Hello,

I'm starting a new thread for this issue to hopefully make it easier to follow in the future.

I'm trying to configure logging on my box. I've installed knoppix 6.4.4 on my hdd.

Based on the recommendation (or possibly my misinterpretation of the recommendation) of Mr. Shultz:


.. there are no loggings to /var/log with Knoppix by default. To change this behaviour rename the file '/etc/syslog-knoppix.conf'.


So I renamed /etc/syslog.conf to /etc/syslog-orig.conf and renamed /etc/syslog-knoppix.conf to /etc/syslog.conf, but I still don't see anything much in my var/log directory, even after a reboot:


knoppix@Microknoppix:/var/log$ ls /var/log
ConsoleKit apt iptraf pppstatus wtmp
Xorg.0.log cups news samba
Xorg.0.log.old dpkg.log partimage smail
alternatives.log fsck pm-powersave.log speech-dispatcher
knoppix@Microknoppix:/var/log$


My /etc/syslog-orig.conf file was much longer than the /etc/syslog-knoppix.conf that's now my syslog.conf file.

Did I not do something right?

Thanks,
Charlie

Now this is an odd question. I have Knoppix 6.2.1 HD install. I also have "Log File Viewer" under "System Tools" on programs list. Additionally when I use "PC Man File Manager", using the second icon bottom left to expand file system, and find /var/log through this method - all my logs are there. You can click on one and read it using "LeafPad". I believe the information you are looking for is there, you need to know how to view it. Use PC Man File Manager. Or, print out a full list of "Bash" commands.

I do see, however, that the "boot" contained in /var/log is not viewable through leafpad. But other logs are. Maybe the advice you received was referring to the boot log.

So I renamed /etc/syslog.conf to /etc/syslog-orig.conf and renamed /etc/syslog-knoppix.conf to /etc/syslog.conf, but I still don't see anything much in my var/log directory, even after a reboot:
... oh, no! Do not rename the origin '/etc/syslog.conf', only '/etc/syslog-knoppix.conf'.

The script '/etc/init.d/knoppix-autoconfig' checks for existence of 'syslog-knoppix.conf'; if 'syslog-knoppix.conf' isn't found, 'syslog.conf' will be used.

Have a look in both this conf-files and you will see the difference in syslogging.


Greetings Werner * http://www.wp-schulz.de/knoppix/summary.html
Own Rescue-CD with Knoppix (Knoppix V6.4.4 remaster)

I do see, however, that the "boot" contained in /var/log is not viewable through leafpad. But other logs are. Maybe the advice you received was referring to the boot log. ... most of the log-files in '/var/log' only root is allowed to read them.

Greetings Werner * http://www.wp-schulz.de/knoppix/summary.html
Own Rescue-CD with Knoppix (Knoppix V6.4.4 remaster)

... oh, no! Do not rename the origin '/etc/syslog.conf', only '/etc/syslog-knoppix.conf'.

The script '/etc/init.d/knoppix-autoconfig' checks for existence of 'syslog-knoppix.conf'; if 'syslog-knoppix.conf' isn't found, 'syslog.conf' will be used.

Have a look in both this conf-files and you will see the difference in syslogging.


Greetings Werner * http://www.wp-schulz.de/knoppix/summary.html
Own Rescue-CD with Knoppix (Knoppix V6.4.4 remaster)

Werner,

I guess I'm note clear on what I should rename syslog-knoppix.conf to.

I renamed syslog-knoppix.conf to syslog.conf
and renamed the existing syslog.conf, so I'd still have it around.

-Charlie

... the big one of this both files shall have the name 'syslog.conf'; the little one may have any name you like.

Syslog can't work in Debian art, if '/etc/syslog.conf' isn't found.

Hi, Charlie

I hope this will help.

You need to get back to where you have the original syslog.conf untouched.

You also need to have syslog-knoppix.conf named anything but
syslog.conf or syslog-knoppix.conf;
syslog-knoppix.conf.orig is ok, just not one of the first two just mentioned.

If you do this, all the normal logging will return.

Hi Charlie,

If you're looking at logging out of curiosity then good on you mate. If you looking at logging 'cos you think you can improve on the default configuration then I raise an eyebrow.

First thing to note is that with the LiveCD (as you have) and the LiveUSB (as I have) system logging is handled by syslog, which is very common on small footprint (aka embedded) systems. On desktop and server systems, system logging is usually handled by rsyslog, which is more robust and has more sophisticated log rotation and compression. I think that the Knoppix install to HD may use rsyslog since I don't have a boot log file and Bo does. It means any advice you get from someone with a HD install may need careful interpretation.

Second thing is log files are, for the most part, owned by root. Some have read permission for everyone, some do not. While a special purpose app such as the Log Viewer should cope with this, plain pcmanfm and leafpad won't. However, the special purpose app may assume rsyslog is doing the logging and be confused as a result.

The clean way to get access to other log file is to add the knoppix user to the adm group, log out and log back in again. With a persistent store or HD install you only have to do this once. With the LiveCD you would have to do this every time you reboot.

There are several reasons why there are only a few log files in /var/log under Knoppix when compared with a normal desktop installation:

- rsyslog is configured to write log messages to several files in /var/log; syslog is configured to write log message to /dev/tty12, which isn't a real file.
- many background programs write to log files in /var/log; fewer of these a running under Knoppix than under most desktop installations.
- /var/log is on a temporary file system so the slate is wiped clean with every reboot.

This last makes post mortem examination of log files impossible with the LiveCD. That is one reason why KK chose to send syslog output to a console.

By default, log files get longer and longer over time. On a desktop system, log rotation and compression strategies keep this manageable. You don't have this under Knoppix - syslog output goes to a console. You could change this to write messages to an ordinary file but as this file get longer it eats up memory. If you've a fancy new laptop with 3 Gb of memory like utu, you won't notice this for quite some time. If you have an old laptop with 512 kb RAM or less you can run Knoppix but you may quickly run out of memory and then Knoppix won't run so well.

On the other hand, you could redirect the log to a file on a file system on a USB stick. You won't run out of memory and the log should survive a reboot.

When utu said rename syslog-knoppix.conf he meant rename the syslog file declared in syslog-knoppix.conf:


*.*;auth,authpriv.none /dev/tty12Replace /dev/tty12 with the path the file that you choose you want to log to.

For that to take effect you will need to restart the system logger:


sudo kill -SIGHUP `cat /var/run/syslogd.pid`When you reboot the syslog configuration will revert to the default.

To find out more about the system logger and its configuration file, have a read of:


man syslogd
man syslog.conf
Cheers,

Hi Charlie,

If you're looking at logging out of curiosity then good on you mate. If you looking at logging 'cos you think you can improve on the default configuration then I raise an eyebrow.

First thing to note is that with the LiveCD (as you have) and the LiveUSB (as I have) system logging is handled by syslog, which is very common on small footprint (aka embedded) systems. On desktop and server systems, system logging is usually handled by rsyslog, which is more robust and has more sophisticated log rotation and compression. I think that the Knoppix install to HD may use rsyslog since I don't have a boot log file and Bo does. It means any advice you get from someone with a HD install may need careful interpretation.




Thanks, Forester, you clarified things quite a bit.

I've actually installed to my hdd. The main reason I wanted the logs to go to my HDD was so that I could post snippets of them to try to troubleshoot the problems I'm having with losing my wireless connection.

So I renamed everything back and mimiced utu's syslog-knoppix.conf:



# /etc/syslog-knoppix.conf
# Configuration file for syslogd started from /etc/init.d/knoppix-autoconfig
#
# This file is here merely to avoid logging to the system console when
# programs do an openlog() with LOG_CONS, which would clutter the output for
# screenreaders. acpid is known to do that.

# Normal logging messages go to /dev/tty12, except for passwords
*.*;auth,authpriv.none /dev/tty12

# ONLY Emergency messages are allowed to go to all consoles.
*.emerg *

# Add back kern.log and syslog
kern.* /var/log/kern.log
*.*;auth,authpriv.none /var/log/syslog

... I'll try it once more.

If you have an untouched HD-Installation or installation to usb-stick with persistent memory "syslog" uses '/etc/syslog-knoppix.conf'.

If you hide '/etc/syslog-knoppix.conf' (by renaming it), "syslog" uses '/etc/syslog.conf'.

Why? You'll find the explanation for this behaviour in '/etc/init.d/knoppix-autoconfig' in the scriptblock 'start_log()'.

This doesn't work with CD-(DVD-)Live-Session!

Not yet mentioned: to prevent "run out of memory", logrotation of all files in /var/log is needed; logrotation will done by '/etc/cron.daily/logrotate'.

And for propper working of "cron" ('/etc/crontab') additional "anacron" must be installed! It is not installed in Knoppix by default.

Now you have logrotation of all the files in '/var/log'.

Greetings Werner * http://www.wp-schulz.de/knoppix/summary.html
Own Rescue-CD with Knoppix (Knoppix V6.4.4 remaster)