Fedora Linux

of a pathname will prevent syslogd from flushing the buffers to disk after each write, a performance-eating behavior that increases the chance that a message describing the cause of a crash will make it onto the disk.

@ host

Messages are forwarded to syslogd on the remote host .

user,user,user,...

Messages are written to the terminals of any of these users who are currently logged in.

*

Messages are written to the terminals of all logged-in users.

The order of the lines in the configuration file does not matter; every line is checked against each incoming message, so messages may be sent to multiple destinations.

The default configuration file routes messages according to Table 8-5 ; as you can see, /var/log/messages is the prime source of information about the state of the system.

Table 8-5. Message routing as configured in the default syslog configuration file

Type of message	Destination
Everything except mail, authentication, and cron messages, with a priority of info or higher	/var/log/messages
Authentication messages (which may contain private information)	/var/log/secure
Mail	/var/log/maillog
Cron	/var/log/cron
All messages of emerg level or higher	The terminals of all logged-in users
UUCP and news messages of crit level or higher	/var/log/spooler
Boot messages	/var/log/boot.log

8.7.1.1. Interpreting /var/log/messages

The /var/log/messages logfile contains entries similar to this:

May 31 10:40:58 laptop3 dhclient: DHCPREQUEST on eth0 to 172.16.97.254 port 67
May 31 10:40:58 laptop3 dhclient: DHCPACK from 172.16.97.254

May 31 10:40:58 laptop3 dhclient: bound to 172.16.97.100 -- renewal in 34387 seconds.

May 31 20:14:05 laptop3 dhclient: DHCPREQUEST on eth0 to 172.16.97.254 port 67
May 31 20:14:05 laptop3 dhclient: DHCPACK from 172.16.97.254

May 31 20:14:05 laptop3 dhclient: bound to 172.16.97.100 -- renewal in 41631 seconds.

Each entry consists of a date, time, hostname ( laptop3 in this example), program name or other prefix ( dhclient ), and a text message. Note that the facility and priority are not recorded in the logfile.

Since the /var/log/message file can be very large, it's worthwhile using a tool such as grep to search for specific records. For example, you can view all of the kernel messages with the command:

$ grep kernel /var/log/messages

May 30 04:23:08 bluesky kernel: SELinux: initialized (dev hdd, type iso9660), uses genfs_contexts

May 31 20:48:40 bluesky kernel: atkbd.c: Unknown key pressed (translated set 2, code 0x85 on isa0060/serio0).

May 31 20:48:40 bluesky kernel: atkbd.c: Use 'setkeycodes e005 <keycode>' to make it known.

May 31 21:14:54 bluesky kernel: cdrom: This disc doesn't have any tracks I recognize!

8.7.1.2. Creating your own logfile entries

You can generate syslog messages using the logger command-line tool. Simply provide your text as arguments:

$ logger Added host lightning to /etc/hosts

The message recorded in /var/log/messages contains the username as the prefix:

Jun 1 02:32:59 darkday chris: Added host lightning to /etc/hosts

It's convenient to log information about changes you have made on the system in this way, entering them as you work. Your notes will be interleaved with system-generated log messages, making it easy to see the