Next I will introduce the log files in Linux:
Services with General logs include access logs and error instructions. Access logs generally record the service running status and operations performed by the Service, which are recorded in access logs; the error log can also be understood by name. When an error occurs in the service, the error log is recorded in the error log.
How to delete/restore log files after Linux Server intrusion
Linux/Unix shell script to clear archived log files
Linux Log File System details
Understanding and analyzing log files in Linux
Log File security settings and Log File Server Configuration
Windows
For example, in Windows, we need to find the Event Viewer under the "manage" directory to view logs, which all belong to the Window Log Viewer.
Linux
First we need to check whether there is a sysklogd-1.4.1-44.e15 in our Linux
This software package is some files about logs. Then we can view this software package.
For example, some software packages contain "sysklogd", which is a service software package"
These two software packages (1)/sbin/klogd generate log information for the kernel.
Dmesg command to view information about Kernel hardware
Dmesg | grep-I cpu can view cpu Information
Dmesg | grep-imem allows you to view memory information.
Dmesg | grep-ietho allows you to view Nic Information
(2)/sbin/syslogd is the Service Log information of the system.
Systems include: some software and network devices we usually install.
/Sbin/syslogd will generate a classification file. The file for this classification is/etc/syslong. conf. Open this file and you will see the classification file.
Each row represents a rule. The first one is a selection domain, and the last one is an action domain *. The action domain indicates where we need to send the information.
The selection includes the application and level, and the action includes the file owner @ host name or address.
The preceding section (#) indicates the meaning of the comment.
Each line without comments indicates an application service, which can be followed by its level, in the application, there is an authentication plan task. A Mail mark is printed in the kernel of a service. we generally do not need it when the news Security users are secure.
. Followed by the lowest level debug info (Reminder) notice (Note), warning warn err error crit (severe) alert emerg panic from low to high level
Let's start with line 1 to explain: All the application software whose value is greater than or equal to info will be recorded, all tasks related to the mail verification plan must be sent to this file/var/log/messages.
Row 10th authpriv. * Verify that all authentication information is recorded in/var/log/secure
For example, I entered the fourth terminal and intentionally entered the wrong password. This is a prompt for viewing the log file.
The '-' related to the 13th line of mail indicates asynchronous, indicating that the system will write the information to this file when the system is idle.
17th rows scheduled tasks
20th rows of all severe information sent to each person
23rd lines of UUcp news with more than crit will be stored in