Composition of Linux system logs

Linux system logs constitute the main log subsystem: 1. connection time log-logs are written to/var/log/wtmp and/var/run/utmp and login programs to update the wtmp and utmp files, enables the system administrator to track who is logged on to the system at any time. 2. process statistics --...
Linux system logs constitute the main log subsystem: 1. connection time log-logs are written to/var/log/wtmp and/var/run/utmp and login programs to update the wtmp and utmp files, enables the system administrator to track who is logged on to the system at any time. 2. process Statistics-executed by the system kernel. When a process terminates, each process writes a record to the process statistics File (pacct or acct. Process statistics are used to provide command usage statistics for basic services in the system. 3. error log-executed by syslogd (8. Various system daemon processes, user programs, and kernels report noteworthy events to files/var/log/messages through syslog (3. In addition, many UNIX programs create logs. Servers that provide network services such as HTTP and FTP also maintain detailed logs. Commonly used log files for www.2cto.com are as follows: access-log record HTTP/web transmission acct/pacct record user command aculog record MODEM activity btmp record failure record lastlog record recent successful login events and last unsuccessful log on to messages to record information from syslog (some links to the syslog file) sudolog records the use of sudo commands sulog records the use of syslogs using the su command to record information from syslogs (usually linked to the messages file) utmp records the number of currently logged-on users. each user wtmp records the number of permanent records for each login entry and exit time. xferlog records FTP sessions. delete logs directly: 1. delete all logs: find/var-type f-exec rm-v {}\; (the last semicolon is also part of the required command) 2. set/etc/logrotate. d/sy The slog file controls the log file size. 3. if you really want to manually clear some log files, you can run the command:>/var/log/message. This command clears the content in the file message. You can also add this command to a cron task. Linux detailed log parsing: unix system log files are usually stored in the "/var/log and/var/adm" directory. Generally, we can view syslogs. conf to check the log configuration. for example, cat/etc/syslog. in conf, sunos is under/var/log and/var/adm. there is also a link with/usr/adm as/var/adm. under/var/log and/var/run for www.2cto.com redhat. the following is a log sample in sun os5.7. # ls/var/admacct log messages.1 passwd sulog vold. log aculog messages messages.2 sa utmp wtmp lastlog messages.0 messages.3 spellhist utmpx wtmpx # ls/var/logauthlog syslog syslog.1 syslog.3 sysidconfig. log syslog.0 syslog.2 syslog.4 contains the log sample in redhat6.2. www.2cto.com # ls/var/logboot. log dmesg messages.2 secure uuucp boot. log.1 htmlaccess. log messages.3 secure.1 wtmp boot. log.2 httpd messages.4 secure.2 wtmp.1 boot. log.3 lastlog netconf. log secure.3 xferlog boot. log.4 mailllog netconf. log.1 secure.4 xferlog.1 cron maillog netconf. log.2 sendmail. st xferlog.2 cron.1 maillog.1 netconf. log.3 spooler xferlog.3 cron.2 maillog.2 netconf. log.4 spooler.1 xferlog.4 cron.3 maillog.3 news spooler.2 cron.4 maillog.4 normal. log spooler.3 daily. log messages realtime. log spooler.4 daily. sh messages.1 samba transfer. log # ls/var/runatd. pid gpm. pid klogd. pid random-seed treemenu. cache www.2cto.com crond. pid identd. pid netreport runlevel. dir utmp ftp. pids-all inetd. pid news syslogd. the general logs to be cleared for pid include: lastlogutmp (utmpx) wtmp (wtmpx) messagessyslog author wuweilong