Linux system logs, screen tools

1. Linux System Log

Does the log matter? Yes, no logs. How do we know the status of the system? No logs how to troubleshoot a trouble? The log records a variety of things that happen on a daily basis, which you can use to check for the cause of the error or the traces that the attacker left when it was attacked. The main functions of the log are: audit and monitoring, but also real-time monitoring system status, monitoring and tracking intruders and so on.
The log file we often look at is/var/log/message, which is the core system log file that contains boot messages at system startup and other status messages when the system is running. IO errors, network errors, and other system errors are recorded in this file. Other information, such as the log of a person's identity switch to root and user-defined software (Apache), is also listed here.

Enter the command ls/var/log/messages, enter, see,

Then use the command less!$ to see it, see,

You can see that there are a variety of information recorded in the log. You can exit by pressing the letter "Q". Typically,/var/log/messages is the first file to be viewed when troubleshooting. Then you will certainly say, so many logs are recorded in this file, if there is a lot of services on the server is not this file will soon be written very large. Now look at the size of the log file, input command Du-sh!$, enter, see,

3.5M, much smaller than the imagination. This is because the system has a log polling mechanism that switches a log every week to Message.xxxxxxxx, message.xxxxxxxx, ... messages.xxxxxxxx together with messages there are altogether 5 such log files. The xxxxxxxx here is the file generated in the format of the date, which is implemented by the control of the Logrotate tool, and its configuration file is/etc/logrotate.conf if there is no special requirement please do not modify this configuration file.
then look at the configuration file/etc/logrotate.conf, use the Cat command to see, see,

It says, you can use the command man logrotate to see more detailed information. Next show cut 1 times every week, a total of 4 cut, equivalent to retain 1 months meaning, cut out will create a new file, suffix with the date, the file can be compressed. There is also a profile/ETC/LOGROTATE.D, followed by a cut-once-per-month file/var/log/wtmp and/var/log/btmp, save only one file, created by the time also set the file permissions, owner and group.
Next, enter the command LS/ETC/LOGROTATE.D view the file, enter, see,

/var/log/messages is generated by the syslogd daemon, if the service is stopped, the system will not produce/var/log/ Messages, so this service does not stop. SYSLOGD service configuration file for/etc/syslog.conf This file defines the level of the log, specific details are no longer elaborated, because if there is no special requirement is not necessary to modify the configuration file, please use man syslog.conf to get more information about it.

About the configuration file, so much content, you want to learn more about, you can refer to https://my.oschina.net/u/2000675/blog/908189.

In addition to focus on/var/log/messages, but also should pay more attention to DMESG This command, it can display the system's boot information, if you have a hardware problem (such as a network card) with this command can also be seen. Enter DMESG, direct enter, see,

Very much content, only the last screen is intercepted. Displays the system hardware-related logs, which are stored in memory and can be emptied using the command dmesg-c, see,

This is just the screen, and then the system restarts. Then look at the log file, LS/VAR/LOG/DMESG, see,

This is a system startup log, and/var/log/messages This file has no connection. Input LESS/VAR/LOG/DMESG, enter, see,

Too much content, or a screenshot.
Then explain the last command, directly enter last, return, see,

The last command is used to view log in Linux history information, from left to right for account name, login terminal, login client IP, logon date and time long. The last command output information is actually read the binary log file/var/log/wtmp, but this file can not be directly used in cat, Vim, head, tail and other tools to view.
The command corresponding to last is LASTB, enter directly, see,

To view the user who failed the login, the corresponding binary log file is/var/log/btmp, similar to/var/log/wtmp.
Another log file related to the login information is/var/log/secure, the log file records authentication and authorization information, such as the SSH login system success or failure, will be the relevant information recorded in this log. Enter command Less/var/log/secure, enter, see,

Later in the daily management work to develop the habit of looking at the log more, especially some application software logs, such as Apache, MySQL, PHP and other commonly used software, look at their logs (error log) can help us to troubleshoot problems and monitor their health is good.

2. Screen Tools

Sometimes, we might have the need to execute a command or script, but it takes hours or even days. This is to consider a problem, that is, in the middle of the network or other unexpected circumstances, the implementation of the task is interrupted? You can throw commands or scripts into the background, but it's not safe. There are two ways to avoid this problem.

Using Nohup

Throw the task in the background, plus a log output, although not output to the screen, output to the log is also possible. Nohup command & with commands, where command is the meaning of the log. Directly add a ' & ' although dropped to the background, but when exiting the terminal, it is likely that the script will also exit, and in front of the nohup is no problem, the role of Nohup is to run the command without hanging off.
Although this command can guarantee uninterrupted operation, it is not possible to see the output of the task in real time.

Using screen

The screen tool can fill the disadvantages of the Nohup tool. Simply put, screen is a window manager that can multiplex a physical terminal across multiple processes. Screen has the concept of session, users can create multiple screen windows in a screen session, in each of the screens window like the operation of a real SSH connection window. A simple application of screen is described below.
Need to install first, enter the command Yum install-y screen, enter, see,

After installation, direct input screen, enter, see,

This enters a screen window, which is equivalent to a virtual terminal. The use of the W command is not visible. Now run a command Vmstat 1, which is a constantly running command, enter, see,

Using the command ctrl A + D, you can throw the screen window into the background. CTRL A is pressed at the same time, and D is followed by. And then just go back to the original interface, see,

The first red box shows the screen window that was running in the background just now, with the ID 3847. Back to the screen window just now, use the command screen-r 3847, enter, see,

Stop command using CTRL + C, do not want this screen window, enter exit Return or hold Ctrl+d, you can terminate.

You can then see screen is terminating, meaning screen terminates. Then, using the command Screen-ls, you won't see screen running.

You can also use multiple screen windows at the same time, see

Enter screen carriage return, then use CTRL A + D to exit screens, operate 3 consecutive times, and create 3 windows. You can also see 3 windows using Screen-ls. To enter one, use the command screen-r ID number. Here is another problem, 3 windows in addition to the ID is not the same, the other information is the same, if the mixed up how to do? There is a parameter S (uppercase) that resolves this problem and renames the screen window. Enter command Screen-s "Test_screen", enter, see,

Directly into the first screen window, enter the contents of sleep 100, do not enter, in order to wait for the distinction. Then use Ctrl A + D to exit. Then use the command Screen-ls to view, see,

Can see a renamed to Test_screen screen window, after entering the time, Screen-r can add 4050, you can add Test_screen, enter, you can see just entered the sleep 100. The picture is no longer shown here.

Linux system logs, screen tools