Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Log file questions/confusion

  1. #1
    Member
    Join Date
    Apr 2011
    Location
    Durham, NC, USA
    Posts
    31

    Log file questions/confusion

    Hello,

    I'm starting a new thread for this issue to hopefully make it easier to follow in the future.

    I'm trying to configure logging on my box. I've installed knoppix 6.4.4 on my hdd.

    Based on the recommendation (or possibly my misinterpretation of the recommendation) of Mr. Shultz:

    .. there are no loggings to /var/log with Knoppix by default. To change this behaviour rename the file '/etc/syslog-knoppix.conf'.
    So I renamed /etc/syslog.conf to /etc/syslog-orig.conf and renamed /etc/syslog-knoppix.conf to /etc/syslog.conf, but I still don't see anything much in my var/log directory, even after a reboot:

    Code:
    knoppix@Microknoppix:/var/log$ ls /var/log
    ConsoleKit        apt       iptraf            pppstatus          wtmp
    Xorg.0.log        cups      news              samba
    Xorg.0.log.old    dpkg.log  partimage         smail
    alternatives.log  fsck      pm-powersave.log  speech-dispatcher
    knoppix@Microknoppix:/var/log$
    My /etc/syslog-orig.conf file was much longer than the /etc/syslog-knoppix.conf that's now my syslog.conf file.

    Did I not do something right?

    Thanks,
    Charlie

  2. #2
    Now this is an odd question. I have Knoppix 6.2.1 HD install. I also have "Log File Viewer" under "System Tools" on programs list. Additionally when I use "PC Man File Manager", using the second icon bottom left to expand file system, and find /var/log through this method - all my logs are there. You can click on one and read it using "LeafPad". I believe the information you are looking for is there, you need to know how to view it. Use PC Man File Manager. Or, print out a full list of "Bash" commands.

  3. #3
    I do see, however, that the "boot" contained in /var/log is not viewable through leafpad. But other logs are. Maybe the advice you received was referring to the boot log.

  4. #4
    Moderator Moderator
    Join Date
    Nov 2010
    Location
    Germany/ Dietzenbach
    Posts
    1,124
    So I renamed /etc/syslog.conf to /etc/syslog-orig.conf and renamed /etc/syslog-knoppix.conf to /etc/syslog.conf, but I still don't see anything much in my var/log directory, even after a reboot:
    ... oh, no! Do not rename the origin '/etc/syslog.conf', only '/etc/syslog-knoppix.conf'.

    The script '/etc/init.d/knoppix-autoconfig' checks for existence of 'syslog-knoppix.conf'; if 'syslog-knoppix.conf' isn't found, 'syslog.conf' will be used.

    Have a look in both this conf-files and you will see the difference in syslogging.


    Greetings Werner * http://www.wp-schulz.de/knoppix/summary.html
    Own Rescue-CD with Knoppix (Knoppix V6.4.4 remaster)

  5. #5
    Moderator Moderator
    Join Date
    Nov 2010
    Location
    Germany/ Dietzenbach
    Posts
    1,124
    I do see, however, that the "boot" contained in /var/log is not viewable through leafpad. But other logs are. Maybe the advice you received was referring to the boot log.
    ... most of the log-files in '/var/log' only root is allowed to read them.

    Greetings Werner * http://www.wp-schulz.de/knoppix/summary.html
    Own Rescue-CD with Knoppix (Knoppix V6.4.4 remaster)

  6. #6
    Member
    Join Date
    Apr 2011
    Location
    Durham, NC, USA
    Posts
    31
    Quote Originally Posted by Werner P. Schulz View Post
    ... oh, no! Do not rename the origin '/etc/syslog.conf', only '/etc/syslog-knoppix.conf'.

    The script '/etc/init.d/knoppix-autoconfig' checks for existence of 'syslog-knoppix.conf'; if 'syslog-knoppix.conf' isn't found, 'syslog.conf' will be used.

    Have a look in both this conf-files and you will see the difference in syslogging.


    Greetings Werner * http://www.wp-schulz.de/knoppix/summary.html
    Own Rescue-CD with Knoppix (Knoppix V6.4.4 remaster)
    Werner,

    I guess I'm note clear on what I should rename syslog-knoppix.conf to.

    I renamed syslog-knoppix.conf to syslog.conf
    and renamed the existing syslog.conf, so I'd still have it around.

    -Charlie

  7. #7
    Moderator Moderator
    Join Date
    Nov 2010
    Location
    Germany/ Dietzenbach
    Posts
    1,124
    ... the big one of this both files shall have the name 'syslog.conf'; the little one may have any name you like.

    Syslog can't work in Debian art, if '/etc/syslog.conf' isn't found.

  8. #8
    Senior Member registered user
    Join Date
    May 2006
    Location
    Columbia, Maryland USA
    Posts
    1,631
    Hi, Charlie

    I hope this will help.

