10. System log (Linux)

Source: Internet
Author: User
Tags syslog system log rsyslog chrony

Tags: linux system system log

1.System log default classification

/ var / log / messages ## System services and logs, including service information, errors, etc.
/ var / log / secure ## System authentication information log
/ var / log / maillog ## System mail service information
/ var / log / cron ## System scheduled task information
/var/log/boot.log ## System boot information

2. Log management service rsyslog

rsyslog is responsible for collecting logs and storing logs in categories

vim /etc/rsyslog.conf ## Main configuration file

Configuration content



Service.log level / storage file
*. * / var / log / westos


systemctl restart rsyslog

3. Log synchronization

(1) systemctl stop firewalld ## Close the fire wall of the two hosts

(2) vim /etc/rsyslog.conf ## Main configuration file
Configure log sender
*. * @ 172.25.0.11 ## Send logs to 11 hosts via udp protocol,



@udp, @@ tcp

Configure log acceptor
15 $ ModLoad imudp ## Log receiving plugin
16 $ UDPServerRun 514 ## Port used by log receiving plugin

650) this.width = 650; "src =" https://s1.51cto.com/wyfs02/M01/8F/E8/wKiom1jttUKBfs7FAAGpjbaw1JY620.png-wh_500x0-wm_3-wmp_4-s_3446375481.png "title =" Screenshot from 2017 -04-09 22-12-16.png "alt =" wKiom1jttUKBfs7FAAGpjbaw1JY620.png-wh_50 "/> (3) systemctl restart rsyslog

(4) netstat -anulpe | grep rsyslog (log receiver)

(5) Test
> / var / log / messages ## Make both sides
logger test ## Log sender

tail -f / var / log / messages ## Log receiver

650) this.width = 650; "src =" https://s5.51cto.com/wyfs02/M00/8F/E8/wKiom1jttXHCCSpEAAJRmfMpYdk858.png-wh_500x0-wm_3-wmp_4-s_1829079580.png "title =" Screenshot from 2017 -04-09 22-26-09.png "alt =" wKiom1jttXHCCSpEAAJRmfMpYdk858.png-wh_50 "/>

4. Log collection format
$ template WESTOS, "% timegenerated%% FROMHOST-IP%% syslogtag %% msg% \ n"

% timegenerated% ## Show log time
% FROMHOST-IP% ## show host ip
% syslogtag% ## Logging target
% msg% ## Log content
\ n ## Newline


* .info; mail.none; authpriv.none; cron.none / var / log / messages; << WESTOS >>

650) this.width = 650; "src =" https://s1.51cto.com/wyfs02/M00/8F/E7/wKioL1jttiDAkr2EAAD4A3iitxQ866.png-wh_500x0-wm_3-wmp_4-s_670096575.png "style =" float: none ; "title =" Screenshot from 2017-04-10 17-48-03.png "alt =" wKioL1jttiDAkr2EAAD4A3iitxQ866.png-wh_50 "/>



650) this.width = 650; "src =" https://s1.51cto.com/wyfs02/M02/8F/E7/wKioL1jttiGjeegLAAEH-w50Jb0574.png-wh_500x0-wm_3-wmp_4-s_1067170831.png "style =" float : none; "title =" Screenshot from 2017-04-10 17-54-17.png "alt =" wKioL1jttiGjeegLAAEH-w50Jb0574.png-wh_50 "/>



5. log analysis tool journal

 (1) systemd-journald ## process name

journalctl ## Direct execution, browse system logs



650) this.width = 650; "src =" https://s3.51cto.com/wyfs02/M01/8F/E8/wKiom1jttr-QHHuDAAESHEjZVQY043.png-wh_500x0-wm_3-wmp_4-s_4135630204.png "title =" Screenshot from 2017-04-10 17-57-04.png "alt =" wKiom1jttr-QHHuDAAESHEjZVQY043.png-wh_50 "/>

-n 3 ## Show the latest 3

650) this.width = 650; "src =" https://s4.51cto.com/wyfs02/M02/8F/E7/wKioL1jtuGmhgXoZAADHs6DxeCg188.png-wh_500x0-wm_3-wmp_4-s_4254088973.png "title =" Screenshot from 2017 -04-10 18-07-29.png "alt =" wKioL1jtuGmhgXoZAADHs6DxeCg188.png-wh_50 "/>
-p err ## Display error

