Configuration, Logging, and CRON

Posted: September 24, 2010 in Uncategorized
cat /proc/cpuinfo To see information about your cpu
cat /proc/interrupts List interrupts in use
cat /proc/version List Linux version
cat /proc/filesystems List the types of filesystems in use
lsmod Show the kernel modules currently loaded

The “sysctl” program will list kernel parameters. Type “sysctl -a |more” to see a list of kernel parameters on your system.

For more in depth information on the proc filesystem, read “How Linux Works”.

Linux System logging

The system daemon called syslogd is the program used to log system events such as kernel messages, login or logout messages, general system messages, etc. The /etc/syslog.conf file controls where logging information is recorded by syslogd. This file controls where your logfiles are kept. Typically these files are in the “var/log” directory.

My “/etc/syslog.conf” file”

	# Log all kernel messages to the console.
	# Logging much else clutters up the screen.
	#kern.*							/dev/console

	# Log anything (except mail, news and auth) of level info or higher.
	# Don't log private authentication messages!
	*.info;mail.none;news.none;authpriv.none		/var/log/messages

	# The authpriv file has restricted access.
	authpriv.*						/var/log/secure

	# Log all the mail messages in one place.
	mail.*							/var/log/maillog

	# Everybody gets emergency messages, plus log them on another
	# machine.
	*.emerg							*

	# Save mail and news errors of level err and higher in a
	# special file.
	uucp,news.crit						/var/log/spooler

	# Save boot messages also to boot.log
	local7.*						/var/log/boot.log

	# INN
	news.=crit                                        /var/log/news/news.crit
	news.=err                                         /var/log/news/news.err
	news.notice                                       /var/log/news/news.notice

The first field is a facility followed by a “.” with the second field being the priority such as “uucp,news.crit” above where the facility is uucp and news and the priority is crit. The last part of each line specifies the name of the log file where that log will be kept. This file does not like spaces in it so use tabs between sections.
Facilities are:

  • authpriv, auth (depreciated) – Security authorization messages
  • cron – The clock daemon (cron and at)
  • daemon – Other system daemons
  • kern – Kernel messages
  • lpr – Line printer subsystem
  • mail – Mail subsystem.
  • mark – For internal use
  • news – Usenet news subsystem.
  • security (depreciated, same as authpriv) – should not be used anymore.
  • syslog – Messages generated internally by syslogd.
  • user – Generic user level messages
  • uucp – UUCP (Unix-Unix copy) subsystem.
  • local0 through local7

The “authpriv” facility should be separated from other log data, including attempts to switch users using /bin/su, login attempts, and other user accounting information.

Priority is one of the following with the least severity listed first:

  • debug – Debug level message
  • info – Informational message
  • notice – Normal but significant conditions
  • warning, warn (depreciated) – Warning conditions
  • err, error (depreciated) – Error conditions
  • crit – Critical conditions
  • alert – Action must be taken immediately
  • emerg, panic – System is unusable

An “*” stands for all facilities or all priorities. Many distributions default to only logging the most basic information. You may want to customize system logging for your environment.

Linux Logrotate

Going hand in hand with the system logging capability is the logrotate capability which is used to manage logfiles. The logrotate program is used to rotate, compress, and/or mail system log files. It is normally run from cron. It can be configured with the file “/etc/logrotate.conf” which is specified on the command line when logrotate is run.. The logrotate configuration file on my system is listed below:

	# see "man logrotate" for details
	# rotate log files weekly

	# keep 4 weeks worth of backlogs
	rotate 4

	# send errors to root
	errors root

	# create new (empty) log files after rotating old ones

	# uncomment this if you want your log files compressed

	# RPM packages drop log rotation information into this directory
	include /etc/logrotate.d

	# no packages own lastlog or wtmp -- we'll rotate them here
	/var/log/wtmp {
	    create 0664 root utmp
	    rotate 1

	/var/log/lastlog {
	    rotate 1

	# system-specific logs may be configured here

Some of the logrotate configuration directives include:

  • daily – log files are rotated every day
  • weekly – log files are rotated once a week.
  • monthly – log files are rotated once a month
  • rotate – The number of times log files are rotated before being deleted or mailed to an address specified in a mail directive.
  • include – Includes a file in this file as though it were in line. If the file is a directory, the files under that directory are included. In my copy above, there are several files under the directory “/etc/logrotate.d” which are used for logging various daemons.
  • create – “create mode owner group”. Creates the file with the specified mode, owner and group ids.
  • copytruncate – truncate the original file after creating a copy so programs appending data will not have a problem.
  • compress – Old versions of the log file are compressed with gzip.
  • nocompress – Old log files are not compressed.
  • errors – Any errors during logfile processing are mailed to the address “errors address”.
  • mail – When a log is rotated out of existence, it is mailed to the specified address “mail address”.

There are many other directives associated with the logrotate program. Type “man logrotate” for more information.

