Handling the NIC Host Table — A Journey into the Past
» Other Resolver Parameters BIND Configuration
» Name Servers UNIX Name Service — BIND
» The Configuration File etcnamed.boot
» The named.local File The named.cache file
» Subdomains and Parenting BIND Version 8.X.X
» The nslookup Interactive Mode
» A Few Examples of nslookup Usage
» Purpose and Concepts Network Information Service NIS
» To Create an NIS Client NIS Domain Name
» The etcnetgroup File DatabasesNIS Maps
» Security Issues NIS Management
» The showmount Command Mounting Remote Filesystems
» An Example The Automount Maps
» The rlogin Command The rcp Command
» The HOME.rhosts File Using UNIX r−Commands — An Example
» SSH Configuration Secure Shell SSH
» Root Access SSH Installation and User Access Setup
» SSH — Version 2 Secure Shell SSH
» Simple Mail Transport Protocol SMTP
» Rewriting an E−mail Address Pattern Matching
» Address Transformation The Parsing of E−mail Addresses
» Testing Rewrite Rules The sendmail −bt Command
» The Debugging Level Checking the Mail Queue
» Mail Subcommands The Mail Program and .mailrc File
» POP Transactions Post Office Protocol POP
» Internet Message Access Protocol IMAP
» Finger Common UNIX Network Applications
» The ping Command Host Connectivity
» The traceroute Command Host Connectivity
» The X Administration Philosophy
» Window Managers An Introduction to the X Window System
» xdm Configuration Files The X Display Managers
» Vendor−Specific X Flavors — a Configuration Example
» XDMCP Queries The Xaccess File
» Other Access Control Mechanisms
» Components of the xdm−Based User X Environment
» Other Startup Methods The User X Environment
» A Permanent X11 Installation
» Introduction to Kernel Reconfiguration
» Kernel Configuration Database Kernel Reconfiguration
» The config Command BSD−Like Kernel Configuration Approach
» HP−UX 10.x Kernel Configuration
» UNIX and Modems Introduction to Modems
» Terminal Lines and Modem Control
» C−Kermit Third−Party Communication Software
» UUCP Versions UUCP Chat−Transfer Session
» The UUCP Daemons UUCP Commands, Daemons, and Related Issues
» The UUCP Spool Directories and Files
» Additional Security in BNU UUCP
» Additional Security in Version 2 UUCP
» Intranet vs. Internet Introduction to Intranet
» Intranet Design Approach Introduction to Intranet
» Life Cycle of a Virus Virus Types
» The Viruswall Implementation Viruswalls
» Application Proxies SOCKS Proxies
» Web Services Intranet Front−End Services
» Other External Services Intranet Front−End Services
» Network Infrastructure and Desktops
» Dynamic Host Configuration Protocol DHCP
» UNIX and Not−UNIX Platform Integration
» HP−UX Installation UNIX Installation Procedures
» Linux Installation UNIX Installation Procedures
» Solaris Patch Installation HP−UX Patch Installation
» Solaris and Lost Root Password HP−UX and Lost Root Password
» Solaris Procedure to Create an Alternate Boot Partition
» Solaris Recovery of the Failed Mirrored Boot Disk
Show more