Linux 124 Lesson 10, analyzing storage logs

1. Basic system architecture of logs in Linux 7
Processes and operating system cores when events occur, the events are recorded accordingly;
　　
RHEL7 Two services are responsible for the processing of logs;
Journald can collect relevant log information from the kernel/boot process/standard output/system log/process during operation; The system restarts, the log disappears; The default storage path/run/log/journal

Rsyslog can be saved according to the service type and priority classification log;
After the system restarts, the log does not disappear; The default storage path/var/log
　　
/var/log/message the location of most syslog message records
/var/log/secure log information related to security and authentication
/var/log/maillog Mail-related log information
/var/log/corn Task Scheduling related logs
/var/log/boot.log

JOURNALCTL View Journal related logs
2. View Syslog file entries
(1) Security level of the log
Rsyslog its post-configuration file/etc/rsyslog.conf
　　
The log level can find the appropriate help information through the man Rsyslog.config
Priority code Security information
Debug 0 Debugging level information
Info 1 Informational Event
Notice 2 Normal information, it is important to notify
Wanring 3 Warning Status
ERR 4 A very serious error condition
Crit 5 Serious situation
Alert 6 must take action
Emerg 7 system is not available
　　
Vim/etc/rsyslog.conf
Vim/etc/rsyslog.d

Tail-f/var/log/secure
Tail-f/var/log/message

Custom log files (not very readable)
cd/etc/rsyslog.d/
Touch debugtest.conf
Vim debugtest.conf
Local7.debug/var/log/debug-message
Systemctl Restart Rsyslog.service
Logger-p Local7.debug "This is Debug-message test"
　　
Polling for logs: Logrotate
Prevents log file space from being filled, and automatically backs up log files;
　　
Location of the configuration file vim/etc/logrotate.conf

Weekly poll once a week
Hourly
Daily
Datefomate
Rotate 4 Number of backups, backed up four times
Create whether a new log file is created
Dateext whether to write date
Compress whether to compress log files
Missingok error is ignored during log polling

Include/etc/logrotate.d
/var/log/corn
/var/log/maillog
/var/log/messages
{sharedscripts
Postrotate
Endscript}
　　
Mans Logrotate
Systemctl Restart Rsyslog.service

3. Discover and interpret log records in the system log contents.

Cd/run/log/jorunal jorunal Log viewing is not directly viewing the contents of a file in jorunal
Journal Log self-indexing feature

Journalctl View all the journal logs
Journalctl--with options
-F
--since "2016-10-15"--until "2016-10-16"
--priority related logs by priority type
--unit Rsyslog.service
--unit Sshd.service
_uid=1000
　　

Configure Systemd-journald logs, which are stored on disk rather than in memory.
Create a directory in/var/log Journal
mkdir journal default as root to manage this folder
cat/etc/passwd | grep Journal
Cat/etc/group | grep Journal
systemd-journal:x:190: Managing with Systemd-journal group permissions
Chown:systemd-journal Journal
chmod 2755 jorunal/
Ls-ld/run/log/journal
　　
KILLALL-USR1 Systemd-journald

4, time synchronization and time zone configuration
Date-s modification time, temporary effect

Timedatectl can see the current time state of the system
Timedatectl set-time "2010-08-08 08:00:00" setting time, reboot still in effect
Set-timezone Asia/dubai
　　
Tzselect Querying time zone queries timezone

NTP Network Time Protocol, dedicated to and network time service synchronization time;
Timedatectl set-ntp True to turn on NTP functionality

Service name Chronyd.service used by NTP
Configuration file for NTP service
Vim/etc/chrony.conf
Sesrver classroom.example.com Inbrust
Systemctl Restart Chronyd.service
CHRONYC source-v See client details

Linux 124 Lesson 10, analyzing storage logs