Linux System Information Log

There are 2 basic ways we can see the Linux System Information log :

(1) DMESG view----This command is more common

(2) Documents under/var/log/

Then we will start from this 2 ways, step by step to go down.

(a) First, let's look at what is hidden behind this common command of DMESG!!

(1) Let's get a man for a second.

-------------man DMESG--------------------------

1.NAME

2.dmesg-print or control the kernel ring buffer

3.SYNOPSIS

4.DMESG [-c] [-N level] [-s bufsize]

5.DESCRIPTION

6.DMESG is used to examine or control the kernel ring buffer.

7.The program helps the users to print out their bootup mes-sages. Instead of copying the messages by hand, the user need only:

8.dmesg
>

Boot.messages

9.and Mail the Boot.messages file to whoever can debug their

10.problem.

11.OPTIONS

12.-c Clear The ring buffer contents after printing.

13.-sbufsize

14.Use a buffer of size bufsize to query the kernel ring buffer. This is 16392 by default. (The default kernel syslog buffer size is 4096 at first, 8192 since 1.3.54, 16384 since 2.1.113.) If you had the set the kernel buffer to being larger than the default then this option can be used to view the entire buffer.

15.-nlevel

16.Set the level at which logging of messages are done to the console. For example,-N 1 prevents all messages, expect panic messages, from appearing on the console. All levels of messages is still written to/proc/kmsg, so syslogd (8) can still is used to control exactly where kernel me Ssages appear.

17.When the-n option is used, DMESG would not print or clear the kernel ring buffer.

18.When Both options is used, the last option on the command line would have an effect.

From the manuals provided by Linux, we can learn that one of the most important information DMESG is to read the information from the kernel ring buffer.

(2) What is ring buffer?

In Linux, all system information (packet kernel information) is transmitted to the ring buffer. The information generated by the kernel is printed by PRINTK (). The information that you see when the system starts is printed to the screen by the function. PRINTK () The information that is played is often <0><2> This number indicates the important level of the message. Above a certain priority level will print to the screen, otherwise it will only remain in the system's buffer (ring buffer).

As for how DMESG is specifically read from the ring buffer, you can see the DMESG.C source code. Very short, easy to read.

(b) DMESG How to make people should be very clear about it. As for the/var/log/under the document is everyone familiar with can not be familiar with!

(1)/var/log/. Why are there so many files?

One sentence explanation: is syslogd this daemon process according to the/etc/syslog.conf, the different service produces the log record to the different file.

I'm not going to go into the/etc/syslog.conf here, a lot of this information (check it out).

(2) Now that you know,/var/log/. is produced by the syslogd daemon. Then go down this line again.

After booting the Linux system, the/ETC/INIT.D/SYSKLOGD started the KLOGD,SYSLOGD two daemons successively.

Where KLOGD is obtained from the system buffer (ring buffer) by a syslog () system call or by reading the proc file system from the kernel PRINTK ()

The message is sent. The syslogd is the KLOGD to read the system kernel information.

I think at this point, we should be on the log generated, read a series of actions to feel.

Summarize:

(1) All system information is exported to the ring buffer. The contents of the DMESG are also read from the ring buffer.

(2) Linux system/etc/init.d/sysklogd will start 2 daemons: Klogd&&syslogd

(3) KLOGD is responsible for reading the kernel information, there are 2 ways:

Syslog () system call (this function uses the whole, we go to man to see)

Read directly to the/proc/kmsg (again,/proc/kmsg is the place where the kernel information is specifically exported)

(4) The output of the KLOGD will be sent to syslogd for processing, and SYSLOGD will log according to the/etc/syslog.conf configuration.

The information is output to different files under/var/log/.

This will enable you to complete the Linux log processing very well.

Linux System Information Log