Sunday, 23 Jun, 2013 Linux logo If Linux crashes, by default, there are not so many places you can go look for a complete log. If you have a crashy Linux system you need to debug, you can do so by enabling kernel logging. Enable kern.log. (From http://serverfault.com/questions/308503/how-do-i-view-enable-kernel-logs-on-an-ec2-instance-amazon-linux): dmesg give you the kernel logs but it doesn't include the timestamp by default (it can be enable by recompiling kernel with CONFIG_PRINTK_TIME=y). With [r]syslog, you can log all kernel messages to a file (with timestamp) by inserting a below line into /etc/[r]syslog.conf: kern.* /var/log/kern.log Don't forget to restart [r]syslog daemon. For CentOS: /etc/init.d/syslog restart Will restart the syslog. Logrotate kern.log. So, basically, by enabling kernel logging, you'll get a timestamped log without the need to recompile the kernel. But since the file logged by the kernel may easily become fat, it's more indicated to put it on logrotate.d. So, create a new file inside /etc/logrotate.d/ and name it kern.log (ie. vi /etc/logrotate.d/kern.log) , then fill it with the following: # Logs kernel messages into kern.log. /var/log/kern.log { compress rotate 6 weekly missingok notifempty postrotate /sbin/killall -HUP syslogd endscript } Now it's also a good idea to cat /var/log/kern.log. If it exists, you’re done. Hopefully the next crash won’t be so clueless! Rate this post Andrea MatesiSenior Professional Network and Computer Systems Engineer during work hours and father when home. Andrea strives to deliver outstanding customer service and heaps of love towards his family. In this Ad-sponsored space, Andrea shares his quest for "ultimate" IT knowledge, meticulously brought to you in an easy to read format. Share this:LinkedIn Related