'

Linux Kernel Logging howto.

June 23rd, 2013 by Andrea Matesi 4426 Views

If Linux crashes, by default, there are not so many places you can go look for a complete log.

If you have a crashy Linux system you need to debug, you can do so by enabling kernel logging.

Enable kern.log.

(From http://serverfault.com/questions/308503/how-do-i-view-enable-kernel-logs-on-an-ec2-instance-amazon-linux): dmesg give you the kernel logs but it doesn't include the timestamp by default (it can be enable by recompiling kernel with CONFIG_PRINTK_TIME=y).

With [r]syslog, you can log all kernel messages to a file (with timestamp) by inserting a below line into /etc/[r]syslog.conf:

kern.* /var/log/kern.log

Don't forget to restart [r]syslog daemon.

For CentOS:

/etc/init.d/syslog restart

Will restart the syslog.

Logrotate kern.log.

So, basically, by enabling kernel logging, you'll get a timestamped log without the need to recompile the kernel. But since the file logged by the kernel may easily become fat, it's more indicated to put it on logrotate.d.

So, create a new file inside /etc/logrotate.d/ and name it kern.log (ie. vi /etc/logrotate.d/kern.log) , then fill it with the following:

# Logs kernel messages into kern.log.
/var/log/kern.log {
        compress
        rotate 6
        weekly
        missingok
        notifempty
        postrotate
                        /sbin/killall -HUP syslogd
        endscript
}

Now it's also a good idea to cat /var/log/kern.log. If it exists, you’re done.

Hopefully the next crash won’t be so clueless!

Posted in LINUX, System Administration | Comments Off on Linux Kernel Logging howto.

Comments are closed.