First glance at Linux logon files

Common logon files:/var/log/cron: records the running status of crontab and whether/etc/crontab is correct. /Var/log/dmesg: records the information generated during the core detection process when the system is started. /Var/log/lastlog: record the last time all accounts in the system log on to the system...

Common logon files:
/Var/log/cron: records crontab running status and/etc/crontab.
/Var/log/dmesg: records the information generated during the core detection process when the system is started.
/Var/log/lastlog: records information related to the last time all accounts in the system log on to the system.
/Var/log/maillog: records the Mail sending and receiving information.
/Var/log/messages: a very important file that records information about system errors.
/Var/log/secure: records related information when logging on to the system with a password
Syslogd: mainly used to log on to the system, network, and other service information.
Klogd: information generated by the core of the logon file.
Logratate: it is mainly used to replace login files.
Syslog: the recorded data includes:
Date and Time event host name event service name actual content
Example:
[Root @ server ~] # Cat/var/log/secure
Dec 15 19:47:53 server login: pam_securetty (remote: auth): access denied: tty 'PTS/0' is not secure!
Dec 15 19:47:57 server login: failed login 1 FROM 192.168.222.118 FOR root, Authentication failure
Linux diary server settings
Take a host as a file server with logon files, so that the records on multiple servers can be easily concentrated on one machine, the default syslog of CentOS 5 already has the function of logging on to the file server, but it is not enabled by default:
1. server modification
[Root @ server sysconfig] # vi syslog
# Options to syslogd
#-M 0 disables 'Mark' messages.
#-R enables logging from remote machines
#-X disables DNS lookups on messages recieved with-r
# See syslogd (8) for more details
SYSLOGD_OPTIONS = "-m 0" # Change to SYSLOGD_OPTIONS = "-m 0-r"
# Options to klogd
#-2 prints all kernel oops messages twice; once for klogd to decode, and
# Once for processing with 'ksymoops'
#-X disables all klogd processing of oops messages entirely
# See klogd (8) for more details
KLOGD_OPTIONS = "-x"
#
SYSLOG_UMASK = 077
# Set this to a umask value to use for all log files as in umask (1 ).
# By default, all permissions are removed for "group" and "other ".
2. restart the syslog service and observe the monitoring status.
[Root @ server sysconfig] #/etc/init. d/syslog restart
Shutting down kernel logger: [OK]
Shutting down system logger: [OK]
Starting system logger: [OK]
Starting kernel logger: [OK]
[Root @ server sysconfig] # netstat-lunp | grep syslog
Udp 0 0 0.0.0.0: 514 0.0.0.0: * 31735/syslogd
3. configure the client
[Root @ server sysconfig] # vi/etc/syslog. conf
*. * @ 192.168.222.79 # server IP address
The preceding steps allow the linux host to receive logon information from other hosts.

Author "Liyy study notes"