left of the entry, you will see the date and time that the log entry was written. This is
followed by the hostname. Since
syslog
has the capability to send log messages to
remote hosts, like a central log host, the hostname is important to be able to separate
one entry from another if you are writing logs from multiple hosts into the same log
file. After the hostname is the process name and PID. Most of these entries are from
the process named
realmd
that has a PID 803.
Example 1-11. Partial auth.log contents
Oct 29 21:10:40 rosebud realmd[803]: Loaded settings from:
/usr/lib/realmd/realmd-defaults.conf /usr/lib/realmd/realmd-distro.conf
Oct 29 21:10:40 rosebud realmd[803]: holding daemon: startup
Oct 29 21:10:40 rosebud realmd[803]: starting service
Oct 29 21:10:40 rosebud realmd[803]: connected to bus
Oct 29 21:10:40 rosebud realmd[803]: released daemon: startup
Oct 29 21:10:40 rosebud realmd[803]: claimed name on bus: org.freedesktop.realmd
Oct 29 21:10:48 rosebud gdm-password]: pam_unix(gdm-password:session): session opened
for user root by (uid=0)
The challenging part of the log isn’t the preamble, which is created and written by the
syslog
service, but the application entries. What we are looking at here is easy enough
to understand. However, the contents of the log entries are created by the application
itself, which means the programmer has to call functions that generate and write out
the log entries. Some programmers may be better about generating useful and under‐
standable log entries than others. Once you have gotten used to reading logs, you’ll
start to understand what they are saying. If you run across a log entry that you really
need but you don’t understand, internet search engines can always help find someone
who has a better understanding of that log entry. Alternately, you can reach out to the
software development team for help.
Not all logs run through
syslog
, but all system-related logs do. Even when
syslog
doesn’t manage the logs for an application, as in the case of the Apache web server,
the logs are still likely to be in
/var/log/
. In some cases, you may have to go searching
for the logs. This may be the case with some third-party software that installs to
/opt
.
Summary
Linux has a long history behind it, going back to the days when resources were very
constrained. This has led to some arcane commands whose purpose was to allow
users (primarily programmers) to be efficient. It’s important to find an environment
that works well for you so you too can be efficient in your work. Here are some key
points to take away from this chapter:
