When a sysadmin makes changes to a Unix system, it's very important that the changes be logged verbosely so that other sysadmins, and the original admin, can have a resource that serves two very important purposes:

  • A history of what was changed on the system and why, to prevent someone from doing something again when it has already been done or to prevent someone from undoing something which shouldn't be undone
  • A reference on how to perform an action which needs to be repeated, possibly on a different box altogether

There are two tactical problems with this process. The first is that admins must be educated in the need to keep good logs. A "trouble ticket" system, sometimes called a CRM system can serve this purpose if a company has enough systems to justify such an expense in software maintenance time and license fees. Sysadmins simply log any changes they make to the box in a ticket, which goes into the CRM database. But smaller organizations need only make sure that there is a journal kept on the box, and training the admins to do so is outside the scope of this node. This leads us to the second tactical problem, which is equally present in the CRM solution:

How do you make it easy enough to use that everyone does it?

I humbly present one solution: shell aliases which are wrappers around the /usr/bin/logger utility, using the kernel's own logging infrastructure to keep logs in a standard place, easily backed up and easily read, and even timestamped for clarity.

  1. Make sure you are using a POSIX system with a syslogd. Linux and BSD use syslogd, as do many other Unixes, but this won't work in, for example, Microsoft Windows.
  2. Edit /etc/syslog.conf. Only one line needs to be added:
    local6.info       /var/log/admin.log
    You may modify the filename if you keep your logs on a network server or in another directory; see the man page for syslog.conf to find out how to specify special locations for log files. This is the file that will be written to when your sysadmins journal their tasks.
  3. Create a shell alias in all sysadmin accounts. This should be added to a role-specific profile, although you can safely add it to a global profile such as /etc/profile. You may not want to make this alias available to all users, as it will give an error to anyone who is not authorized to use the kernel syslog facility.
    alias log='logger -p local6.info'
  4. This command can be used in any of the following ways:
    • log <message>
    • cat files ... | log
    • log < filename
    • log
      > (followed by a typed message which can be as long as you wish).
  5. Finally, this shell function can be used to dump an entire file into the journal. This is great when you're about to change a system-wide configuration file and you want to archive an old version of it in case you have to go back.
    declare -f logfile ()
    {
        if [ $# -lt 1 ]; then
            echo "Usage: logfile <file> [<file> ...]" 1>&2;
            return 1;
        fi;
        for file in $*;
        do
            pushd `dirname $file` >/dev/null;
            file1=`pwd`;
            file2=`basename $file`;
            filename=$file1/$file2;
            logger -p local6.info "****** $filename ******";
            logger -p local6.info <$filename;
        done
    }

    Its use is very simple: specify as many filenames as you want on the command line, and they will be copied into the system journal. If you specify a binary file you will get garbage in your system log, so be careful to specify only text!

Log in or register to write something here or to contact authors.