Other system tracking files:

/var/log/wtmp – Binary info on users that have been logged on. The last command uses this info.
/var/run/utmp – Binary info on users currently logged on. The commands who, w, and finger use this info.
/var/log/lastlog – Used by finger to tell when a user was last logged in

Scheduling tasks with CRON

Cron runs commands in the /etc/crontab file, the /etc/cron.d directory, and /var/spool/cron directory that has file names of authorized users in the /etc/passwd file. Cron commands are scheduled in three locations:

  • The directory “/var/spool/cron” with files named after accounts in “/etc/passwd”. The format of files here is described in the crontab(1) manpage.
  • The directory “/etc/cron.d”. The format of files here is described in the crontab(5) manpage.
  • The file called “/etc/crontab”. The syntax of each line in this file is:

minute, hour, day of month, Month, day of week, (user name), command

Months are specified using the numbers 1 through 12. The user name is included it the file is a system crontab file. Some example entries are listed below:

Some example crontab entries are:

*/10 * * * * root /sbin/rmmod -as Every 10 minutes all unused kernel modules are unloaded.
0 1 * * * find /tmp -atime 3 -exec ls -l {} \; Lists files in /tmp that are 3 or more days old, Run at 1:00
0 12 * * mon,tues,wed,thurs,fri ls -al Lists files at noon on weekdays.

Redhat comes with the following entries:

01 * * * * root run-parts /etc/cron.hourly Hourly task list, runs at 1 minute after the hour
02 4 * * * root run-parts /etc/cron.daily Daily task list, runs at 4:00AM, 2 minutes after the hour
22 4 * * 0 root run-parts /etc/cron.weekly Weekly task list, runs at 4:00AM, Sunday 22 minutes after the hour
42 4 1 * * root run-parts /etc/cron.monthly Monthly task list, runs at 4:00AM, On the first of the month, 42 minutes after the hour

Note that for weekly and monthly tasks the number of minutes after the hour is staggered so the system does not try to do all jobs at once. Redhat therefore has the following additional directories each containing files with tasking:

  • /etc/cron.hourly
  • /etc/cron.daily
  • /etc/cron.weekly
  • /etc/cron.monthly

These files are directories. Therefore you can place any executable program in one of these directories and it will be run as scheduled above.

There is a crontab program which can be used to install, de install, or list tables used to drive cron. It has the same name as the configuration file, but is a binary program. You will see this if you type “whereis crontab”.

Cron runs the following on my system:

  • cron.hourly
    1. In the file “inn-cron-nntpsend” the command “/sbin/chkconfig innd && su – news -c /usr/bin/nntpsend” is run to support internet news service.
  • cron.daily
    1. In the file “inn-cron-expire” the command “/sbin/chkconfig innd && su – news -c “/usr/bin/news.daily delayrm” ” is run.
    2. In the file “inn-cron-expire” the command “/sbin/chkconfig innd && /usr/bin/rnews -U” is run.
    3. In the file “logrotate” the command “/usr/sbin/logrotate /etc/logrotate.conf” is run.
    4. In the file “makewhateis.cron” a file “/var/lock/makewhatis.lock” is created to keep the cron scripts from stepping on each other. Do a man on makewhatis for more info.
    5. In the file “slocate.cron” the command “/usr/bin/slocate -u -f “nfs,smbfs,ncpfs,proc,devpts” -e “/tmp,/var/tmp,/usr/tmp,/afs,/net” ” is run to update the file location database.
    6. In the file “lsrnpull-expire” the command. Do a “man slrnpull” for more info.
    7. In the file “tetex.cron” TeX formats not used for 10 days are removed. “man tmpwatch”
    8. In the file “tmpwatch”
  • cron.weekly
    1. In the file “makewhateis.cron” a file “/var/lock/makewhatis.lock” is created to keep the cron scripts from stepping on each other. The makewhatis command updates the apropos database which is the database used when the command “man -k” is used. For more information, type “man whatis” or “man apropos”.
  • cron.monthly contains no files

The system administrator can schedule tasks by adding entries to the /etc/crontab (see crontab(5)) file or on Redhat Linux, by adding entries in one of the cron.hourly, cron.daily, cron.weekly, or cron.monthly files. Users may be able to schedule cron jobs if the system is configured to allow it. If neither of the /etc/cron.allow nor the /etc/cron.deny files exist, either all users will be able to run cron commands or no users will be able to do it. If /etc/cron.allow exists, the user must be listed there in order to use cron commands. If /etc/cron.deny exists, the user must not be listed here or they will be unable to use cron.

One useful entry you can put in the /etc/cron.weekly directory in a file named something like “cleanold.cron” is:

find /var/spool/myspools -mtime +33 -exec rm -f {} \;

This entry will remove all files in the /var/spool/myspools directory whose data was changed more than 33 days ago.

The user (if allowed) can schedule cron tasks by following the below procedure:

  1. Make a crontab file called for example “mycron”.
  2. Use the crontab(1) command to submit the command(s) to cron by typing “crontab mycron”.
  3. You can view what you have installed by typing “crontab -l”.

crontab commands:

crontab -e Starts vi session by default to edit your crontab file. To use emacs as your editor, type “export VISUAL=emacs” before typing this command. When you exit the editor, the modified crontab is installed automatically.
crontab -r Removes your crontab entry from the /var/spool/cron directory. Does not erase your original crontab file.
crontab -l Lists all the user’s cron tasks.

To use emacs, type “export VISUAL=emacs” before starting crontab.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s