122

In C we log this way:

syslog( LOG_INFO, "proxying %s", url );

In Linux how can we check the log?

Mateusz Piotrowski
  • 8,029
  • 10
  • 53
  • 79
kern
  • 2,295
  • 4
  • 17
  • 15
  • Doesn't the function `syslog` *write* to the system log? (Unless you're talking about the lower-level one for accessing the kernel message ring buffer, but I doubt `url` is an `int`.) – Cascabel May 20 '11 at 15:54
  • 2
    this Q should be migrated to unix.SE.com, not sure if it's worth it to flag for mod's attention (I flagged). – Alexander Malakhov Aug 06 '14 at 08:41

7 Answers7

193

How about less /var/log/syslog?

NPE
  • 486,780
  • 108
  • 951
  • 1,012
47

On Fedora 19, it looks like the answer is /var/log/messages. Although check /etc/rsyslog.conf if it has been changed.

Hackonteur
  • 821
  • 7
  • 12
41

By default it's logged into system log at /var/log/syslog, so it can be read by:

tail -f /var/log/syslog

If the file doesn't exist, check /etc/syslog.conf to see configuration file for syslogd. Note that the configuration file could be different, so check the running process if it's using different file:

# ps wuax | grep syslog
root      /sbin/syslogd -f /etc/syslog-knoppix.conf

Note: In some distributions (such as Knoppix) all logged messages could be sent into different terminal (e.g. /dev/tty12), so to access e.g. tty12 try pressing Control+Alt+F12.

You can also use lsof tool to find out which log file the syslogd process is using, e.g.

sudo lsof -p $(pgrep syslog) | grep log$

To send the test message to syslogd in shell, you may try:

echo test | logger

For troubleshooting use a trace tool (strace on Linux, dtruss on Unix), e.g.:

sudo strace -fp $(cat /var/run/syslogd.pid)
kenorb
  • 155,785
  • 88
  • 678
  • 743
28

A very cool util is journalctl.

For example, to show syslog to console: journalctl -t <syslog-ident>, where <syslog-ident> is identity you gave to function openlog to initialize syslog.

nhnghia
  • 725
  • 9
  • 8
  • If you use `syslog-ng` with the systemd service, you can view syslog with `journalctl --unit=syslog-ng@default.service` – smac89 Dec 30 '20 at 02:29
  • This should be marked as right answer, instead cat a specific distro and configuration filename and filtering with grep. – Gonmator Jan 27 '23 at 10:25
15

tail -f /var/log/syslog | grep process_name where process_name is the name of the process we are interested in

kshiteejm
  • 159
  • 1
  • 4
3

If you like Vim, it has built-in syntax highlighting for the syslog file, e.g. it will highlight error messages in red.

vi +'syntax on' /var/log/syslog
Andy Carlson
  • 3,633
  • 24
  • 43
1

On some Linux systems (e.g. Debian and Ubuntu) syslog is rotated daily and you have multiple log files where two newest files are uncompressed while older ones are compressed:

$ ls -l /var/log/syslog*
-rw-r----- 1 root adm  888238 Aug 25 12:02 /var/log/syslog
-rw-r----- 1 root adm 1438588 Aug 25 00:05 /var/log/syslog.1
-rw-r----- 1 root adm   95161 Aug 24 00:07 /var/log/syslog.2.gz
-rw-r----- 1 root adm  103829 Aug 23 00:08 /var/log/syslog.3.gz
-rw-r----- 1 root adm   82679 Aug 22 00:06 /var/log/syslog.4.gz
-rw-r----- 1 root adm  270313 Aug 21 00:10 /var/log/syslog.5.gz
-rw-r----- 1 root adm  110724 Aug 20 00:09 /var/log/syslog.6.gz
-rw-r----- 1 root adm  178880 Aug 19 00:08 /var/log/syslog.7.gz

To search all the syslog files you can use the following commands:

$ sudo zcat -f `ls -tr /var/log/syslog*` | grep -i error | less

where zcat first decompresses and prints all syslog files (oldest first), grep makes a search and less is paging the results of the search.

To do the same but with the lines prefixed with the name of the syslog file you can use zgrep:

$ sudo zgrep -i error `ls -tr /var/log/syslog*` | less

$ zgrep -V | grep zgrep
zgrep (gzip) 1.6

In both cases sudo is required if syslog files are not readable by ordinary users.

rpr
  • 155
  • 5