650) this.width = 650; "src =" https://s2.51cto.com/wyfs02/M00/8F/E7/wKioL1jtuEvjfVPxAAFno9fbktE527.png-wh_500x0-wm_3-wmp_4-s_3744634401.png "title =" Screenshot from 2017 -04-10 18-07-04.png "alt =" wKioL1jtuEvjfVPxAAFno9fbktE527.png-wh_50 "/>-f ##

650) this.width = 650; "src =" https://s5.51cto.com/wyfs02/M00/8F/E8/wKiom1jtt96B6wiLAAGLV2MHyR8143.png-wh_500x0-wm_3-wmp_4-s_4008483778.png "title =" Screenshot from 2017 -04-10 18-06-48.png "alt =" wKiom1jtt96B6wiLAAGLV2MHyR8143.png-wh_50 "/>-

-since --until ## --since "[YYYY-MM-DD] [hh: mm: ss]" logs from when to when

650) this.width = 650; "src =" https://s1.51cto.com/wyfs02/M01/8F/E7/wKioL1jtt27T4Cw1AAFwdpQektw048.png-wh_500x0-wm_3-wmp_4-s_3904258718.png "style =" float: none ; "title =" Screenshot from 2017-04-10 18-05-51.png "alt =" wKioL1jtt27T4Cw1AAFwdpQektw048.png-wh_50 "/>

650) this.width = 650; "src =" https://s2.51cto.com/wyfs02/M02/8F/E8/wKiom1jtt2_TgUTQAAHw29AOgns318.png-wh_500x0-wm_3-wmp_4-s_2070541369.png "style =" float: none ; "title =" Screenshot from 2017-04-10 18-06-15.png "alt =" wKiom1jtt2_TgUTQAAHw29AOgns318.png-wh_50 "/>


-o verbose ## Show detailed process parameters that can be used by the log

650) this.width = 650; "src =" https://s3.51cto.com/wyfs02/M00/8F/E8/wKiom1jttwvQLZQQAAF0SYRbXgQ499.png-wh_500x0-wm_3-wmp_4-s_2968276618.png "title =" Screenshot from 2017 -04-10 18-05-12.png "alt =" wKiom1jttwvQLZQQAAF0SYRbXgQ499.png-wh_50 "/>

(2) Management of systemd-journald
## By default, this program will ignore the log information before restarting, if not:
mkdir / var / log / journal
chown root: systemd-journal / var / log / journal
chmod 2755 / var / log / journal
killall -1 systemd-journald
ls / var / log / journal / 4513ad59a3b442ffa4b7ea88343fa55f
system.journal user-1000.journal
650) this.width = 650; "src =" https://s5.51cto.com/wyfs02/M00/8F/FF/wKioL1juRbSRsOqSAAEIs1qlUPo116.png-wh_500x0-wm_3-wmp_4-s_3691708802.png "title =" Screenshot from 2017 -04-11 20-06-03.png "alt =" wKioL1juRbSRsOqSAAEIs1qlUPo116.png-wh_50 "/>

6. Time synchronization

Server
yum install chrony -y ## Install the service

vim /etc/chrony.conf ## Main configuration file
21 # Allow NTP client access from local network.
22 allow 172.25.0.0/24 ## Who is allowed to sync my time
27 # Serve time even if not synchronized to any NTP server.
28 local stratum 10 ## Do not sync anyone's time, time synchronization server level

systemctl restart chronyd
systemctl stop firewalld

650) this.width = 650; "src =" https://s3.51cto.com/wyfs02/M01/8F/F
E / wKioL1juRKHxyHfQAAC4_LqTEpk563.png-wh_500x0-wm_3-wmp_4-s_4116789172.png "title =" Screenshot from 2017-04-12 17-04-46.png "alt =" wKioL1juRKHxyHfQAAC4_LqTEpk563.png-wh_50 "/>
2. Client
vim /etc/chrony.conf
  3 server 0.rhel.pool.ntp.orgiburst
  4 server 1.rhel.pool.ntp.orgiburst ====> server ntpserverip iburst
  5 server 2.rhel.pool.ntp.org iburst ====>
  6 server 3.rhel.pool.ntp.orgiburst

systemctl restart chronyd

650) this.width = 650; "src =" https://s2.51cto.com/wyfs02/M00/90/00/wKiom1juRTrBpYGzAADQb0iEYbo537.png-wh_500x0-wm_3-wmp_4-s_1146538489.png "title =" Screenshot from 2017 -04-12 17-07-54.png "alt =" wKiom1juRTrBpYGzAADQb0iEYbo537.png-wh_50 "/>
test:
[[email protected] ~] # chronyc sources -v
210 Number of sources = 1

