Shulou(Shulou.com)06/01 Report--

This article is about how to understand the LINUX log, the editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

Everyone who uses UNIX/LINUX knows the use of logs, do you know the context of LINUX log information processing?

I finally have some experience through the stubbornness of the source code for nearly a month.

We can see that there are basically two ways to log LINUX system information:

1 > dmesg View-this command is quite common

2 > Files under / var/log/

Then we will start from these two ways and go on step by step.

First of all, let's take a look at what is hidden behind the common command dmesg!

1 > Let's MAN this guy first.

-man dmesg

-man dmesg

NAME

Dmesg-print or control the kernel ring buffer

SYNOPSIS

Dmesg [- c] [- n level] [- s bufsize]

DESCRIPTION

Dmesg is used to examine or control the kernel ring

Buffer.

The program helps users to print out their bootup mes-

Sages. Instead of copying the messages by hand, the user

Need only:

Dmesg > boot.messages

And mail the boot.messages file to whoever can debug their

Problem.

OPTIONS

-c Clear the ring buffer contents after printing.

-sbufsize

Use a buffer of size bufsize to query the kernel

Ring buffer. This is 16392 by default. (The

Default kernel syslog buffer size was 4096 at

First, 8192 since 1.3.54, 16384 since 2.1.113.) If

You have set the kernel buffer to be larger than

The default then this option can be used to view

The entire buffer.

-nlevel

Set the level at which logging of messages is done

To the console. For example,-n 1 prevents all

Messages, expect panic messages, from appearing on

The console. All levels of messages are still

Written to / proc/kmsg, so syslogd (8) can still be

Used to control exactly where kernel messages

Appear. When the-n option is used, dmesg will not

Print or clear the kernel ring buffer.

When both options are used, only the last option on

The command line will have an effect.

From the manual provided by LINUX, we can know that one of the most important information dmesg reads from kernel's ring buffer (Ring buffer Zone).

-over man--

-over man--

2 > then what is ring buffer?

In LINUX, all system information (package kernel information) is transmitted to ring buffer. The information generated by the kernel is printed out by printk (). The information you see when the system starts is printed to the screen by this function. The messages typed by printk () often use... The numbers here indicate the importance of the message. Higher than a certain priority will be printed to the screen, otherwise it will only be retained in the system buffer (ring buffer).

As for how dmesg is read from ring buffer, you can look at the dmesg.c source code. It's short and easy to read.

What's wrong with dmesg should be clear to everyone. As for the documents under / var/log/, we are all too familiar with them.

1 > / var/log/.. Why are there so many documents?

The syslogd daemon records the Log generated by different services in different files according to / etc/syslog.conf.

I will not elaborate on the / etc/syslog.conf here, a lot of information about this (check it out).

2 > now that we know, / var/log/.. Is generated by the syslogd daemon. Then follow this line again.

After the LINUX system starts, / etc/init.d/sysklogd starts two klogd,syslogd daemons successively.

Where klogd will get the kernel printk () from the system buffer (ring buffer) through the syslog () system call or read the proc file system.

A message sent out. Syslogd reads the kernel information of the system through klogd.

I think at this point, everyone's psychology should feel a series of actions such as log generation, reading and so on. If not, please check your IQ.

For people who don't understand:

To sum up:

1 > all system information is output to ring buffer. Dmesg display is also read from ring buffer.

2 > on the LINUX system, / etc/init.d/sysklogd starts two daemons: Klogd&&Syslogd

3 > klogd is responsible for reading kernel information. There are two ways:

Syslog () system call (this function is fully used, let's go to MAN to have a look)

Read / proc/kmsg directly (again, / proc/kmsg is a place where kernel information is output)

4 > the output of Klogd will be sent to syslogd for processing, and syslogd will send log according to the configuration of / etc/syslog.conf.

The information is output to different files under / var/log/.

Redhat linux knowledge base

The above is how to understand the LINUX log, the editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.