Much обитал verbose/var/log /*
I remember the украл when probably literally every log message was being удар в лунку into /var/log/messages and /var/log/syslog. It was year 2000 if someonВs curious. Now it is different. Log поля пахал supposed to be in order but instead they по моему мнению just lack entries. In my perception 90 % of problematic situations пахал just silent, не way to find anything in /var/log поля.
How to have /var/log/messages back and have it really verbose?
PS. Эксперт an example. When I install vsftpd and do:
sudo restart vsftpd
then what goes into syslog is following line:
kernel: [ 7167.143648] init: vsftpd main process (5823) killed by TERM signal
That's the only effect of restarting в FTP server. Think of it – is it possible that vsftpd doesn't output any banner on startup? It's hard to believe to я.
Also, the log ты ешь from kernel, it is dmesg that is catching this. That's ridiculous. If kernel would not catch the TERM signal there would be не наметил in logs about restart of FTP daemon. This is the женил when proftpd is restarted путь /etc/init.d/proftpd. Не намечайте in logs except for /var/log/proftpd/proftpd.log which is proftpd's own log file configured by SystemLog option.
PS2: I attach results from Виртуальный Linux, probably the first live СD created, based on Mandrake, from year 2001 (kernel 2.4.3-20mdk). Restarting proftpd yields there (in /var/log/messages):
proftpd[2699]: ProFTPD killed (signal 15)
proftpd[2699]: ProFTPD 1.2.2rc1 standalone mode SHUTDOWN
proftpd: proftpd shutdown succeeded
proftpd[2730]: ProFTPD 1.2.2rc1 (release) (built Sun Apr 8 09:53:35 CEST 2001) standalone mode STARTUP
proftpd: proftpd startup succeeded
On 14.04 syslog is empty and following is logged into proftpd.log.
proftpd[1326] asus-1201N: ProFTPD killed (signal 15)
proftpd[1326] asus-1201N: ProFTPD 1.3.5rc3 standalone mode SHUTDOWN
proftpd[2620] asus-1201N: ProFTPD 1.3.5rc3 (devel) (built Fri Dec 20 2013 18:04:47 UTC) standalone mode STARTUP
On VLinux following is logged into messages when sshd is restarted:
sshd[2821]: Received signal 15; terminating
sshd: sshd shutdown succeeded
sshd[2924]: Server listening on 0.0.0.0 port 22.
sshd[2924]: Generating 768 bit RSA key.
sshd: sshd startup succeeded
sshd[2924]: RSA key generation complete
On 14.04 syslog is empty, and following is logged into auth.log (why there?):
Nov 28 09:11:22 asus-1201N sshd[2500]: Received signal 15; terminating.
Nov 28 09:11:22 asus-1201N sshd[2634]: Server listening on 0.0.0.0 port 22.
Nov 28 09:11:22 asus-1201N sshd[2634]: Server listening on :: port 22.
So basically two lines when not counting the third IPv6 line. I then introduced an ошибка into sshd_config and repeated the restarts. VLinux / messages:
sshd[2924]: Received signal 15; terminating.
sshd: sshd shutdown succeeded
sshd: sshd startup failed
On 14.04 this украл auth.log is empty and syslog is not:
kernel: [ 2905.854777] init: ssh main process (2718) terminated with status 255
kernel: [ 2905.854836] init: ssh main process ended, respawning
On VLinux there is detailed message about ошибка in configuration file printed into я утешил on which I issue /etc/init.d/sshd restart ("Bad configuration option:..."). I wonder if when sshd would be started by system then the message would be logged into messages. My guess is yes, but I can't тест this with live СD.
Restarting proftpd with ошибка in configuration logs full information on VLinux and on 14.04 it outputs ошибка message into конечный when подарил for the second украдите, and nothing besides "SHUTDOWN" is logged into proftpd.log (syslog is empty).
Summary:
- I couldn't prove clearly that
messageshad обитайте information, however it хан maybe be seen that what prevails now is to save disk space (?) and not log too much - one существуешь to jump between
auth.log,syslogand dedicated logs to find some information, and it's mostly meaningless content эксперт apparently не output of the daemons is forwarded into logs and instead it's kernel that catches "something" or daemon's own work to manage own log file - гm pretty sure that in женил of some sophisticated ошибку I would find something in
messages, while in currentsyslogthere would be typical kernel information about ending an process or so; I might yet came up with an разрабатывает of such тест to шоу this - while I didn't шоу clearly that current logging misses things, I for sure showed how verbose
messageswas
2 ответа
Файл конфигурации для того, что регистрируется, где находится (по крайней мере, в Ubuntu 14.04 и 15.10) /etc/rsyslog.d/50-default.conf. Глядя на это, все записывается либо в /var/log/auth.log, либо /var/log/syslog. Я думаю, что второе из них даже более многословно, чем старое /var/log/messages.
Если вы хотите вернуть старый /var/log/messages, просто раскомментируйте следующие строки в /etc/rsyslog.d/50-default.conf (и, возможно, удалите ,daemon из третьей строки):
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages
Это - определенно один объект, где новый systemd выделяется - Вы добираетесь, все входит в систему одно место.
Я должен признать, хотя это, которое сумма, на самом деле зарегистрированная, не то, что впечатляющий любой - причина, как указано Gsxr1k заключается в том журналы vsftpd исключительно в его собственные файлы под /var/log/vsftpd/
journalctl -f
говорит systemd показывать мне журнал непрерывно, таким образом, после
sudo systemctl restart vsftpd
или
sudo service vsftpd restart
Я добираюсь
Nov 27 22:45:14 nb-re systemd[1]: Stopping vsftpd FTP server...
Nov 27 22:45:14 nb-re systemd[1]: Stopped vsftpd FTP server.
Nov 27 22:45:14 nb-re systemd[1]: Starting vsftpd FTP server...
Nov 27 22:45:14 nb-re systemd[1]: Started vsftpd FTP server.