Let's jump right in and look at the contents of a syslog-recorded log file.
Afterward we can come back to syslog configuration. The FHS (see Part 2 of this tutorial series) mandates that log files be placed in /var/log.
Here we use the tail command to display the last 10 lines in the "messages"
file:
# cd /var/log
# tail messages
Jan 12 20:17:39 bilbo init: Entering runlevel: 3
Jan 12 20:17:40 bilbo /usr/sbin/named[337]: starting BIND 9.1.3
Jan 12 20:17:40 bilbo /usr/sbin/named[337]: using 1 CPU
Jan 12 20:17:41 bilbo /usr/sbin/named[350]: loading configuration from '/etc/bind/named.conf'
Jan 12 20:17:41 bilbo /usr/sbin/named[350]: no IPv6 interfaces found
Jan 12 20:17:41 bilbo /usr/sbin/named[350]: listening on IPv4 interface lo, 127.0.0.1#53
Jan 12 20:17:41 bilbo /usr/sbin/named[350]: listening on IPv4 interface eth0, 10.0.0.1#53
Jan 12 20:17:41 bilbo /usr/sbin/named[350]: running
Jan 12 20:41:58 bilbo gnome-name-server[11288]: starting
Jan 12 20:41:58 bilbo gnome-name-server[11288]: name server starting
You hopefully remember from the text-processing whirlwind that the
tail command displays the last lines in a file. In this case, we
can see that the nameserver named was recently started on this
system, which is named bilbo. If we were deploying IPv6, we might
notice that named found no IPv6 interfaces, indicating a potential
problem. Additionally, we can see that a user may have recently started GNOME, indicated by the presence of
gnome-name-server.