Log the kernel

The /var/log/dmesg file is very handy for finding out what the kernel is doing. The problem? It gets recreated every time you reboot a Linux server. There is no persistence to this data, which makes troubleshooting harder. Furthermore, the dmesg log does not date and time-stamp the events it records, so figuring out “when” an event occurred is difficult. You can mitigate both of these problems by adding a single line to the /etc/syslog file:

kern.* /var/log/kernel.log

Then restart the syslog service to pickup the change (“service syslog restart”) This will log all debug-level messages from the kernel to the /var/log/kernel.log file. When a problem occurs, you can now see when and what occurred, like this:

Nov 13 16:30:07 usatl01lw207 kernel: e1000: eth0: e1000_watchdog_task: NIC Link is Up 100 Mbps Full Duplex
Nov 13 18:07:31 usatl01lw207 kernel: warning: many lost ticks.
Nov 13 18:07:31 usatl01lw207 kernel: Your time source seems to be instable or some driver is hogging interupts