I. Introduction to log Management
Log service
The log service in CentOS 6.x has replaced the original SYSLOGD service by RSYSLOGD. RSYSLOGD Log service More advanced, more features. However, regardless of the use of the service, or the format of the log file is actually compatible with the SYSLOGD service, so learning basic and SYSLOGD services consistent.
New features of RSYSLOGD:
Transmit log information based on TCP network protocol;?
More secure network transmission mode;
A framework for timely analysis of log messages;
Background database;?
The configuration file can write simple logic judgment;?
Compatible with syslog configuration files.
Log file
log File |
Description |
/var/log/cron |
Logs related to system timing tasks are recorded. |
/var/log/cups/ |
Log the printing information |
/var/log/dmesg |
The kernel self-test information is recorded when the system is powered on. You can also use the DMESG command to view kernel self-test information directly. |
/var/log/btmp |
Logs logging of incorrect logins. This file is a binary file and cannot be viewed directly from VI, but to be viewed using the LASTB command. |
/var/log/lastlog |
Logs that record the last logon time for all users in the system. This file is also a binary file, not directly VI, but to use the Lastlog command to view. |
/var/log/maillog |
Log message information. |
/var/log/message |
Log records of important system information. This log file will record most important information of Linux system, if the system has problems, the first thing to check is this log file. |
/var/log/secure |
Record authentication and authorization information as long as the program that involves the account and password is recorded. For example, system login, SSH login, su switch user, sudo authorization, even add user and modify user password will be recorded in this log file. |
/var/log/wtmp |
Record all users ' logon and logoff information, and record the system startup, restart and shutdown events. Also this file is a binary file, cannot be directly VI, and need to use the last command to view. |
/var/run/utmp |
Records information about a user who is currently logged on. This file will change as the user logs on and off, logging only the information of the currently logged-on user. Also this file can not be directly VI, but to use w,who,users and other commands to query. |
Linux Basics: Log Management