Multiline log records in syslog
Alternatively, if you want to keep your syslog intact on one line for parsing, you can just replace the characters when viewing the log. tail -f /var/log/syslog | sed ‘s/#012/\n\t/g’
Alternatively, if you want to keep your syslog intact on one line for parsing, you can just replace the characters when viewing the log. tail -f /var/log/syslog | sed ‘s/#012/\n\t/g’
This is an old question, but neither of the previous two answers are good solutions: The accepted answer doesn’t explain why the disk problem goes away if you fix the underlying system issue (the answer is logrotate), plus your system may keep writing to the logs and fill up your disk before you can even … Read more
When the report points to a program, not a shared library Run addr2line -e myapp 080513b (and repeat for the other instruction pointer values given) to see where the error is happening. Better, get a debug-instrumented build, and reproduce the problem under a debugger such as gdb. If it’s a shared library In the libfoo.so[NNNNNN+YYYY] … Read more
/var/log/system.log You can monitor it easily using tail -f /var/log/system.log See also the “logger” (man logger) and “syslog” (man syslog).
have a look at the logger command. e.g. logger -p auth.notice “Some message for the auth.log file”
you can use splunk : http://www.splunk.com/ in which you can centralize all logs you have, you can then perform crossed search, it’s a freeware, a bit heavy but awesome. You can also use lambda probe http://www.lambdaprobe.org/d/index.htm but it’s more for global managment, not especifically for logs.
Since the link no longer works, I’ve changed it to the Internet Archive and quoted a portion of the article here: named-pipes later versions of syslog have support for writing to named-pipes. a named-pipe is a special type of file that implements a simple fifo stream, allowing processes to talk to each other. we’ll exploit … Read more
Well, after almost a day of hair pulling, I finally understand a) how to do it and b) a misconception I have about sec. In reading the sec man page and it describes desc= as essentially showing the match. So in my mind, that meant it should show whatever was matched in pattern. Well, yes, … Read more
I’ve got about 30 servers, and I just use straight up syslog to send all the logs to a single logging server. For backup, all of the machines are also configured to store their own logs locally for a few days, using logrotate to take care of the rotation and deletion of old logs. Each … Read more
How about less /var/log/syslog?