  .-- Source mode ‘^’ = server, ‘=‘ = peer, ‘#’ = localclock.
 / .- Source state ‘*’ = current synced, ‘+’ = combined, ‘-’ = not combined,
| / ‘?’ = Unreachable, ‘x’ = time maybe in error, ‘~’ = time too variable.
|| .- xxxx [yyyy] +/- zzzz
|| / xxxx = adjusted offset,
|| Log2 (Polling interval)-. | Yyyy = measured offset,
|| \ | zzzz = estimated error.
|| | |
MS Name / IP address Stratum PollReach LastRx Last sample
======================================================== ===============================
^ * 172.25.0.11 10 6 377 41 + 170us [+ 201us] +/- 191us

650) this.width = 650; "src =" https://s1.51cto.com/wyfs02/M00/90/00/wKiom1juQ2eSvem0AAFpZ1Nw4Pk985.png-wh_500x0-wm_3-wmp_4-s_2270510360.png "title =" Screenshot from 2017 -04-12 17-39-11.png "alt =" wKiom1juQ2eSvem0AAFpZ1Nw4Pk985.png-wh_50 "/>
7.timedatectl command
timedatectl status ## Show current time information
            set-time ## Set the current time
            set-timezone ## Set the current time zone
            set-local-rtc 0 | 1 ## Set whether to use UTC time

650) this.width = 650; "src =" https://s2.51cto.com/wyfs02/M00/90/00/wKiom1juRfezus-eAAFNLJbI1Pc240.png-wh_500x0-wm_3-wmp_4-s_2467221231.png "style =" float : none; "title =" Screenshot from 2017-04-11 20-15-17.png "alt =" wKiom1juRfezus-eAAFNLJbI1Pc240.png-wh_50 "/>

650) this.width = 650; "src =" https://s3.51cto.com/wyfs02/M00/8F/FF/wKioL1juRfjCsD0hAADzd6xP3V4527.png-wh_500x0-wm_3-wmp_4-s_1144654381.png "style =" float: none ; "title =" Screenshot from 2017-04-11 20-15-42.png "alt =" wKioL1juRfjCsD0hAADzd6xP3V4527.png-wh_50 "/>

8.rsyslog log classification

vim /etc/rsyslog.conf ## Main configuration file

Configuration content


Service.log level / storage file
*. * / var / log / westos

systemctl restart rsyslog

###format###

Log device (type). (Connection symbol) Log level Log processing method (action)

#### Log device (can be understood as log type): ####
auth ## pam generated logs
authpriv ## ssh, ftp and other login information authentication information
cron ## time task related
kern ## kernel
lpr ## print
mail ## Mail
mark (syslog)-rsyslog ## Internal service information, time mark
news ## 新闻 组
user ## Related information generated by the user program
uucp ## unix to unix copy, related communication between unix hosts
local 1 ~ 7 ## Custom log device

#### Log Level ####
———————————————————————-
debug ## With debug information, most log information
info ## General information log, most commonly used
notice ## Most important general information
warning ## Warning level
err ## Error level, information that prevents a function or module from working properly
crit ## Severity level, information that prevents the entire system or the entire software from working properly
alert ## Information that needs to be changed immediately
emerg ## Kernel crash and other serious information
none ## Record nothing

## Note: From top to bottom, from low to high, less and less information is recorded
## You can view the manual in detail: man 3 syslog

#### 连接 文字 ####
———————————————————————-
.xxx: indicates information of level xxx or higher
. = xxx: indicates information equal to xxx level
.! xxx: Information indicating levels other than xxx

##### Instance ####
1. Record to common file or device file ::
*. * /var/log/file.log # absolute path
*. * / dev / pts / 0
Test: logger -p local3.info ‘KadeFor is testing thersyslog and logger‘ The logger command is used to generate logs

2. Send to user (requires online to receive)
*. * root
*. * root, kadefor, up01 #Use, number to separate multiple users
*. * * # * Indicates all online users

3. Ignore and discard
local3. * ~ # ignore all levels of all local3 types of logs

4. Execute the script ::
local3. * ^ / tmp / a.sh # ^ followed by the absolute path of the executable script or program
                # The log content can be used as the first parameter of the script.
                # Can be used to trigger an alarm


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.