Linux Common Login file name

The login file can help us understand many of the system's important events, including some information about the login, so the permissions to log in to the file are usually set to read only by Root . and because the login file can record the system so much more detailed information, so, an experienced host administrator will be on the go to check their own log files, to keep abreast of the system's latest pulse! So what are some of the most common log files? Generally, there are several:

?? /var/log/cron: Remember the 16th chapter of routine work schedule? Does your crontab schedule actually carry on? did the process occur without errors? Is your/etc/crontab written correctly? Check in this log in file.

/VAR/LOG/DMESG: records the information generated by the core detection process when the system is powered on. Since CentOS will default to boot the core hardware detection process to suppress the display, so the additional data recorded in this file;

/var/log/lastlog: You can record information about the last time the system was logged in to the system . The lastlog instruction in the 14th Chapter is to use the record information of this file to display.

/var/log/maillog or/var/log/mail/* record the correspondence of the Mail, in fact, the main record sendmail (SMTP and Dovecot (POP3 protocol Provider) are two sets of software to reach a communication agreement.

/var/log/messages: This file is very important, almost the system error message ( or important information) will be recorded in this file; if the system has an inexplicable error, this file is one of the login files that must be consulted.

/var/log/secure: Basically, as long as it involves the "need to enter account password" software, then when logged in ( regardless of login correct or error) will be recorded in this file. including the system login program, graphical interface login using the GDM program, su, sudo and other programs, as well as network online ssh, telnet and other programs, login information will be recorded here;

/var/log/wtmp,/var/log/faillog: These two files can record the account information (wtmp) of the person who logged in the system correctly and the information (Faillog) that was used when the error was logged in. The last thing we talked about in chapter 11th is to read the wtmp to show, which is very helpful for tracking the usage behavior of general account users!

/var/log/httpd/*,/var/log/news/*,/var/log/samba/*: different Web services use their own log-in files to record the messages they generate! The above-mentioned directory is a login file developed by individual services.

The common login files are these, but unlike Linux distributions, the file names are usually not the same (except for /var/log/messages ). So, you still have to check the login file settings on your Linux host to know the main file name of your login!

Related services (daemon) and procedures required for login

To summarize, the services and programs we need for the login file are:

? SYSLOGD: The main login system and network services such as information;

? KLOGD: Information generated by the main login core;

? logrotate: Mainly in the rotation function of the login file.

There are many login files that are worth checking out, especially the content of/var/log/messages. A good system administrator, often to "patrol" the contents of the log file Oh! In particular, the following situations occur:

? When you think the system seems to be not normal;

? A daemon is always unable to start normally;

? A user is always unable to log in;

? A demon execution process is always not smooth;

syslogd : Logging Services for log-in Files

Just mentioned that the Linux log file is mainly by Syslogd in charge, in general, the system generated messages through the Syslog and recorded data, each message will be recorded in the bottom of a few important data:

? The date and time the event occurred;

? the hostname of the event that occurred;

? Start the service name for this event ( such as samba, xinetd, etc.) or function name ( such as Libpam.) ;

? The actual data content of the message.

Of course, the "verbosity" of this information can be modified, and this information can be used as a system for debugging only! For example , we will record the/var/log/secure of account information when we log in.

syslog configuration file:/etc/syslog.conf

This configuration file is syslogd this daemon profile! Basically, the syslog for various services and messages recorded in the profile of some files is/etc/syslog.conf, which stipulates "(1) what service (2) What level of information (3 ) need to be recorded where (device or file) "These three boom, so the set syntax is this:

service name and specific level please consult the bird's private cuisine or consult the Help documentation In addition, each Linux distributions syslog.conf setting difference is quite big, if you want to find the corresponding login information, you have to check the/etc/syslog.conf this file! Otherwise, the information may be analyzed to the wrong!