Linux logo

Linux logo

If Linux crashes, by default, there are not so many places you can go look for a complete log.

If you have a crashy Linux system you need to debug, you can do so by enabling kernel logging.

Enable kern.log.

(From http://serverfault.com/questions/308503/how-do-i-view-enable-kernel-logs-on-an-ec2-instance-amazon-linux): dmesg give you the kernel logs but it doesn't include the timestamp by default (it can be enable by recompiling kernel with CONFIG_PRINTK_TIME=y).

With [r]syslog, you can log all kernel messages to a file (with timestamp) by inserting a below line into /etc/[r]syslog.conf:

kern.* /var/log/kern.log

Don't forget to restart [r]syslog daemon.

For CentOS:

/etc/init.d/syslog restart

Will restart the syslog.

Logrotate kern.log.

So, basically, by enabling kernel logging, you'll get a timestamped log without the need to recompile the kernel. But since the file logged by the kernel may easily become fat, it's more indicated to put it on logrotate.d.

So, create a new file inside /etc/logrotate.d/ and name it kern.log (ie. vi /etc/logrotate.d/kern.log) , then fill it with the following:

# Logs kernel messages into kern.log.
/var/log/kern.log {
compress
rotate 6
weekly
missingok
notifempty
postrotate
/sbin/killall -HUP syslogd
endscript
}

Now it's also a good idea to cat /var/log/kern.log. If it exists, you’re done.

Hopefully the next crash won’t be so clueless!

Senior Professional Network and Computer Systems Engineer during work hours and father when home.

Andrea strives to deliver outstanding customer service and heaps of love towards his family.

In this Ad-sponsored space, Andrea shares his quest for "ultimate" IT knowledge, meticulously brought to you in an easy to read format.

Linux Kernel Logging howto.
Rate this post