1

I got this log file entries which I think are from either /var/log/syslog or /var/log/messages file for analysis. I'm trying to find what each column means. I searched around and found very few references as to what each log column means. Its like they forgot to write the column names in the manuals. :)

Feb  1 00:00:49 mycom01 kernel: [7292044.592265] oo:contactc[627578]: Importing OpenOnload 7.1.2.141_ON-13486 [128]

Feb  1 01:02:16 mycom01 kernel: [7321313.400084] [onload] [457]: WARNING: all PIO bufs allocated to other stacks. Continuing without PIO. Use EF_PIO to control this.

I can understand the obvious ones like the date/time and host. But the items in square brackets are not clear. Appreciate your help in understanding this.

Sampath
  • 111
  • 1
    7292044.592265 is time since boot in seconds, or 84.4 days ago. Note there is no /var/log/messages in Ubuntu anymore. Is this Ubuntu? – Doug Smythies Feb 15 '22 at 00:33
  • @DougSmythies I'm sorry, but I don't know the exact Linux flavor used as the logs are from a client of a third party and they are not very helpful :(. It was my speculation that these are either /var/log/syslog or /var/log/messages extracts. – Sampath Feb 15 '22 at 00:39
  • 1
    Well, your date and time stamps do not agree with the difference in the two kernels times (1 hour and 2 minutes verses over 8 hours). So that does not seem to be Ubuntu. – Doug Smythies Feb 15 '22 at 01:00
  • 1
    The format is [time since boot seconds.nanoseconds] [who issued it][PID]: freeform message supplied by the issuer. – waltinator Feb 15 '22 at 02:18
  • @waltinator Thank you. This is exactly what I wanted to know. Can you kindly point me to a manual page of this. I would like to learn a bit more. – Sampath Feb 17 '22 at 05:04
  • 1
    man logger rsyslog rsyslog.conf to start, plus https://tools.ietf.org/html/rfc5424 the syslog protocol definition. – waltinator Feb 17 '22 at 20:02
  • @waltinator Thank you very much. – Sampath Feb 18 '22 at 03:53

0 Answers0