Linux Kernel Logging howto.

June 23rd, 2013 by Andrea Matesi 4549 Views
Linux logo

Linux logo

If Linux crashes, by default, there are not so many places you can go look for a complete log.

If you have a crashy Linux system you need to debug, you can do so by enabling kernel logging.

Enable kern.log.

(From http://serverfault.com/questions/308503/how-do-i-view-enable-kernel-logs-on-an-ec2-instance-amazon-linux): dmesg give you the kernel logs but it doesn't include the timestamp by default (it can be enable by recompiling kernel with CONFIG_PRINTK_TIME=y).

With [r]syslog, you can log all kernel messages to a file (with timestamp) by inserting a below line into /etc/[r]syslog.conf:

kern.* /var/log/kern.log

Don't forget to restart [r]syslog daemon.

For CentOS:

/etc/init.d/syslog restart

Will restart the syslog.

Logrotate kern.log.

So, basically, by enabling kernel logging, you'll get a timestamped log without the need to recompile the kernel. But since the file logged by the kernel may easily become fat, it's more indicated to put it on logrotate.d.

So, create a new file inside /etc/logrotate.d/ and name it kern.log (ie. vi /etc/logrotate.d/kern.log) , then fill it with the following:

# Logs kernel messages into kern.log.
/var/log/kern.log {
rotate 6
/sbin/killall -HUP syslogd

Now it's also a good idea to cat /var/log/kern.log. If it exists, you’re done.

Hopefully the next crash won’t be so clueless!

Senior Professional Network and Computer Systems Engineer during work hours and father when home.

Andrea strives to deliver outstanding customer service and heaps of love towards his family.

In this Ad-sponsored space, Andrea shares his quest for "ultimate" IT knowledge, meticulously brought to you in an easy to read format.

Rate this post

Posted in LINUX, System Administration | Comments Off on Linux Kernel Logging howto.

Comments are closed.