15

System Logging

As you know by now, system administration is quite an expansive concept, basically covering all aspects of keeping things running. It involves responsibilities such as installing software, keeping software up-to-date, managing disk space, controlling access to the system, and managing user accounts. One of the most important (and oftentimes tedious) administrative jobs is managing log files. Because your system is involved in a multitude of tasks that are noninteractive and invisible to the user, logs are your eyes and ears to what's going on within the system. You need to monitor the log files to have any sense of what the computer is doing at any given time, and it is the log files that you consult whenever things are not going the way they should be.

Unix systems have a very flexible and powerful logging system, which enables you to record almost anything you can imagine and then manipulate the logs to retrieve the information you require. This chapter provides a thorough explanation of how logging works in Unix, how to make it keep track of the things you need to know, and how to automate a good bit of the process so you do not have to spend all of your time reading log files.

Log Files

Log files are extremely important to system administration because they are the voice of the system—the mechanism by which the system communicates with the administrator. The administrator is aware of what's happening on the system by reading log files and can use those files ...