Syslog factory defaults, Remote logging, 314 34.12.2. remote logging – RuggedCom RuggedRouter RX1100 User Manual

34. Maintaining The Router

Revision 1.14.3

314

RX1000/RX1100™

34.12.1. Syslog Factory Defaults

Although new logs can be created (and the type of information saved in existing logs changed) the
factory defaults are as follows:

• messages - This log file catches a wide variety of generic information excluding authentication,

cron and mail messages. This should be the first log you inspect when starting to debug a
problem.

• syslog - This log file catches all information with the exception of authentications. Syslog

contains all that messages contains, and more. Examine this log if you can not find relevant
information in messages.

• auth.log - This log file catches authentication requests. View auth.log when you are trying to

debug a problem in which a user is not able to sign on to a service (such as web management
or ssh).

• critical - This log catches reports of critical failures. There should never be any messages in this

log. Your RuggedCom support representative may ask you to inspect this file.

• kern.log - This log contains messages issued by the kernel (the most central part of the operating

system). This log always displays messages issued at boot time, and should rarely be added
to after that. Your RuggedCom support representative may ask you to inspect this file.

• cron.log (initially disabled) - This log file contains messages from the cron systems notifying of

tasks started through cron. Your RuggedCom support representative may ask you to enable
and inspect this log.

• daemon.log (initially disabled) - This log file contains messages from daemons (programs that

run continuously in the background). Your RuggedCom support representative may ask you to
enable and inspect this log.

Each one of the default logs above is represented in the

System Logs Menu

along with any others

that may have been created.

Left unrestricted, the logging system would consume all available disk space, causing the router to
fail. The router limits the memory used by the logging system by storing logs in a volatile (i.e. lost
after a reboot) file system which is limited in size. Such a system will lose logging information when a
power failure occurs, too much logging is generated or as the result of a user commanded reboot.

The router deals with this problem by storing compressed versions of three key files (messages,
auth.log, and critical) to the permanent disk. The log files are saved every 180 seconds and upon an
orderly reboot. The log files are restored during the next boot. All other files but these are cleared.

34.12.2. Remote Logging

Remote logging (often referred to as remote syslogging) is the process of forwarding log entries to
a remote host computer. Remote logging enables central collation of logs and preserves logs in the
events of security incidents. Remote logging does not require any file storage on the router and as
such does not suffer from loss of information around unplanned power failures. On the other hand,
remote logging cannot record events that occur before network connectivity to the logging host is
established.