System Log Files

System Log Files

Unix systems keep quite a few log files. Entries in the system logs record a variety of events, such as system startups , e-mail being sent, people logging in, and each use of sudo .

Mac OS X keeps most log files in /var/log , which is the same place as on many versions of Unix. Figure 11.30 shows a typical listing for that directory. Some entries are text files and some are subdirectories containing multiple log files for a process. You'll notice that most of the filenames end in .gz, indicating that they have been compressed using the gzip program (and can be viewed with zcat ; see the man pages).

Figure 11.30. Listing of the /var/log directory showing the system log files. Your output will differ .
 localhost:~ vanilla$  ls /var/log  CDIS.custom        lookupd.log.2.gz      mail.log.4.gz      system.log.3.gz OSInstall.custom   lookupd.log.3.gz      monthly.out        system.log.4.gz daily.out          lookupd.log.4.gz      netinfo.log        system.log.5.gz ftp.log            lpr.log               netinfo.log.0.gz   system.log.6.gz ftp.log.0.gz       lpr.log.0.gz          netinfo.log.1.gz   system.log.7.gz ftp.log.1.gz       lpr.log.1.gz          netinfo.log.2.gz   weekly.out ftp.log.2.gz       lpr.log.2.gz          netinfo.log.3.gz   wtmp ftp.log.3.gz       lpr.log.3.gz          netinfo.log.4.gz   wtmp.0.gz ftp.log.4.gz       lpr.log.4.gz          secure.log         wtmp.1.gz httpd              mail.log              statistics         wtmp.2.gz lastlog            mail.log.0.gz         system.log         wtmp.3.gz lookupd.log        mail.log.1.gz         system.log.0.gz    wtmp.4.gz lookupd.log.0.gz   mail.log.2.gz         system.log.1.gz lookupd.log.1.gz   mail.log.3.gz         system.log.2.gz localhost:~ vanilla$ 

The log files in /var/log are " rotated " or "rolled over" by the script /etc/periodic/daily/100.clean-logs , which is run by the periodic command. That command is in turn run from a launchd agent called com.apple.periodic-daily in the launchd configuration file /System/Library/LaunchDaemons/com.apple.periodic-daily. plist . (See "Running Regularly Scheduled Commands," earlier in this chapter.)

If you have Web sharing turned on (in the Sharing pane of System Preferences, in the Finder), then the Apache Web-server logs are of interest. These are /var/log/httpd/access_log and /var/log/httpd/error_log . Every request handled by the Web server is logged in access_log , and errors are logged (surprise!) in error_log .

If you suspect that something is going wrong with your system, especially if something is happening over and over, looking through the system log files can reveal the cause of the problem.

There isn't any special command needed for most of the logs; they are simply text files, and you can use the tools described in earlier chapters to look at them (see especially Chapter 5). Table 11.6 lists the most useful tools for looking through log files. While the log format differs for each process, in general all log file entries will include a timestamp, process name , and whatever the programmer decided was important to put in the log.

Table 11.6. Commands for Looking at Files

C OMMAND

W HAT I T D OES

less

Views the file one screen at a time.

grep

Searches for text patterns.

tail

Views the end of a file. The -f ( follow ) option is especially useful for log files.


One particularly common situation involves watching a log file to see what is being added to it. See "To view the end of a file while it is growing," in Chapter 5.

One other important log file is the console log.

The console log is where most error messages go during regular operations. It can be viewed from Aqua using the Console utility: /Applications/Utilities/Console.

Console logs are created each time you log in to Aqua, and each one is owned and readable only by the user whose login created it (of course, root can also read it). In Mac OS X 10.4 the files are kept in directories named after the user ID number for the user (earlier versions of Mac OS X named the directories using the short username.) So, in 10.4 the console logs for the user with user ID 502 are located in /Library/Logs/Console/502/ , where you'll find a file called console.log (the current or most recent log), as well as saved log files like console.log.0 , console.log.1 , and so on. Use ls -l to see the last-modified times. You can translate a use RID to a user name with

dscl . -search /users UniqueID userid

For example:

dscl . -search /users UniqueID 502



Unix for Mac OS X 10. 4 Tiger. Visual QuickPro Guide
Unix for Mac OS X 10.4 Tiger: Visual QuickPro Guide (2nd Edition)
ISBN: 0321246683
EAN: 2147483647
Year: 2004
Pages: 161
Authors: Matisse Enzer

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net