Tags: linux
#### 1. System log default classification ####
/ var / log / messages ## System services and logs, including service information, errors, etc.
/ var / log / secure ## System authentication information log
/ var / log / maillog ## System mail service information
/ var / log / cron ## System scheduled task information
/var/log/boot.log ## System boot information
#### 2. Log Management Service rsyslog ####
1.rsyslog is responsible for collecting logs and storing logs in categories
2.rsyslog log classification
vim /etc/rsyslog.conf ## Main configuration file
Service.log level / storage file
*. * / var / log / westos
systemctl restart rsyslog
###format###
Log device (type). (Connection symbol) Log level Log processing method (action)
#### Log device (can be understood as log type): ####
auth ## pam generated logs
authpriv ## ssh, ftp and other login information authentication information
cron ## time task related
kern ## kernel
lpr ## print
mail ## Mail
mark (syslog)-rsyslog ## Internal service information, time mark
news ## News group
user ## Related information generated by the user program
uucp ## unix to unix copy, related communication between unix hosts
local 1 ~ 7 ## Custom log device
#### Log Level ####
———————————————————————-
debug ## With debug information, most log information
info ## General information log, most commonly used
notice ## Most important general information
warning ## Warning level
err ## Error level, information that prevents a function or module from working properly
crit ## Severity level, information that prevents the entire system or the entire software from working properly
alert ## Information that needs to be changed immediately
emerg ## Kernel crash and other serious information
none ## Record nothing
## Note: From top to bottom, from low to high, less and less information is recorded
## You can view the manual in detail: man 3 syslog
#### Connection text ####
———————————————————————-
.xxx: indicates information of level xxx or higher
. = xxx: indicates information equal to xxx level
.! xxx: Information indicating levels other than xxx
##### Instance ####
1. Record to common file or device file ::
*. * /var/log/file.log # absolute path
*. * / dev / pts / 0
Test: logger -p local3.info ‘KadeFor is testing the rsyslog and logger‘ The logger command is used to generate logs
2. Send to user (requires online to receive)
*. * root
*. * root, kadefor, up01 # use, number to separate multiple users
*. * * # * Indicates all online users
3. Ignore and discard
local3. * ~ # ignore all levels of all local3 types of logs
4. Execute the script ::
local3. * ^ / tmp / a.sh # ^ followed by the absolute path of the executable script or program
# The log content can be used as the first parameter of the script.
# Can be used to trigger an alarm
#### LOGSYNC ####
systemctl stop firewalld ## Close the fire wall of the two hosts
Configure log sender
*. * @ 172.25.0.11 ## Send logs to 11 hosts via udp protocol, @udp, @@ tcp
Configure log acceptor
15 $ ModLoad imudp ## Log receiving plugin
16 $ UDPServerRun 514 ## Port used by log receiving plugin
udp 0 0 0.0.0.0:514 0.0.0.0:* 0 122073 32654 / rsyslogd
udp6 0 0 ::: 514 ::: * 0 122074 32654 / rsyslogd
> / var / log / messages ## Make both sides
logger test message ## Log sender
tail -f / var / log / message ## Log receiver
#### Log collection format ####
$ template WESTOS, "% timegenerated%% FROMHOST-IP%% syslogtag%% msg% \ n"
% FROMHOST-IP% ## show host ip
% syslogtag% ## Logging target
% msg% ## Log content
\ n ## Newline
$ ActionfileDefaultTemplate WESTOS
* .info; mail.none; authpriv.none; cron.none / var / log / messages; << WESTOS >>
#### 3.Log analysis tool journal #####
systemd-journald ## Process name
journalctl ## Direct execution, browse system logs
-n 3 ## Show the latest 3
-p err ## Display error
-f ## monitor log
--since --until ## --since "[YYYY-MM-DD] [hh: mm: ss]" logs from when to when
-o verbose ## Show detailed process parameters that can be used by the log
## _ SYSTEMD_UNIT = sshd.serviceservice name
## _ PID = 1182 process pid
Management of systemd-journald
## By default, this program will ignore the log information before restarting, if not:
mkdir / var / log / journal
chown root: systemd-journal / var / log / journal
chmod 2755 / var / log / journal
killall -1 systemd-journald
ls / var / log / journal / 4513ad59a3b442ffa4b7ea88343fa55f
system.journal user-1000.journal
#### 4. time sync ####
Server
yum install chrony -y ## Install the service
vim /etc/chrony.conf ## Main configuration file
21 # Allow NTP client access from local network.
22 allow 172.25.0.0/24 ## Who is allowed to sync my time
27 # Serve time even if not synchronized to any NTP server.
28 local stratum 10 ## Do not sync anyone's time, time synchronization server level
systemctl restart chronyd
systemctl stop firewalld
2. Client
vim /etc/chrony.conf
3 server 0.rhel.pool.ntp.org iburst
4 server 1.rhel.pool.ntp.org iburst ====> server ntpserverip iburst
5 server 2.rhel.pool.ntp.org iburst ====>
6 server 3.rhel.pool.ntp.org iburst
systemctl restart chronyd
test:
[[email protected] ~] # chronyc sources -v
210 Number of sources = 1
.-- Source mode ‘^’ = server, ‘=‘ = peer, ‘#’ = local clock.
/ .- Source state ‘*’ = current synced, ‘+’ = combined, ‘-’ = not combined,
| / ‘?’ = Unreachable, ‘x’ = time may be in error, ‘~’ = time too variable.
|| .- xxxx [yyyy] +/- zzzz
|| / xxxx = adjusted offset,
|| Log2 (Polling interval)-. | Yyyy = measured offset,
|| \ | zzzz = estimated error.
|| | |
MS Name / IP address Stratum Poll Reach LastRx Last sample
======================================================== ===============================
^ * 172.25.0.11 10 6 377 41 + 170us [+ 201us] +/- 191us
#### 5.timedatectlCommand ####
timedatectl status ## Show current time information
set-time ## Set the current time
set-timezone ## Set the current time zone
set-local-rtc 0 | 1 ## Set whether to use UTC time
This article comes from the "13122425" blog, please be sure to keep this source
Linux cloud automation operation and maintenance basics 10 (log synchronization and time synchronization)