Introduction on Linux System Logging
Any of the operating systems let us track the activities that are performed on their platform. The feature to store the logs is very useful when it comes to investigating the activities performed on the operating system. As the operating system as used as the core of any server, it lets us keep track of how users are leveraging the operating system by storing all the user’s activities in the form of a log. Similar to all the operating systems, Linux also provides a mechanism to store the to store logs. In some of the servers that host the application, Linux OS is used and it stores all the logs that are generated whenever the user tries to access the web pages stored on the server. In this article, we are going to have a deep view of Linux system logging.
Facilities of Linux System Logging
Syslog Facilities with their Description, Before we understand the logging method in Linux we have to understand what exactly means when we talk about logging in Linux. Logging can be defined as the approach of storing all the activities that are being performed with the operating system. The Linux operating system provides us with some of the special facilities that are used to store logs in the system. Logging usually captures the timestamp together with the activity snippet. The logs are considered the main component that is essential to facilitate any investigation. Though logging of activities occupies memory, the scope of logging has to be kept limited and specific.
Syslog Facilities are the special keywords that are used to store the log in the operating system in a particular manner. There are situations where the system administrators are expected to have the log data stored in a particular manner in order to serve the business purpose, in that case, they leverage the Syslog facilities to have the data stored in the way they want. Linux provides us several facilities and the function of all of them is unique.
Below is the list of facilities that are used very often in the Linux operating system and popular as Syslog facilities.
Auth is one of the most important Syslog facilities that is used in order to get the activities that are concerned with the username and the password. While storing the log, there are certain places where we need to store data related to the username and the password, in such case the auth facility is being used to serve the purpose.
The authpriv facility actually stands for author privilege. The functioning of this facility is similar to that of the auth facility but the only difference is, it stores the log in the file that can be read by the users that have to privilege to read that file. It also stores the information related to the username and the password. All the logs are stored in a particular file that has to be circulated through specific users.
Logging of the information that is linked with the console is very crucial as it is the most essential part that plays a vital role in the investigation. All the messages that are sent to the console are recorded using this facility. It works like a sniffer that captures the messages that are sent to the console and stores that in the form of a log.
The role of this facility is to ensure that all the messages that are concerned with ftp daemon have been logged in the system. When the user works with ftp, he usually leaves the logs behind that can be captured and stored using this facility. One can leverage this Syslog facility to store every event that the outcome of working with FTP.
The kern facility is used to keep track of all the kernel-based messages. Kernel works as the soul of the operating system which tells us anything that happens at the kernel level. Keeping track of the kernel level messages is something important to troubleshoot issues.
This facility is used to log all the messages that are populated from the mail system. It is the main reason that the log files as the mail related data captured there to study the kind of mail that has been sent or received.
The ntp facility is used to store the data related to the network time protocol. Whenever the system triggers any message that is related to the network time protocol, it is the ntp facility that sniffs or store the message in the form of logs.
The news facility works as the message logger to network news protocol. The network news protocol invokes some of the incidents that have the specific data associated with it and the news facility helps to store that data.
Lpr stands for the line printing system. The role of this facility is to store all the messages that are related to the line printing system. It captures the data and stores in the log file as similar to the way all facilities stores the log.
Mark may be considered as a facility that is used to generate the timestamp and store that into the log file. In this facility, the pseudo-event is leveraged to generate the timestamp.
This facility captures the messages that are related to the usual user processes. All the normal activities that are done by the users are captured by the virtue of this facility.
The corn facility is one of the very important facilities that is used to store the messages related to the corn system scheduler that is generated when a user interacts with the corn system.
Conclusion – Linux System Logging
The Syslog facilities are the keywords in Linux that comes with predefined functionalities. These keywords are used to store the data in a specific manner that serves the needs of the business. The logs that are stored in the log file are used for several purposes but the main reason for storing the log is to understand the user’s behaviors that eventually help to facilitate the investigation.
This is a guide to Linux System Logging. Here we discuss the list of facilities that are used very often in the Linux operating system. You may also have a look at the following articles to learn more –