Anatomy of LOG files in Linux

Source: Internet
Author: User
Tags ftp connection syslog unix domain socket

A log file is a collection of records or files used to record system operation events. The operating system has an operating system log file, and the database system has a database system log file. Today we will introduce the LOG files.

Network management mainly relies on SystemLOG, That is, what we often call log files, to obtain intrusion traces, your incoming IP addresses, or other information. Of course, some network administrators use third-party tools to record traces of intrusions into their computers. Here we mainly talk about GeneralLinuxThe system records the files you trace.

Where are these LOG files? This mainly relies on the UNIX system you enter. Each system has some different LOG files, but most of them should have similar locations. The most common location is as follows:

/Usr/adm-earlier versions of UNIX

/Var/adm-use this location for a new version

/Var/log-use this location for some versions of Solaris, linux BSD, and Free BSD.

/Etc-put utmp here in most UNIX versions, some also put wtmp here, and syslog. conf here

The following files vary depending on your directory:

Acct or pacct-records the Command records used by each user

Access_log -- records the websites connected to your server when the server runs ncsa httpd.

Aculog-stores the MODEMS records you dial out.

Lastlog-records the most recent LOGIN records of the user and the initial destination of each user, and sometimes the records of LOGIN that are not successful at the end.

Loginlog-records abnormal LOGIN records

Messages -- records the records output to the system console. Other information is generated by syslog.

Security -- Record some examples of attempts to access the restricted scope using the UCP System

Sulog -- Record the records using the su command

Utmp-records all users currently logged on to the system. This file is constantly changing as the user enters and leaves the system.

Utmpx -- UTMP Extension

Wtmp -- record user logon and exit events

Syslog-the most important log file. Use the syslogd daemon to obtain log information:

/Dev/log -- a UNIX domain socket that receives messages from processes running on a local machine.

/Dev/klog-A device that receives messages from the UNIX Kernel

Port 514-an INTERNET socket that receives syslog messages from other machines over UDP.

Uucp-the recorded UUCP information can be updated by a local UCP activity or modified by an action initiated by a remote site. The information includes sent and received calls, sent requests, and senders, sending time and sending host

Lpd-errs-logs used to process Printer fault information

Ftp log -- execute ftpd with the-l option to obtain the record Function

Httpd log-the HTTPD server records each WEB access record in the log

History Log-this file stores records of the user's recent commands

Vold. log-records errors encountered when using external media

======================================

Other types of log files-

======================================

Some types of LOG files do not have a specific title, but start with a specific flag. You can find the following mark in the header, which generally indicates that this is a LOG file, you can edit it:

Xfer -- indicates an attempt to transfer a prohibited file.

Rexe -- indicates attempting to execute an unsupported command

There are many other types of LOG files, mainly caused by third-party software, or even the fucking network administrator has set an "eye" on his system, therefore, you need to take a closer look at what you think may be a LOG file.

Many administrators prefer to put LOG files in the same directory for management. Therefore, you need to check whether other LOG files are stored in the directory where the LOG files you find are located. If yes, you know how to do this.

Another thing you should pay attention to is the file related to the LOG user MAIL. This file name can be varied, or sometimes it is part of the syslog file. You need to know the information recorded by syslog. You can view the information in syslog. conf. The directory of this file is in/etc.

======================================

Audit trail for Windows NT

======================================

Almost every transaction in windows nt can be audited to a certain extent. In windows nt, you can open audit-EXPLORER and user manager in two places. In EXPLORER, select Securtiy, then select Auditing to use the almost Directory Auditing dialog box. The system administrator can select valid and invalid file access in this window. In user manager, the system administrator can select audit policies based on the success and failure of various user events, such as logon and exit, file access, illegal permissions, and system shutdown.

Windows nt stores its log files in a special format, which can be read by event viewer. The event viewer can be found in the administrative tool program group. The system administrator can use the Filter option of Event Viewer to select the log entries to view based on certain conditions. The viewing conditions include category, user, and message type.

Windows nt stores audit information in three separate log files:

The Application Log-file contains information generated by applications registered with nt security authority.

Security Log-includes System Access Information that identifies Security providers and customers through NT.

System Log-contains information about all System-related events.

Windows nt ftp connection logs:

Windows nt can record inbound FTP connections. After modification in the registry, can you record connections established by anonymous, normal, or two users, you can view these log entries in the event viewer.

Windows nt httpd transaction

The system administrator can use the HTTPD service of NT to record access attempts to specific files in logs. You can select an Activation Log feature from the HTTPD Configuration tool on the control panel.

We have learned about the LOG files in Linux, and hope to help you.

  • Video card configuration for Linux Device Configuration
  • Techniques for improving socket performance in Linux to minimize packet transmission latency
  • Modify the resource core of an independent kernel and dual core of an embedded Linux System
  • Linux server cluster system implements virtual server VS/TUN through IP tunnel)
  • Detailed description of the actual configuration of SlowLog in MySQL
  • Logrotate configuration in Linux
  • 2.11.6 Crash Logs Tab

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.