Suse 9: Logs management

SuSE's log management is similar to the one used on every Unix.

The Syslog service, configured via the usual /etc/syslog.conf file manages the system's logs.
Its default configurations are quite common in some parts:
/var/log/messages receives every log except mail and news;
/var/log/mail has all the logs about the mail system, who are also divided in further files according to the debug level: mail.info mail.warn mail.err;
/var/log/news/ directory contains all the logs about the news service;
Other useful settings are:
/var/log/localmessages receives all the messages from the local facilities (from local0 to local 7);
/dev/tty10 displays kernel warnings and all the errors (Alt+F10 to see them).
/var/log/warn collects all the system warnings, errors and critical messages.
The syslogd used is the typical Linux variant of the BSD syslogd with support for a separated kernel logging daemon (klogd).

Log rotation facilities are, by deafult, left in the flexible hands of logrotate whose main configuration file /etc/logrotate.conf is configured to add all the configuration includes in the /etc/logrotate.d/ directory.
The default settings provide a weekly rotation with a total retention of 4 weeks, but the configuration includes for single services (apache, samba, squid, fetchmail etc) tend to rotate logs when they reach a fixed size and keep a retention of 99 archived log files.

Other interesting logs are:
/var/log/update-messages displays verbose messages and readmes about some updated packages;
/var/log/SaX.log /var/log/XFree86.0.log /var/log/kdm.log all provide (similar) logs about the X Window system;
/var/log/boot.msg sums up both the kernel and the system's services log related to the last boot;
/var/log/YaST2/ directory contains all the logs about YaST, amonth these you find y2logRPM (the list of the installed RPMs).

If you install the sysreport package you can find the sar logs in the /var/log/sa/ directory.  

Privacy Policy