Analysis of linux logs and linux logs
In linux, the connection time logs are generally recorded by the/var/log/wtmp and/var/run/utmp files. However, these two files cannot be directly viewed by cat, the file is automatically updated by the system. You can view the file by using the w, who, finger, id, last, lastlog, and ac commands.
For process monitoring logs in linux, process monitoring logs are effective in monitoring user operation commands, you can view the process Statistics log when the server recently finds that the server often goes down without reason or is deleted without reason. We use accton/var/account/pacct to enable process Statistics log monitoring. We can use lastcomm to view process statistics logs.
In linux, Log service is managed by a service named syslog. For example, syslog Log service drives many files, for example,/var/log/lastlog records the time when the last user successfully logs in and the IP address of the login, /var/log/messages records common system and service error messages of linux operating systems, /var/log/secure records linux system security logs, user and Working Group changes, user logon authentication information, And/var/log/btmp records linux logon failures. user, time, and remote IP address, /var/log/cron records the execution of scheduled tasks.
The syslog service is managed by two important configuration files:/etc/syslog. conf main configuration file and/etc/sysconfig/syslog auxiliary configuration file, while/etc/init. d/syslog is the startup script.
After the system has been working for a certain period of time, the log file content will increase with the increase of time and traffic, and the log file will become larger and larger. When the log file exceeds the control of the system, this will affect the system performance. The dump mode can be set to annual dump, monthly dump, weekly dump, or a certain size dump.
In linux, we often use logrotate to dump logs. Combined with cron scheduled tasks, we can easily dump log files. The dump mode is set to/etc/logrotate. conf configuration file control.