[Leaplist] CentOS install

John Simpson jms1 at jms1.net
Fri Feb 29 22:45:06 EST 2008 

On 2008-02-25, at 1953, Hank Lambert wrote:
>
> My question is what is syslog I removed and did I need it?

i'm not sure where a package called "syslog" would have come from...  
there is no such package in the centos 5 repository.

as for what it does...

a server might be running dozens of "background processes" for various  
things- handling incoming email, answering DNS queries, monitoring the  
state of a software RAID, or whatever. most of these background  
processes need to create logs of what they're doing, so the  
administrator can look back and see what happened, or by watching the  
logs in real time, can see what's happening "right now" on the server.

the first method which comes to mind is to just have each process  
write its log entries to a text file. however, there are problems with  
that idea- these programs may not include timestamps in their logs, or  
if they do, they may not all format them the same way, or you may want  
the log files to "cut off" every hour or every day, or you may want to  
combine the log entries from several processes into one single file,  
or you may want to write them to more than one file.

the solution is the "syslog" mechanism. it's a standardized framework  
for gathering these log entries from the various programs, and sending  
them where you want them. it's a much simpler interface for the  
programs which generate logs- they call the openlog() function when  
they start, and then call the syslog() function whenever they need to  
send an entry into the logging system. they don't have to worry about  
filenames and permissions and formatting timestamps or anything like  
that... they just send the message into the logging system and they're  
done.

the syslog() function actually works by sending the messages to a  
named pipe. there is a "syslogd" process which listens to that pipe,  
and handles each message as it comes in. each message has the process  
ID and process name, as well as a "facility" and a "priority"  
associated with it. the "facility" gives a rough idea of which "part"  
of the system it involves (i.e. mail, news, cron, kernel, user, etc.)  
and the "priority" tells how important the message is (values range  
from "debug", the lowest, which is normally used for messages which  
are only useful to people who are debugging programs, all the way up  
to "emerg", which is usually reserved for things like "the hard drive  
died" or "the server is on fire.")

the syslogd process reads that named pipe, and sends each message to  
whatever targets you've configured for them. when it starts, it reads  
a file called "/etc/syslog.conf", which tells it where to send each  
message as it comes in. each line contains one or more  
"facility.priority" pairs, followed by a target. any incoming log  
message which matches the "facility.priority" pair on a given line, is  
sent to the target for that line. the "priority" values usually mean  
"that priority or higher", so a "mail.debug" selector would also catch  
a "mail.info" message.

a target can be a local file (such as "/var/log/messages"), or a named  
pipe, a device like "/dev/tty12" (which will make all of your log  
entries go to that tty, so you can watch them even if you're not  
logged in,) a remote machine (which should also be running syslog,  
configured to accept incoming syslog messages from the network), a  
userid (which means if that user is logged in, syslogd will send it to  
their screen), or "*" (which means every user- normally this is only  
used for "the server is on fire" messages.)

it's a nice system, and on a machine which isn't heavily loaded it  
works well. however, the kernel buffer which provides the named pipe  
can fill up if the machine is busy, and when that happens, the  
syslog() function drops messages rather than waiting for the pipe to  
not be full. which means that it's not 100% reliable.

the syslogd executable, which is pretty much required for any linux  
system (other than possibly embedded systems) is provided by centos in  
the "sysklogd" package.

> It seems to work now without it, but that doesn't mean I won't pay  
> down the line. I am very new to CentOS, actually have about 10  
> minutes on a CentOS system.

centos, if you're not already aware, is built from the source code of  
redhat enterprise, with a few minor changes (basically, the word  
"redhat" has been removed from everything except copyright messages,  
and replaced with "centos".) all of my clients' servers are running  
centos- mostly centos 5, a few centos 4, and one centos 3. it's been a  
rock solid distro for me- it was designed for servers, although it  
does have slightly older but stable versions of the GUI stuff as well.  
my own server is running centos 5, and phil's server (home of the LEAP  
web site and mailing list) is running centos 4.

--------------------------------------------------------
| John M. Simpson  --  KG4ZOW  --  Programmer At Large |
| http://www.jms1.net/                 <jms1 at jms1.net> |
--------------------------------------------------------
|   Hope for America  --  http://www.ronpaul2008.com/  |
--------------------------------------------------------





-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.leap-cf.org/pipermail/leaplist/attachments/20080229/0632b6ca/PGP.bin

More information about the Leaplist mailing list