Linux system logs and screen tools

One, Linux system log

Does the log matter? Yes, no logs. How do we know the status of the system? No logs how to troubleshoot a trouble? The log records a variety of things that happen every day in your system, and you can check the cause of the error or the traces of an attacker's attacker. The main functions of the log are: audit and monitoring, but also real-time monitoring system status, monitoring and tracking intruders and so on.
A frequently viewed log file /var/log/message is a core system log file that contains boot messages at system startup and other status messages when the system is running. IO errors, network errors, and other system errors are recorded in this file. Other information, such as the log of a person's identity switch to root and user-defined software (Apache), is also listed here. Typically, it /var/log/messages is the first file to be viewed when troubleshooting. The system has a log polling mechanism that switches a log every week, turning into a message.xxxxxxxx, message.xxxxxxxx, ... messages.xxxxxxxx total of 5 such log files together with messages. The xxxxxxxx here is the file generated in the format of the date, which is implemented by the control of the Logrotate tool, and its configuration file is/etc/logrotate.conf if there is no special requirement please do not modify this configuration file.

  [[email protected] ~]# cat/etc/logrotate.conf # see ' Man logrotate ' for details# rotate log files Weeklyw eekly# Keep 4 weeks worth of backlogsrotate 4# create new (empty) log files after rotating old onescreate# use date as a s Uffix of the rotated filedateext# uncomment this if you want your log files compressed#compress# RPM packages drop log rot ation information into this directoryinclude/etc/logrotate.d# no packages own wtmp and btmp--we ' ll rotate them here/var /log/wtmp {monthly Create 0664 root utmp minsize 1M rotate 1}/var/log/btmp {missingok monthly creat E 0600 root utmp rotate 1}# system-specific logs may be also is configured here.  

/var/log/messages is generated by the syslogd Daemon, and the system does not generate /var/log/messages If this service is stopped , so this service does not stop. The Syslogd Service has a configuration file of /etc/syslog.conf that defines the level of the log, with the need to use man syslog.conf Get more information about it.
In addition to focus on /var/log/messages , you should also pay more attention to DMESG This command, it can display the system's boot information, If you have a hardware problem (such as a network card) with this command can also be seen.

[[email protected] ~]# dmesg |head[    0.000000] Initializing cgroup subsys cpuset[    0.000000] Initializing cgroup subsys cpu[    0.000000] Initializing cgroup subsys cpuacct[    0.000000] Linux version 3.10.0-514.el7.x86_64 ([email protected]) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC) ) #1 SMP Tue Nov 22 16:42:41 UTC 2016[    0.000000] Command line: BOOT_IMAGE=/vmlinuz-3.10.0-514.el7.x86_64 root=UUID=1cec20ae-09f9-4d50-a2eb-5c1b1a4ab741 ro crashkernel=auto rhgb quiet LANG=zh_CN.UTF-8[    0.000000] Disabled fast string operations[    0.000000] e820: BIOS-provided physical RAM map:[    0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009ebff] usable[    0.000000] BIOS-e820: [mem 0x000000000009ec00-0x000000000009ffff] reserved[    0.000000] BIOS-e820: [mem 0x00000000000dc000-0x00000000000fffff] reserved

For a security log, simply describe a few commands or logs.
lastCommand:

 [[email protected] ~]# last |headroot pts/0 192.168.204.1 Wed Jan 31 1        6:45 still logged in root tty1 Wed Jan 22:57 still logged in root pts/0 192.168.204.1 Wed Jan 20:09-22:39 (02:30) reboot system boot 3.10.0-514.el7.x Wed Jan 24 20:08-18:09 (6+ 22:01) root pts/0 192.168.204.1 Wed Jan 19:57-down (00:11) reboot system boot 3.10.0-514.EL7.     x Wed Jan 19:57-20:08 (00:11) root pts/0 192.168.204.1 Wed Jan 18:20-19:56 (01:36) root pts/0 192.168.204.1 Wed Jan 16:58-18:20 (01:21) root pts/1 192.168.204.1 Tue Jan 23 17: 30-18:19 (00:48) root pts/0 192.168.204.1 Tue Jan 16:48-18:19 (01:30)  

lastThe command is used to view log-in Linux history information, from left to right for account name, login terminal, login client IP, and long logon date. The last command output information actually reads the binary log file /var/log/wtmp , but this file cannot be viewed directly using tools such as Cat, Vim, head, tail, etc.
Another log file related to the login information is that the /var/log/secure log file records authentication and authorization information, such as the SSH login system success or failure, will be the relevant information recorded in this log.

Second, screen tool introduction

At work, we may have the need to execute a command or script, but it takes hours or even days. This is to consider a problem, that is, in the middle of the network or other unexpected circumstances, the implementation of the task is interrupted? You can throw commands or scripts into the background, but it's not safe. There are two ways to avoid this problem.

1. Using Nohup

[[email protected] ~]# vim /usr/local/sbin/sleep.sh[[email protected] ~]# cat !$cat /usr/local/sbin/sleep.sh#! /bin/bashsleep 1000[[email protected] ~]# nohup sh /usr/local/sbin/sleep.sh &[1] 3703

Directly add a ' & ' although dropped to the background, but when exiting the terminal, it is likely that the script will also exit, and in front of the nohup is no problem, the role of Nohup is to run the command without hanging off.

2. Use of screen tools

Simply put, screen is a window manager that can multiplex a physical terminal across multiple processes. Screen has the concept of session, users can create multiple screen windows in a screen session, in each of the screens window like the operation of a real SSH connection window.
1. Open a session, enter the screen command directly and then enter to go to the screens session window. If you do not have a screen command, install it:

[[email protected] ~]# screen-bash: screen: 未找到命令[[email protected] ~]# yum install -y screen

Then enter screen to go to the screens session window and view the open session in the session window:

[[email protected] ~]# screen -lsThere is a screen on:        3754.pts-0.zlinux       (Attached)1 Socket in /var/run/screen/S-root.

Ctrl +a then press D to exit the screen session, just exit, and not end. At the end, enter Ctrl +d or enter exit.
After exiting also want to log in to a screen session again, use sreen -r [screen 编号] , this number is the above example of that 3754. When there is only one screen session, the following numbers can be omitted. When you have a command or script that needs to run for a long time, open a screen session and run the task. Press CTRL +a and then d to exit the session without affecting any operations on the terminal window.

Linux system logs and screen tools