In this chapter we will cover some very basic ways to determine the status of a system by directling you to the log files, cron files, and emergency rescue operation, or "Call out the sheriff, little Jimmy fell in the well again."

I. Syslogd and klogd
 

A. Syslog watches all kinds of activity on the system. The configuration file that manages this daemon is /etc/syslog.conf. Here's an example file to see where logs go:
 
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* /var/log/maillog
# Everybody gets emergency messages, plus log them on another
# machine.
*.emerg *
# Save mail and news errors of level err and higher in a
# special file.
uucp,news.crit /var/log/spooler

B. Klogd intercepts kernel messages and logs them as a part of syslogd in /var/log/messages. The klog entries are relatively easy to see as they contain the word 'kernel' in the prefix of the log line.

A. Regular cron jobs can be started at predefined regular intervals (hour, day, week, month) by simply placing an executable script in the appropriate /etc/cron.* directory.

B. Cron also scans the /etc/crontab as well as the /var/spool/cron/ directory for user crontab entries. Creation of the /var/spool/cron/<user> crontab is via the 'crontab' utility. Read the man page for further info on creating user crontabs.

C. Logrotate is run as a cron job from the /etc/cron.daily directory. This program will rotate logs on a daily, weekly, monthly or when a file becomes too large. It is configured by the /etc/logrotate.conf file and several specic files in the /etc/logrotate.d/ directory.