System Logs

From Webmin Documentation
(Redirected from SystemLogs)
Jump to: navigation, search

The System Logs page provides a facility to control log files created by the operating system.

Introduction to logging

Many Linux servers and daemons generate log messages for errors, warnings, requests and diagnostic information. In most cases, these logs are not written directly to a file instead, they are passed to the Unix logging program syslog which decides what to do with each log message. Logs can be written to a file, sent to another server, passed to another program via a pipe or even broadcast to all users logged into the system. Different types of messages from different servers can be logged using each of these methods.

Normally logs are written to files in the /var/log directory. On most Linux distributions the file /var/log/messages contains general information, error and warning messages, the file /var/log/mail records incoming and outgoing mail, and /var/log/secure records successful and failed logins. However, your system may have a totally different syslog configuration and so use different logfiles.

Each log message that is sent to syslog has three attributes: the program that it comes from, a facility and a priority. The facility classifies the message, indicating which part of the system it is coming from. Facilities that are recognized on Linux are:

all - auth - authpriv - cron - daemon - kern - lpr - news - mail - mark - syslog - user - uucp - user - local1 - ... - local7

The priority or log level associated with each message indicates how serious it is. Many servers generate messages with low priorities that contain only diagnostic or debugging information, which can safely be ignored. However, messages with higher priorities indicate a serious problem with a server or possibly the entire system. The recognized priorities on Linux (in order from least to most serious) are:

debug - info - notice - warning - err - crit - alert - emerg

The file /etc/syslog.conf contains the syslog configuration that controls which messages are logged to which files and destinations. Webmin reads and modifies this file directly to change your system's logging settings, and reads from the files in /var/log to display log messages.

Not all logs generated by all programs are controlled by syslog. For example, the Apache webserver directly writes to a log file that records every HTTP request that it receives. Other programs like Squid Proxy Server and QMail Mail Server also have their own private log files that are not under the control of syslog and so cannot be configured using the System Logs Webmin module. Some of these servers can be configured to log via syslog, but this is never the default and is usually a bad idea for programs that generate large numbers of log messages, such as Apache Webserver.

The System Logs module

If you want to view log files on your system and configure where log messages are recorded, the System Logs module under the System category is the place to go. The main page of the module lists all files and other destinations that syslog is currently logging to, as shown below. For each log destination, its active status and the facilities and priorities that are logged to it are displayed.

The System Logs module

Even if you don't want to change existing logging settings, you can use the module to view a log file by clicking on its View link. This will take you to a page showing the last 20 lines of the file, with a Refresh button at the bottom to reload the page or increase the number of lines displayed. Only logs written to normal files can be viewed - those send to another server, to users, to a named pipe or to a device file cannot be read by Webmin.

Adding a new log file

Because the messages written to each log destination have no effect on other destinations, you can add a new log file without effecting any of the existing ones. This can be useful if there is some information that you want to see but which is not currently being recorded, or if you want to separate out messages of a particular facility or priority into a different file from the one that they are currently being logged to.

To add a new log file or destination, the steps to follow are:

  1. On the main page of the System Logs module, click on the *Add a new system log* link above or below the list of existing log files. This will take you to the form shown in the screenshot below for entering the details of the new log destination.
  2. The Log to field controls where messages are written to. You must select one of the five choices, which are:
    If this option is selected, you must enter the name of a file to write logs to into the text field next to it. Log lines will be appended to the file, which will be created if it does not exist. To ensure that syslog forces each line to be written to disk after adding it, select the Sync after each message? option. Unless you are trying to reduce hard disk activity on your system (such as on a laptop), it is wise to leave this option selected. It is possible to create more than one log that writes to the same file. This can be done safely without worrying that messages from one will overwrite another.
    Named pipe
    A named pipe is a special file that can be written to by one program and read by another. If you want log messages to be written to a pipe, first create it and then enter its path into the field next to this option.
    Syslog server on
    This option can be used to pass some or all of the log messages from your system to another server, assuming it is running syslog as well. If selected, the hostname or IP address of the remote server must be entered into the text field next to the option. Logs written to a remote server are safe from attackers who break into your system, unlike local log files.
    Local users
    If this option is selected, log messages will be broadcast to any of the users listed in the text box next to the option. Users must be logged in via SSH, telnet or at the console to receive log messages.
    All logged-in users
    Like the previous option, but messages will be sent to all logged in users. This should only be used for logging really serious errors, in order to avoid annoying people.
  3. The Logging active? field determines whether this log is enabled or not. If set to No, the syslog.conf entry for the log will be commented out and nothing will be sent to the chosen destination.
  4. The Message types to log section controls which messages are written to the log destination. It is composed of two parts - Facilities and Priorities. A message will only be logged if it matches both the selected facilities and the selected priorities. For the Facilities, you can either select a single facility from the menu, select the All option to include all of them, or enter a list of facilities separated by spaces into the Many text field. For the Priorities, you can select None to indicate that no messages of the select facilities will be logged, select All to log messages of any priority, or choose one of the range options from the menu (At or above, Exactly, Below or All except) and choose a priority from the final menu. This last option limits logging to messages of one or more priorities depending on your range type and priority selection. When creating a new log, you can only select one set of facilities and one range of priorities. However, after saving if you re-edit the log you can add an additional row specifying facilities and priorities so that more than one type of message is logged. It is even possible to use the None option under Priorities to exclude some facilities that were included by a previous row.
  5. When done making your selections on the form, click the Create button. As long as there are no errors, you will be returned to the main page of the module.
  6. Click the Apply Changes button to make your new log destination active.
Edit system log

