System Management-Part 1-Log Management and Analysis

Source: Internet
Author: User
Tags syslog

Horizontal set-log management: This part includes some open source technologies, which are basically for host-based log records, log file dump, and log file analysis. Many tools are free and open-source software and are integrated in many major Linux systems, including mainstream RetHat and Novell.

◆ I Logrotate

Logrotate is a popular application tool in a large number of Linux systems, including all RedHat and SUSE-based systems. Logrotate is mainly controlled by a cron Task Scheduler) to run periodically. Logrotate will read the log file/ect/logrotate. conf), and then archive and compress the log file according to the configuration information. The system administrator can configure the time when the log file needs to be dumped based on the number of days and size, and how long the backup log needs to be maintained, so that the old archived log file can be replaced by the new archived log.

◆ Ⅱ Syslogd and klogd

A typical Linux system uses a daemon background program called syslogd to capture log information from a user space application, record it as a text log file, or send it to a log recording host over the network. Syslogd is usually accompanied by a program named klogd, which is used to capture and record kernel information.

The behavior of the Syslogd program can be configured through the/etc/syslog. conf configuration file. All information captured by syslog is classified by facility and priority. This information can then be completely discarded by being sent to a special log file or log recording host, or based on their facility device) and priority behavior level.

List of Syslog facilities and priorities

◆ Ⅲ Syslog-ng
The Syslog-ng application is an enhanced porting Implementation of traditional syslog daemon. It provides many of the same features as standard syslog daemon, and also includes some additional features, such as the content-based advanced message filtering feature, recorded through UDP or TCP remote logs, write logs into a database like MySQL or PostgreSQL. Many recent SUSE-based systems, such as SLES10, have changed syslog-ng as the default syslog service.

◆ IV Viewing logs

Most of the log files in Linux are stored as plain text, which means you can view and parse them using a large number of different command line tools. Typical commands such as tail, head, grep, cat, less, more, sed, more, sed, and awk can be used to view log information through the command line.

There are also many tools to parse and view log files through GUI interfaces or web browsers. Some tools can even process special log formats, such as those generated by the Linux Netfilter firewall subsystem.

GNOME System Log Viewer

The GNOME system includes a GTK-Based System Log observation program, which displays system logs through the GUI.

YaST System Log Module

SUSE-based systems use YaST that contains the View System Log Module, also known as view_anymsg), similar to GNOME System Log viewer, the YaST module allows system administrators to observe many different types of system logs without using command lines.

◆ V Log Analysis

LogWatch

Logwatch is used to parse system logs, locate any data that may indicate security risks or system errors, and send an email to the specified address. Logwatch and RetHat Enterprise Linux are released together. The following is a summary from the PRM description.

"LogWatch is a customizable log analysis system. LogWatch can parse system logs in a given period of time and create a detailed report to analyze your specified region. LogWatch is easy to use and claims that it can work properly on any system. Note that LogWatch now analyzes Samba logs ."

LogWatch runs cyclically through cron.

LogCheck:

The Logcheck tool is part of the Sentry Tools Project. The Sentry Tools project also includes portsentry, a tool used to monitor port scanning. Similar to the LogWatch tool, Logcheck is used to parse system logs and send an email to a specified address to discover data that may indicate security issues. Like LogWatch, Logcheck is periodically executed using the cron tool.

This is the log management and analysis part. Now we only have the last article left. Of course, we hope you will obtain useful information for you. If you are using other tool sets or customizable scripts to manage and analyze logs, please share your experience with us. Please send us feedback. Thank you!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.