Chapter 24. Viewing and Managing Log Files

Log files are files that contain messages about the system, including the kernel, services, and applications running on it. There are different log files for different information. For example, there is a default system log file, a log file just for security messages, and a log file for cron tasks.
Log files can be very useful when trying to troubleshoot a problem with the system such as trying to load a kernel driver or when looking for unauthorized login attempts to the system. This chapter discusses where to find log files, how to view log files, and what to look for in log files.
Some log files are controlled by a daemon called rsyslogd. The rsyslogd daemon is an enhanced replacement for previous sysklogd, and provides extended filtering, encryption protected relaying of messages, various configuration options, input and output modules, support for transportation via the TCP or UDP protocols. Note that rsyslog is compatible with sysklogd.

24.1. Installing rsyslog

Version 5 of rsyslog, provided in the rsyslog package, is installed by default in Red Hat Enterprise Linux 6. If required, to ensure that it is, issue the following command as root:
~]# yum install rsyslog
Loaded plugins: product-id, refresh-packagekit, subscription-manager
Package rsyslog-5.8.10-10.el6_6.i686 already installed and latest version
Nothing to do

24.1.1. Upgrading to rsyslog version 7

Version 7 of rsyslog, provided in the rsyslog7 package, is available in Red Hat Enterprise Linux 6. It provides a number of enhancements over version 5, in particular higher processing performance and support for more plug-ins. If required, to change to version 7, make use of the yum shell utility as described below.

Procedure 24.1. Upgrading to rsyslog 7

To upgrade from rsyslog version 5 to rsyslog version 7, it is necessary to install and remove the relevant packages simultaneously. This can be accomplished using the yum shell utility.
  1. Enter the following command as root to start the yum shell:
    ~]# yum shell
    Loaded plugins: product-id, refresh-packagekit, subscription-manager
    The yum shell prompt appears.
  2. Enter the following commands to install the rsyslog7 package and remove the rsyslog package.
    > install rsyslog7
    > remove rsyslog
  3. Enter run to start the process:
    > run
    --> Running transaction check
    ---> Package rsyslog.i686 0:5.8.10-10.el6_6 will be erased
    ---> Package rsyslog7.i686 0:7.4.10-3.el6_6 will be installed
    --> Finished Dependency Resolution
     Package        Arch     Version           Repository                  Size
     rsyslog7       i686     7.4.10-3.el6_6    rhel-6-workstation-rpms    1.3 M
     rsyslog        i686     5.8.10-10.el6_6   @rhel-6-workstation-rpms   2.1 M
    Transaction Summary                                                 
    Install  1 Package
    Remove   1 Package
    Total download size: 1.3 M
    Is this ok [y/d/N]:y
  4. Enter y when prompted to start the upgrade.
  5. When the upgrade is completed, the yum shell prompt is displayed. Enter quit or exit to exit the shell:
    Finished Transaction
    > quit
    Leaving Shell
For information on using the new syntax provided by rsyslog version 7, see Section 24.4, “Using the New Configuration Format”.