Linux commands: syslog Log service-system reduction increases log service functionality

Syslog Service:

SYSLOGD: System Log service, non-kernel generated information

KLOGD: Kernel Log service, specifically responsible for recording the log information generated by the kernel

Service syslog Restart Restart log Services

Service Syslog reload does not restart log services to make the Log service configuration file effective immediately

Configuration file:/etc/syslog.conf

configuration file Format: facility.priority action #facility谁产生的日志, the level of log generated by priority, action on these logs (for example, saved to that path document)

facility, which can be understood as the source of the log or device currently used by facility, has the following types:

Auth #认证相关的

Authpriv #权限, Licensing related

Cron #任务计划相关的

Daemon #守护进程相关的

Kern #内核相关的

LPR #打印相关的

Mail #邮件相关的

Mark #标记相关的

News #新闻相关的

Security #安全相关的, similar to auth

Syslog #syslog系统日志自己的

User #用户相关的

UUCP #unix to UNIX CP related

Local0 to Local7 #用户自定义使用

* #* means all the facility

The level of the priority log levels, which generally have the following levels (from low to high)

Debug #程序或系统的调试信息

Info #一般信息

Notice #不影响正常功能, need to be aware of the message

Warning/warn #可能影响系统功能, need to remind users of important events

Err/error #错误信息

Crit #比较严重的

Alert #必须马上处理的

Emerg/panic #会导致系统不可用的

* #表示所有的日志级别

None #跟 * Instead, it means that Satan has no

Location of the Action (action) log record

The absolute path on the system #普通文件 such as:/var/log/xxx

| #管道 sent to other command processing by pipeline

Terminal #终端 such as:/dev/console

@HOST #远程主机 such as: @10.0.0.1

User #系统用户 such as: root

* #登录到系统上的所有用户, the general Emerg level of the log is defined like this

Example:

mail.info-/var/log/mail.log #表示将mail相关的, information records at levels above info and info

To the/var/log/mail.log file-indicates that the asynchronous write is placed in memory before being synchronized to the hard disk, no-Indicates a synchronous write

Auth.=info @10.0.0.1 #表示将auth相关的, information of level info is logged to 10.0.0.1 host

If 10.0.0.1 to receive log messages from other hosts

user.! =error #表示记录user相关的, excluding error level information

user.! Error #与user. Error instead, record information that is lower than the error level and does not include error

*.info #表示记录所有的日志信息的info级别

Mail.* #表示记录mail相关的所有级别的日志信息

*. * #表示记录所有的日志所有级别的信息

Cron.info;mail.info #表示记录cron和mail的info及以上级别的日志信息,

multiple logs with ";" Separated

Cron,mail.info #与cron. Info;mail.info is the same meaning

mail.*;mail.! =info #记录mail相关的所有级别信息, but does not include the info level

From the system boot to the loading of the kernel to the physical terminal to open the process, the resulting log information is the kernel log

kernel---physical terminal (console)--/VAR/LOG/DMESG

The log generated by this process is saved in/VAR/LOG/DMESG

You can view the kernel log information in the following ways:

1. View by command: DMESG

2, directly view the kernel log information saved documents: CAT/VAR/LOG/DMESG

When the system executes the/sbin/init file, it indicates that the system starts to load the virtual terminal and pseudo terminal, and the post log is the system log.

/var/log/messages: System standard error log information, non-kernel generated boot information, the system generated by each subsystem

/var/log/maillog: Log information generated by the mail system;

/var/log/secure: Record information about the login system

[Email protected] ~]# tail/var/log/secure

Dec 07:35:47 localhost sshd[31767]: Accepted password for root from 10.109.134.247 Port 59456 ssh2

Dec 07:35:47 localhost sshd[31767]: Pam_unix (sshd:session): Session opened for user root by (uid=0)

Dec 09:46:19 localhost sshd[4022]: Pam_unix (sshd:session): Session closed for user root

Dec 07:22:11 localhost sshd[12087]: Accepted password for root from 10.109.134.247 Port 52122 ssh2

Dec 07:22:11 localhost sshd[12087]: Pam_unix (sshd:session): Session opened for user root by (uid=0)

Experimental Purpose (add log service to thin Linux)  

Pre-Preparation: A streamlined Linux system has been installed

Add the IDE hard disk to the host virtual machine, and divide the 2 partitions and mount:

Mount/dev/hda1/mnt/boot

Mount/dev/hda2/mnt/sysroot

[Email protected] ~]# cd/mnt/sysroot/

[[email protected] sysroot]# ls sbin/

Acpid fbsplash hdparm klogd mkdosfs nameif syslogd depmod Getty Init Man Modinfo Route switch_root Devmem Halt insmod mdev modprobe runlevel sysctl

[[email protected] sysroot]# vim etc/rc.d/rc.sysinit Add two lines of content

#!/bin/sh

#

.......

Mount-a

Swapon-a

echo "Start syslog ..."

syslogd new Add System Log service process boot up

KLOGD new Add kernel Log service process boot up

[[email protected] sysroot]# vim etc/syslog.conf new log service configuration file

*.info/var/log/message #新增改行信息, info and above information for all devices and systems are recorded synchronously into/var/log/message to ensure that the/var/log directory is stored In.

[Email protected] sysroot]#

[[Email protected] sysroot]# Sync is written to the hard drive

[[Email protected] sysroot]# Sync

[Email protected] sysroot]#

This article is from the "Learn Linux history" blog, please be sure to keep this source http://woyaoxuelinux.blog.51cto.com/5663865/1885016

Linux commands: syslog Log service-system reduction increases log service functionality