Editing or deleting a log file

Any of the existing logs shown on the main page of the module can be edited or deleted using Webmin. However, you should be careful when changing destinations that were included in the system's default configuration, as important messages may no longer be logged. Even changing the filename that logs are written to could cause problems, as many Linux distributions include software to automatically truncate the standard log files to prevent them from taking up too much disk space.

To change a log, the steps to follow are:

  1. On the main page of the module, click on the destination of the log that you want to edit. This will take you to an editing form that is almost identical to the creation form shown in the image above.
  2. Change any of the existing settings, such as the destination type, log file or active status. You can also change which facilities and priorities are logged by adding to or editing the rows in the Message types to log section. There will always be one blank row for selecting new facilities and a new priority range, as explained in the Adding a new log file section.
  3. When done, click the Save button. As long as you have made no errors in the form, your browser will return to the module's main page.
  4. Click the Apply Changes button to make your changes active.

To delete a log, follow these steps:

  1. On the main page of the module, click on the destination of the log that you want to delete.
  2. Click the Delete button at the bottom of the page. This will stop logging to the destination, but will not delete any log files that have already been written - you can do that manually if you wish.
  3. Back on the main page, click the Apply Changes button to make the change active.

Module access control

The System Logs module can be restricted so that a Webmin user can only use it to view log files instead of being able to create and edit them. As explained in chapter 52, you must first create or edit a user who has access to the module. Once that is done, to limit him to only viewing log files follow these steps:

  1. In the Webmin Users module, click on System Logs next to the name of the user that you want to restrict.
  2. Change the Can edit module configuration? option to No, so that he will not be able to re-configure the module to use a fake syslog.conf file.
  3. Change the field Can only view logs? to Yes. When this is set, the only thing that the user will be able to do on the module's main page is click on the View link next to a log file entry.
  4. Click the Save button to make the changes active.

There is currently no way to restrict which log files a user can view, or allow editing of the configuration for only some logs.

Other operating systems

Almost all versions of Unix use syslog to control the destinations that log messages are written to, so the System Logs module is available on most operating systems. It has the similar capabilities on all systems, so the user interface is generally the same. However, there are some differences as explained below:

Sun Solaris, Apple MacOS X, HP/UX, SCO UnixWare, SCO OpenServer and IBM AIX

  • On Solaris, the first time you use the module, Webmin may ask if you want to convert syslog.conf from M4 format. Unless you have made manual changes that use M4 macros, this is safe to do.
  • Logging to named pipes is not supported.
  • There is no option to sync after each write to a log file.
  • When selecting the priorities of messages to write to a log, the At or above, Exactly, Below and *All except *range types are not available. Instead, all message with priorities at or above the one you select will be logged.

FreeBSD, OpenBSD and NetBSD

  • On FreeBSD, logging to named pipes is not supported.
  • On OpenBSD and NetBSD logs can be sent directly to the input of command instead of to a named pipe.
  • There is no option to sync after each write to a log file.
  • When selecting the priorities of messages to write to a log, the At or above, Exactly, Below and *All except *range types are replaced with >=, >*, *<=, <* and *<> which have similar meanings.
  • Each log destination can be associated with a program, set using the optional Only for program field. If set, only log messages from the entered server or daemon will be written to this log file.

SGI Irix

  • Logging to named pipes is not supported. Instead, logs can be sent directly to the input of command.
  • There is no option to sync after each write to a log file.
  • Logs can be written to a Unix domain socket file.
  • When selecting the priorities of messages to write to a log, the At or above, Exactly, Below and *All except *range types are not available. Instead, all message with priorities at or above the one you select will be logged.

If your operating system is not on the list above, then it is not supported by the System Logs module.

See also