Linux Server Management: Log management (i)

1. Log Management Introduction:

A. Log service: The log service in centos6.x and the original SYSLOGD service replaced by RSYSLOGD. RSYSLOGD Log service More advanced, more features. However, regardless of the use of the service, or the format of the day file is actually compatible with the SYSLOGD service, so the SYSLOGD will also be Rsyslod service.

New features of B.RSYSLOGD:

Transferring log information based on TCP network protocol

A more secure way to transport your network

A timely analysis framework with log messages

Background database

A simple logical judgment can be written in the configuration file

Compatible with syslog configuration files

3. The system is started by default: Of course we can see if it starts and whether it is started automatically

PA aux | grep rsyslogd and Chkconfig--list | grep rsyslogd

Of course you can also install him yum-y install RSYSLOGD

4. The role of common logs:

/var/log/cron recorded your scheduled task log.

/var/log/cups Logging of printed information

/VAR/LOG/DMESG logs the system kernel boot detection Information log of course you can also use the DMESG command to view

/var/log/btmp logs an incorrect login information log when the file is binary and cannot be opened directly. Not directly VI view, but use the LASTB command to view

/var/log/lastlog logs the last logon time of all users in the system, this file is also a binary file, not directly VI, but to use Lastlog to view.

/var/log/mailog Logging of mail logs

/var/log/messages Log The important information of the system, this log file will record most important information of Linux system, if there is a problem, the first thing to look at is the messages log file.

/var/log/secure record authentication and authorization information, as long as the account and password procedures are recorded, such as system login, SSH login, su switch user, sudo authorization, even add users and modify the user password will be recorded in this log file.

/var/log/wtmp permanently records all users ' login, logoff information, and simultaneously records the system startup, restart, shutdown events. Also this file is also a binary file, cannot be directly VI, and need to use the last command to view

/var/run/utmp records the user information that is currently logged in, this file will be changed with the user logon and logoff, only the current logged on user information, the same file is also binary files can not be viewed directly, and to use the w,who,users and other commands to query

In addition to the system default log, the system service installed in RPM will also default to log the corresponding service name log under/var/log. However, these logs are not recorded and managed by the RSYSLOGD service, but are recorded by the log management document of the service itself. For example, RPM-installed Apache and MySQL services

2015-06-30

RSYSLOGD Log Service

1. log file format

The time the log was generated, the name of the server in which the event occurred, the service name or program name of the generation time, and the information report for the event

2./etc/rsyslog.conf configuration file

Mail.*-/var/log/mail

Linux Server Management: Log management (i)