How to view log information in a Linux system

log files are files used to record various running messages in a Linux system, and different log files record different types of information, which can be helpful in diagnosing and resolving problems in the system.

Parsing log files

There are three types of log data: Kernel and system log, user log, program log

#对于大多数的文本格式的日志文件, you can view log content using commands such as tail, more, less, and cat

#对于一些二进制格式的日志文件 (e.g. user log files), using who, W, users, last, LASTB, etc.

Kernel and System log configuration file for/etc/rsyslog.conf, by viewing the contents of the file, you can learn the system's default log file storage path

Common Log files

/var/log/message system startup information and error log, which is one of the most commonly used logs in red Hat Linux

/VAR/LOG/DMESG various event information in the boot process of Linux system

/var/log/secure Record security event information related to user authentication

/var/log/lastlog record each user's recent login status

/var/log/wtmp record each user login, logoff, system startup and shutdown events

/var/log/btmp logging failed, incorrect login attempts, and validation events

/var/log/maillog message-related log information

/var/log/cron log information related to timed tasks

/var/log/spooler log information related to UUCP and news devices

/var/log/boot.log Daemon starts and stops related log messages

Commands to view log files

Cat command: Displays the entire file

-N or –number the number of rows for all outputs starting from 1
-B or –number-nonblank and-n similar, except for blank lines not numbered
-S or –squeeze-blank when you encounter a blank line that has more than two consecutive lines, replace the blank line with one line
-V or –show-nonprinting

More command: View the log as a percentage

Less command: Similar to more functions, except that less supports flipping through files before and after

 

head command: Start viewing from the head of a text file to see the beginning of a text file

    -n       Specify how many rows need to be displayed       

tail command: Starting at the end of a text file, you can display a few lines of the text file

     -n       Specify how many rows to display     

     -f       Automatically display new file contents

-N 50-F Displays the following 50 lines of the file and automatically displays the contents of the new file after the contents of the file have been increased
The last command is very useful, especially when monitoring log files, you can always display the new log information on the screen

The users command: Displays the name of the user currently logged in, one login session per display user name

Who command: Displays each user information currently logged in to the system

W command: Displays the current user per user and the process information they are running

Last command: Query successful login to the system user information, the latest situation is displayed in the front

LASTB command: Query login failed user records, such as user name, password errors are recorded, is a security event, you can also query from the security log/var/log/secure related information

This article is from the "Yang Shufan" blog, make sure to keep this source http://yangshufan.blog.51cto.com/13004230/1951220

How to view log information in a Linux system