Objective 2: System Logging
Many events occur on your Linux system that should be logged for administrative purposes. Linux uses the syslogd service to display and record messages describing these events. This system allows finely controlled logging of messages from the kernel as well as processes running on your system and remote systems. Messages can be placed on the console display, in logfiles, and on the text screens of users logged into the system.
What are the advantages of the syslogd service over applications maintaining their own logfiles?
All logfiles are centralized, either in one directory or on one server.
The client/server nature of syslogd allows for machines to log events to a centralized log server for easier monitoring and reporting.
Syslogd allows multiple processes to write to the same logfile, while avoiding file-locking issues.
There are a number of different applications available for Linux that implement the syslogd functionality and offer additional functionality. Some examples are rsyslog (native database logging support) and syslog-ng (regular expression matching). For the purposes of the LPI exam, we cover only the basic syslogd server.