LINUX events ID.

100 pts.
Linux error messages
Hi, Is there any aevent IDs like in windows. Please share anybody has it. Thanks Dharma

Software/Hardware used:

Answer Wiki

Thanks. We'll let you know when a new response is added.

Yes and no. It really depends on what packages you have installed on your system, what daemon/application you’re looking for answers to, and how the author of that software chose to do logging.

Some processes log to the global “messages” file, while others log to their own, unique log files. On my distributions, events are logged to files under /var/log, so check there.

Discuss This Question: 5  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • carlosdl
    Are you investigating some specific problem ? If so, could you please provide more details ? Linux logs are often more informative than windows, so you might not need that event id table for troubleshooting.
    85,430 pointsBadges:
  • Dharmagrao
    Hi Carlosdl, Welcoming you on your suggestions, Iam looking specific event ID on unix . Thear are thousnds of event ID in Microsoft Windows/XP and VISTA etc. Similar way looking for unix event ID. I would to correlate and implement with Arcsight. If you have info. please share. Thanks in advance. Dharma
    100 pointsBadges:
  • Sds9985
    Linux doesn't have event ID's like Windows. Each program can generate log entires to the system logging facility, syslogd (or rsyslogd on some new distros). Programs send log entries with a "facility" parameter which describes the source of the message and a "level", which describes the urgency of the problem. Syslog can be confiured in /etc/(r)syslog.conf to do a variety of things with these messages, filtering by facility and/or level. Messages can be routed to various files (usually under /var/log as mentioned), sent to some other machine for centralized logging, sent to the console, etc. Rsyslog is newer than syslog and has more options for log message handling, like SNMP traps and insertions into a MySQL database. Linux admins usually use some utility like swatch or logwatch to monitor system logs. These utilities watch for specific patterns of error messages coming from specific programs and take some action when a specific type of error message is seen. Get familiar with how to use man pages and look at the man pages for (r)syslogd, {r}syslog.conf and logwatch for further details. Many of these log analyer utilities have web sites with blogs/discussions, knowledge bases, examples, tutorials and documents. The logger command is useful to test your log monitor - you can generate a sample log message wth ant facility or level setting to check and tune your configuration. If you're using ArcSight, you should be able to set up /etc/(r)syslog.conf on your linux system to redirect all log messages to the ArcSight box and let ArcSight do the analysis and montoring. Like this: *.* @{ArcSight_IP_Addr} Substitue the IP address of the ArcSight appliance for {ArcSight_IP_Addr} and this rule would send everything there.
    400 pointsBadges:
  • Dharmagrao
    Hi Like Windows event IDs numbers 6005, 6006, 6008, and 6009. I want to know in UNIX environment event ids, if I get the events so Iam going to implement in ArcSight log monitoring tool. Please suggest from your side. Thanks in advance. Dharma
    100 pointsBadges:
  • AW12
    Speaking of the Sylog, is there a newbie guide on setting up file directories for auditing, and what the syslog file configuration to capture that information and send to something like Arcsight? For example: Auth @IPadress is what I use to capture the authentication.
    10 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: