System Services - syslogd

System Services - syslogd

This is starting to get scary. This week alone, we’ve talked about two different Linux daemons - inetd and xinetd. Today, we’re going to talk about another: syslogd. What’s with all these daemons, anyway?

If you remember, daemons are processes that fire off, then release control from the tty. They serve as listeners and watchers for other processes in the system. Because they cut loose of the tty, they’re limited in the number of methods at their disposal to communicate with the rest of the system. One of those methods is by writing entries to log files. That’s the whole purpose of syslogd.

Even a thin Linux system has many processes running simultaneously. At this moment, my Slack distribution is running an even 100 processes. That’s a lot of internal communication. Many of these processes generate special events or messages that may be useful to system administrators. It takes a pretty stout daemon to log all these internal communications.

syslogd is launched at boot with the sole purpose of capturing and logging relevant events and messages. Because it’s such an important administrative tool, it’s likely that every Linux distribution you’ll use will launch syslogd at boot by default. Most of the files generated by syslogd reside in the /var/log directory. These log files are written in straight text. The log entries are in a widely standardized format. syslogd writes each entry to a single line of text consisting of date, time, host name, process name, process ID, and any message generated by that process.

So, once again, syslogd proves that daemons are a good thing in Linux. Next up in this mini-series on system services is the /etc/syslog.conf file. It’s how you make the daemon dance the way you want.