Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How to use Syslog to know your Linux system

2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/01 Report--

This article will explain in detail how to use the system log to understand your Linux system. The editor thinks it is very practical, so I share it with you as a reference. I hope you can get something after reading this article.

The Linux system log is very important. Programs running in the background (often referred to as daemons or service processes) handle most of the tasks on your Linux system. When these daemons work, they record the details of the task in a log file as "historical" information about what they have done. The work of these daemons ranges from synchronizing clocks with atomic clocks to managing network connections. All of this is recorded in a log file so that when an error occurs, you can see what happened by looking at a specific log file.

Photo by Markus Spiske on Unsplash

There are many different logs on your Linux computer. Historically, they have generally been stored in the / var/log directory in plain text format. There are still a lot of logs that do this, and you can easily use less to view them.

On the new openSUSE Leap 42.3 and most modern operating systems, important logs are stored by the systemd initialization system. The systemd system is responsible for starting the daemon and preparing the computer for use when the system starts. Logs recorded by systemd are stored in binary format, which makes them less space-intensive, easier to browse, and easier to export to various other formats, but the downside is that you have to use specific tools to view them. Fortunately, this tool is pre-installed on your system: its name is journalctl, and by default, it logs all logs for each daemon in one place.

Just run the journalctl command to view your systemd log. It uses the less pager to display various logs. To give you an intuitive feel, here is a log record excerpted from journalctl:

Jul 06 11:53:47 aaathats3as pulseaudio [2216]: [pulseaudio] alsa-util.c: Disabling timer-based scheduling because running inside a VM.

This separate log record thus contains the date and time of the record, the computer name, the name of the process that recorded the log, the PID of the process that recorded the log, and the log content itself.

If there is something wrong with the running of a program in the system, you can view the log file and search (use / add the keyword to search) the program name. Errors that may cause problems with the program are logged in the system log. Sometimes, the error message is detailed enough to allow you to fix the problem. At other times, you need to search for solutions on Web. Google is perfect for searching for strange Linux problems. However, when searching, please note that you only enter the actual contents of the log, and the information at the beginning of the line (date, hostname, process ID) is meaningless to the search and will interfere with the search results.

The solution is usually found in the first few connections of the search results. Of course, you can't just run the commands you found on the Internet: be sure to figure out what you're going to do and what it's going to do. It is said that searching for specific entries in the system log is much more useful than directly describing the general keywords for the fault. Because there are many reasons for program errors, and the same failure performance can also be caused by a variety of problems.

For example, there are many reasons why the system cannot produce sound. It may be that the player is not plugged in, the sound system may fail, or it may be the lack of a suitable driver. If you only describe the fault performance in general, you will find a lot of irrelevant solutions, and you will waste a lot of time. If you specialize in searching for the actual content in the log file, you may find that other people have the same log content.

You can compare figure 1 with figure 2.

Figure 1 the fault performance of the search system will only show general and inaccurate results. This kind of search is usually useless.

Figure 2 searching for specific log lines shows accurate and useful results. This kind of search is usually useful.

There are also some systems that do not use journalctl to log. The most common type of log on the desktop includes / var/log/zypper.log;, which records the behavior of the openSUSE package manager, and / var/log/boot.log, which records messages at startup, which tend to scroll so fast that you can't see them at all; / var/log/ntp is used to record errors that occur when the Network Time Protocol (NTP) daemon synchronizes. Another place to store hardware failure information is the "Kernel Ring Buffer" (kernel ring buffer), which you can view by typing the demesg-H command (which also calls the less pager). "Kernel Ring Buffer" is stored in memory and will be lost when the computer is rebooted. But it contains important events in the Linux kernel, such as new hardware, loaded modules, and strange network errors.

This is the end of this article on "how to use Syslog to know your Linux system". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report