About Linux logins (logs)

1. Many important information is recorded in the login file, so the permissions to log in to the file are usually read only by root.

1)/var/log/cron: Log of routine work schedule

2)/VAR/LOG/DMESG: Record the information generated by the core detection process when the system is powered on.

3) Var/log/lastlog: Can record all the accounts above the system last login system information, Lastlog instruction is to use this file to display.

4)/var/log/maillog or/var/log/mail/*: Record the message information, in fact, is mainly recorded SendMail (STMP agreement provider) and Deovecot (POP3 protocol Provider) generated by the message. SMTP is the communication protocol used for sending letters, and POP3 is the communication protocol used by the recipient. SendMail and Dovecot are two sets of software to achieve communication protocols.

5)/var/log/message: This file is very important, almost the system error messages (or important information) will be recorded in this file, if there is an inexplicable error, this file is always to check the login file.

6)/var/log/secure: Basically as long as it involves the need to enter the account password software, then when logged in (regardless of login correct or error) will be recorded in this file. Including the system login program, graphical interface login using the GDM program, Su,sudo and other programs. There are online ssh,telnet and other programs, log in information will be recorded here.

7)/var/log/wtmp,/var/log/faillog: These two files can record the correct login account information (WTMP) and error log in using the account information (faillog), last instruction is to read wtmp to display.

8)/var/log/httpd/*,var/log/news/*,var/log/samba/*: Different Web services will use their own login files to record their own generated messages, the above directory is the individual services specified by the login file.

2. The services and programs we need to access the required features of the login file are:

1) syslogd: The main login system and network services such as information

2) KLOGD: Information generated by the main login core

3) Logrotate: The main function of the rotation of the login file

3.SYSLOGD: Log the Login file service

1) configuration file (/etc/syslog.conf) Interpretation: Record what level of information about what service is recorded in that device or device.

2) The services that the Syslog recognizes are:

Auth (AUTHPRIV): The main certification-related mechanisms. such as LOGIN,SSH,SU, such as the need for account, password instructions

Cron: is a routine work scheduling cron/at and other information records where

Daemon: Messages related to each daemon

Kern: That's where the core generates the message.

LPR: Print related messages

Mail: Message-related messages belong to this

News: Something about the newsgroup server

Information generated by the SYSLOG:SYSLOGD itself

USER,UUCP,LOCAL0~LOCAL7: There are some messages about the UNIX like machine itself

3) Log level

Info: Just a few basic message descriptions.

Notice: Some information content that needs to be noticed more than info

Warning: Warning information, may have a problem, but not to affect the information of a daemon operation, basic health, Info,notice,warn these three messages are to inform some basic information, should not cause some system operation trouble

ERR: Some significant error messages, such as a description of the information that the service cannot start due to some of the settings of the configuration file, usually through the error message of err, you can generally understand why the service could not start

Crit: More serious error than err

Alert: Warning, more serious problem level than Crit

Emerg (Panic): Refers to the system has been almost to the state of the machine, very serious error message. This is usually caused by hardware problems that prevent the entire core from running smoothly, and then a level of information appears. 、

Debug: Error detection level

None: Unwanted login level (multi-use excluded)

4) Some special symbols:

.: The level higher than the back (including this level) will be recorded, Eg:,mail.info represents as long as the mail message, and the information level is higher than info (including the info itself), it will be recorded

. =: Represents the required level is the next level

.!: Not equal to, that is, other than the level of the record

5) at the time of the specified path, there will be a '-', which means that the log information generated by the service is first recorded in memory (buffer), until the number is large enough to write all the data to disk at once, which helps to improve the access performance of the log file. However, there is a risk that data loss may occur when the machine is not properly shut down.

4.logrotate: The rotation of the login file after the specified time.

1) configuration file (/ETC/LOGROTATE.CONF,/ETC/LOGROTATE.D): Wherein, logrotate.conf is the main parameter file, and LOGROTATE.D is a directory, all the files in the directory will be actively read into/ Etc/logrotate.conf in the middle. In addition, in the/etc/logrotate.d/file, if there is no provision to some of the detailed settings, then/etc/logrotate.conf this file as the default value.

2) logrotate work process: Move the old log file to an older old file, and create a new empty file to record, in the case of a message,

First time: Message->message.1

Second time: message->message.1->message.2

Third time: message->message.1->message.2->message.3

Fourth time: Message->message.1->message.2->message.3->message.4

Note: The change is recursive, such as the second time, the message is renamed to Message.1,message.1 and renamed to Messsage.2, and then a new message is created.

3)/etc/logrotate.conf file interpretation:

Weekly: Presets are scheduled to be run once a week

Rotate 4: Save the number of login files

Create: Because the login file is renamed, create a new one to continue the storage

#compress: If the changed log file needs to be compressed.

INCLUDE/ETC/LOGROTATE.D:/etc/logrotate.d/All the files in this directory to perform rotate work

/var/log/wtmp{multiple directories can be separated by spaces

Monthly: Once a month, instead of once a week

MinSize: File capacity must exceed 1M before rotate (skip time parameter

Create 0664 root utmp: Specify permissions for new profile and account/group

Rotate 1: Save only one, WTMP.1.

}

If you want to execute a script (calling an external instruction for additional command release), you can include the instruction in the sharedscripts instruction (absolute path) endscript. The meaning of some of these special tags:

Prerotate: Instructions to be made before starting logrotate, such as modifying file properties

Postrotate: A command that starts after logrotate, such as restarting a service.

5.logrotate [-VF] logfile: Instruction logrotate Service, parameters,

1)-V: Start display mode, will show the process of logrotate operation

2)-F: Forces each login to enter the rotate action regardless of whether it conforms to the profile data.

The instruction is added to the crontab, so it is executed automatically every day.

This article is from "Tiger Brother's Blog" blog, please be sure to keep this source http://7613577.blog.51cto.com/7603577/1601679

About Linux logins (logs)