    You need to get back to where you have the original syslog.conf untouched.

    You also need to have syslog-knoppix.conf named anything but
    syslog.conf or syslog-knoppix.conf;
    syslog-knoppix.conf.orig is ok, just not one of the first two just mentioned.

    If you do this, all the normal logging will return.
    Last edited by utu; 04-18-2011 at 07:25 PM.

  9. #9
    Senior Member
    Join Date
    Jan 2011
    Posts
    242
    Hi Charlie,

    If you're looking at logging out of curiosity then good on you mate. If you looking at logging 'cos you think you can improve on the default configuration then I raise an eyebrow.

    First thing to note is that with the LiveCD (as you have) and the LiveUSB (as I have) system logging is handled by syslog, which is very common on small footprint (aka embedded) systems. On desktop and server systems, system logging is usually handled by rsyslog, which is more robust and has more sophisticated log rotation and compression. I think that the Knoppix install to HD may use rsyslog since I don't have a boot log file and Bo does. It means any advice you get from someone with a HD install may need careful interpretation.

    Second thing is log files are, for the most part, owned by root. Some have read permission for everyone, some do not. While a special purpose app such as the Log Viewer should cope with this, plain pcmanfm and leafpad won't. However, the special purpose app may assume rsyslog is doing the logging and be confused as a result.

    The clean way to get access to other log file is to add the knoppix user to the adm group, log out and log back in again. With a persistent store or HD install you only have to do this once. With the LiveCD you would have to do this every time you reboot.

    There are several reasons why there are only a few log files in /var/log under Knoppix when compared with a normal desktop installation:

    - rsyslog is configured to write log messages to several files in /var/log; syslog is configured to write log message to /dev/tty12, which isn't a real file.
    - many background programs write to log files in /var/log; fewer of these a running under Knoppix than under most desktop installations.
    - /var/log is on a temporary file system so the slate is wiped clean with every reboot.

    This last makes post mortem examination of log files impossible with the LiveCD. That is one reason why KK chose to send syslog output to a console.

    By default, log files get longer and longer over time. On a desktop system, log rotation and compression strategies keep this manageable. You don't have this under Knoppix - syslog output goes to a console. You could change this to write messages to an ordinary file but as this file get longer it eats up memory. If you've a fancy new laptop with 3 Gb of memory like utu, you won't notice this for quite some time. If you have an old laptop with 512 kb RAM or less you can run Knoppix but you may quickly run out of memory and then Knoppix won't run so well.

    On the other hand, you could redirect the log to a file on a file system on a USB stick. You won't run out of memory and the log should survive a reboot.

    When utu said rename syslog-knoppix.conf he meant rename the syslog file declared in syslog-knoppix.conf:

    Code:
    *.*;auth,authpriv.none    /dev/tty12
    Replace /dev/tty12 with the path the file that you choose you want to log to.

    For that to take effect you will need to restart the system logger:

    Code:
    sudo kill -SIGHUP `cat /var/run/syslogd.pid`
    When you reboot the syslog configuration will revert to the default.

    To find out more about the system logger and its configuration file, have a read of:

    Code:
    man syslogd
    man syslog.conf
    Cheers,

  10. #10
    Member
    Join Date
    Apr 2011
    Location
    Durham, NC, USA
    Posts
    31
    Quote Originally Posted by Forester View Post
    Hi Charlie,

    If you're looking at logging out of curiosity then good on you mate. If you looking at logging 'cos you think you can improve on the default configuration then I raise an eyebrow.

    First thing to note is that with the LiveCD (as you have) and the LiveUSB (as I have) system logging is handled by syslog, which is very common on small footprint (aka embedded) systems. On desktop and server systems, system logging is usually handled by rsyslog, which is more robust and has more sophisticated log rotation and compression. I think that the Knoppix install to HD may use rsyslog since I don't have a boot log file and Bo does. It means any advice you get from someone with a HD install may need careful interpretation.

    Thanks, Forester, you clarified things quite a bit.

    I've actually installed to my hdd. The main reason I wanted the logs to go to my HDD was so that I could post snippets of them to try to troubleshoot the problems I'm having with losing my wireless connection.

    So I renamed everything back and mimiced utu's syslog-knoppix.conf:

    Code:
    # /etc/syslog-knoppix.conf
     # Configuration file for syslogd started from /etc/init.d/knoppix-autoconfig
     #
     # This file is here merely to avoid logging to the system console when
     # programs do an openlog() with LOG_CONS, which would clutter the output for
     # screenreaders. acpid is known to do that.
    
     # Normal logging messages go to /dev/tty12, except for passwords
     *.*;auth,authpriv.none /dev/tty12
    
     # ONLY Emergency messages are allowed to go to all consoles.
     *.emerg *
    
     # Add back kern.log and syslog
     kern.* /var/log/kern.log
     *.*;auth,authpriv.none /var/log/syslog

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •