2016-4-3 Study Notes

The role of logs
Used to record various events that occurred during the operation of the system and program
Read logs to help diagnose and resolve system failures
Classification of log files
Kernel and system logs
Managed by the system service Rsyslog Unified, the log format basically similar
User log
Record System user login and exit related system information
Program Log
Log files that are managed independently by various applications and are not uniform in record format
Format of rsyslog.conf file
Service level. Log level
AUTHPRIV Certification-related mechanisms
Cron Scheduled Task Cron/at and other places where information records are generated
Daemon
Kern
Mail
Syslog
Local0~local7
News
Level of log messages
0 Emerg (Emergency)
1 Alert (warning)
2 Crit (severe)
3 ERR (Error)
4 WARNING (Reminder)
5 NOTICE (Note)
6 info (info)
7 Debug (Debug)



/var/log/
Lastlog most recent user logon time (called directly with the Lastlog command)
Wtmp user logon, logoff and system on/off events (can be invoked with the WHO and last commands to view)
Secure security events related to user authentication
BTMP security events with user authentication failures (can be called with the Lastb|more command)
/var/run/utmp details of each user currently logged in (directly with WHO and W)
User Login Analysis
Who, W, users, Lastb, last, AC, lastlog

Logger: Writes a line of information directly from the command line to the system log file
Why not use the ">>" instead of the logger command
Because the system log file has its own format, the output result can be formatted with the Logger command
Ping-c 2 www.baidu.com | Logger-it "A ping Test"-p authpriv.info





Log Remote Backup
Edit the/etc/rsyslog.conf configuration file to open the Log remote service on the client
# remote host is:name/ip:port, e.g 192.168.0.1:514, port optional
#*.* @ @remote-host:514
* * @@10.0.10.222:514

Edit the/etc/rsyslog.conf configuration file to receive log services on other machines
# provides UDP syslog reception
$ModLoad IMUDP
$UDPServerRun 514
# provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

NETSTAT-ANPTU |grep RSYSLOGD See if the server side is on Port 514 (RSYSLOGD)
If Port 514 is not turned on, the service Rsyslog is executed directly restart


Change hostname/etc/sysconfig/network do not have the same name as the server hostname
Change the/etc/hosts add hostname and the corresponding IP address ping hostname = = Ping ip


Log Rotation: Logrotate
Log Rotation Master profile:/etc/logrotate.conf
The configuration file for rotating a particular log file is:/ETC/LOGROTATE.D
Log rotation Secondary configuration file:/etc/logrotate.d/*

/bin/kill-hup ' cat/var/run/rsyslogd.pid 2>/dev/null ' 2>/dev/null | | True
-hup suspend process, do not close process, update directly

To rotate a particular log file:
[Email protected] logrotate.d]# vi/etc/rsyslog.conf
Edit the System log file configuration file, add a specific log file type or do not add, directly with the log file itself, here is the add
[Email protected] logrotate.d]# service Rsyslog restart
Restart the System log file service
[Email protected] logrotate.d]# CD/ETC/LOGROTATE.D
Go to the Rotate configuration folder
[[Email protected] logrotate.d]# VI Admin
Edit a new file for a specific rotation
/var/log/admin.log{
Monthly
Size 10M
Rotate 3
Compress

Sharedscripts
Prerotate
/usr/bin/chattr-a/var/log/admin.log
Endscript

Sharedscripts
Postrotate
/usr/bin/killall-hup RSYSLOGD
/usr/bin/chattr +a/var/log/admin.log
Endscript
}
[Email protected] logrotate.d]# chattr +a/var/log/admin.log
Remember, be sure to add "a" attribute to the/var/log/admin.log file, to prevent the deletion of such operations, specifically according to man Chattr
[Email protected] logrotate.d]# logrotate-f/etc/logrotate.conf

Force rotation, verifying results

This article is from the "Sunny Rain" blog, please be sure to keep this source http://8776055.blog.51cto.com/8766055/1759906

2016-4-3 Learning Notes