Logging
Overview
Log files contain messages about the system, including the kernel, services, and applications running on it. There are different log files for different information. For example, there is a default system log file, a log file just for security messages, and a log file for cron tasks.
Some log files are controlled by a daemon called syslogd. A list of log messages maintained by syslogd can be found in the /etc/syslog.conf configuration file.
Locating Log Files
Most log files are located in the /var/log directory. Some applications such as httpd and samba have a directory within /var/log for their log files.
Notice the multiple files in the log file directory with numbers after them. These are created when the log files are rotated. Log files are rotated so their file sizes do not become too large. The logrotate package contains a cron task that automatically rotates log files according to the /etc/logrotate.conf configuration file and the configuration files in the /etc/logrotate.d directory. By default, it is configured to rotate every week and keep four weeks worth of previous log files.
Viewing Log Files
Most log files are in plain text format. You can view them with any text editor such as Vi or Emacs. Some log files are readable by all users on the system; however, root priviledges are required to read most log files.
To view system log files in an interactive, real-time application, use the Log Viewer. To start the application:
Main Menu Button --> System Tools --> System Logsor type the command redhat-logviewer at a shell prompt.
Log Viewer
The application only displays log files that exist. To view the complete list of log files that it can view, refer to the configuration file, /etc/sysconfig/redhat-logviewer.
By default, the currently viewable log file is refreshed every 30 seconds. To change the refresh rate, select:
Edit --> Preferences --> Log Files tabClick the up and down arrows beside the refresh rate to change it. Click Close to return to the main window. The refresh rate is changed immediately.
To refresh the currently viewable file manually, select: File --> Refresh Now or press <Ctrl>-R.
To filter the contents of the log file for keywords, type the keyword or keywords in the Filter for text field, and click Filter. Click Reset to reset the contents.
You can also change where the application looks for the log files from the Log Files tab. Select the log file from the list, and click the Change Location button. Type the new location of the log file or click the Browse button to locate the file location using a file selection dialog. Click OK to return to the preferences, and click Close to return to the main window.
Alerts
Log Viewer can be configured to display an alert icon beside lines that contain key alert words. To add alerts words, select:
Edit --> Preferences --> Alerts tab --> Add button.To delete an alert word, select the word from the list, and click Delete.