{"id":20,"date":"2011-05-30T13:04:00","date_gmt":"2011-05-30T11:04:00","guid":{"rendered":"http:\/\/gabrielezappi.net\/?p=20"},"modified":"2014-06-26T10:32:01","modified_gmt":"2014-06-26T08:32:01","slug":"varlogmessages-log-file-missing-in-linux-ubuntu-natty-narwhal-english-post","status":"publish","type":"post","link":"https:\/\/gabrielezappi.net\/en\/varlogmessages-log-file-missing-in-linux-ubuntu-natty-narwhal-english-post\/","title":{"rendered":"“\/var\/log\/messages” log file missing in Linux Ubuntu Natty Narwhal (english post)"},"content":{"rendered":"
[clicca qui<\/a> per il post in lingua italiana]<\/div>\n

Hi there,
After a clean install of Linux Ubuntu 11.04 (Natty Narwhal) I realized that the log file \/var\/log\/messages<\/i> was missing. I realized that it was a deliberate choice as well!
Ubuntu community’s (or Canonical’s) kernel guys took that decision (modifing rsyslog configuration file provided as default after install) saying that this change avoids logs to be duplicated in two log files (\/var\/log\/syslog and \/var\/log\/messages).
Just to be frank, polite and clear… I totally disagree this choice: as a matter of fact, you can have duplicated rows in both log files “syslog” and “messages”, but the purpose of these files is quite different, and I don’t find it correct to mix them up, for two reasons:<\/p>\n

    \n
  1. \/var\/log\/message<\/b>s is not only a convention. It became a standard for all *nix\/linux systems<\/u> (no matter if you run a server or a desktop class distribution).
    \/var\/log\/syslog<\/b> purpose is to be the audit log, and it will be log everythings<\/u> (such as cron\/at jobs, “info” msg, and so on …)
    \/var\/log\/messages<\/b> is the usual place for system applications warning messages<\/u>, even if non-kernel related, boot messages (non-kernel) similar to info you may report with command ‘dmesg’. This is THE place to look at, if you feel that something is going wrong!<\/li>\n
  2. All standard applications and programs<\/b> (including applications out-of-the-box, third part’s, etc..), monitoring programs, Network monitors & SNMP frameworks (such as Hobbit\/XyMon, Nagios, Zabbix, and so on) usually go to look for it in order to catch statuses and error conditions<\/u>. It’s not a solution to symbolic link syslog to messages, because that mentioned programs\/daemons would parse milions of unuseful lines of logs in vain, degrading the overall system performances consequently.<\/li>\n<\/ol>\n

    Since I feel that neather Canonical nor Ubuntu community can decide to change this importand standard overnight (at least without discuss a change in a worldwide commission of IT standards or something like that – see ISO, ANSI, etc.), here is how to take rsyslog back to write \/var\/log\/messages like in the past:<\/p>\n

    <\/p>\n