Analysis of log systems from entry-level to proficient in Blackhorse Korean prefix linux

Source: Internet
Author: User

From getting started to being proficient in analyzing the log system agenda understanding syslog system familiar with syslogd configuration files and Their syntax learn to view system logs understand the necessity of log rolling and how to implement syslog what is syslog. logs are mainly used for system auditing, detection tracking, and analysis statistics .. To ensure the normal operation of the linux system and accurately solve various system problems, reading log files carefully is a very important task for administrators .. The Linux kernel consists of many subsystems, including network, file access, and memory management. The subsystem needs to send some messages to users, including the sources and importance of the messages. All subsystems send messages to a public message area that can be maintained, so syslog is available .. Syslog is a comprehensive logging system. Its main function is to facilitate log management and classify log storage. Syslog frees programmers from the heavy and mechanical efforts to write Log File Code. Each program has its own logging policy. The Administrator has no control over the information stored or stored. The configuration file of syslogd. syslogd specifies the events to be monitored in the system and the storage location of corresponding logs in/etc/syslog. conf .. Cat/etc/syslog. cong syslogd level field. level field is used to specify the level and priority related to each function: alert-situations that require immediate attention. Crit-reports of dangerous situations. Err ---- except for emerg, alert, and crit errors. Warning ---- warning information. Notice ---- situations that require attention. Info ---- information worth reporting. Debug ------ messages caused by programs running in debug mode. None ----- is used to disable any messages. * ------ All levels. Except none. Emerg-the system becomes unavailable due to an emergency. Syslogd action field. The action field is used to describe the action of the corresponding function. File ----- specify an absolute path log file to record the log information. Username ----- send a message to a specified user. * indicates all users. Device --- send a message to a specified device, such as/dev/ls. @ Hostname sends the message to the resolved remote host hostname, which must be running syslogd and be able to identify the syslog configuration file. View log files. Common log files .. Log files are usually stored in the/var/log directory. In addition to syslogd logs, this directory also contains the logs of the applications used .. To view the log file content, you must have the root permission. The information in the log file is very important. It only allows the super user to access the file. Logcups/------ stores the log records of the cups printing system. Httpd/--- logs apache access logs and Error Log directories. Mail/---- directory for storing mail logs. News/---- stores the log directory of the INN news system. Boot. log ---- record the system startup log. Dmesg ----- record the message log at system startup. Maillog-records the mail system logs. Messages ---- info or higher-level message logs recorded by syslogd. Secure ------- authentication logs recorded by syslogd. WTMP-a permanent record of the entry and exit times of each user login. View text log files. Most log files are plain text files, and each line is a message. Any tool that can process plain text in linux can be used to view log files. You can use cat, tac, more, less, tail, and grep for viewing. Each line in the. File represents a message and is composed of four fixed formats.. Timestamp: indicates the date and time when the message is sent .. Host Name: the name of the computer on which the message is generated .. The name of the subsystem that generates the message. It can be "kernel", indicating the name of the message from the kernel or process, indicating the name of the program that sent the message .. The process PID is in square brackets .. Message: the content of the message. # Strings wtmp # ls # strings btmp view non-text log files. some log files are binary files and need to be read using the corresponding commands # lastlog | more. use the lastlog command to check the last logon time of a specific user and format and output the last logon log/var/log/lastlog .. The last. last Command returns/var/log/wtmp to display the users that have logged on since the first file creation .. Search for/var/log/btmp by the lastb. lastb command to display information about unsuccessful logon .. # Run the last-f btmp. who. who command to query the wtmp file and report to each user currently logged on. The default output of the who command includes the user name, terminal type, logon date, and remote host .. The information displayed by w. w is more detailed. Log rolling. why use Log scrolling. all log files will increase rapidly over time and the number of visits. Therefore, you must regularly clean up log files to avoid unnecessary disk space waste. It also accelerates the time used by the system administrator to view logs, because opening small files is much faster than opening large files .. The logrotate command is in the format of logrorate [Option] <configfile>-d: displays the command execution process in detail to facilitate troubleshooting or understanding program execution. -F: the log file maintenance operation is forcibly started, even if the logrotate command is not required. -M command: Specifies the mail sending program. The default value is/usr/bin/mail. -V: detailed information is displayed when the execution log is rolled .. The default main configuration file of logratate is/etc/logratate. conf. /etc/logratate. d. These files are included in the main configuration file/etc/logratate. conf.. The basic format of each file is the same. # cat/etc/logratate. d/syslog

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.