Linux log files
Configuration file format
Device name. level, device name. Level position (between the level and position to be tab separated)
Log level
Emerge
Alert
Crit
Err
Warning
Notice
Info
Debug
Mail.err mail level is equal to or higher than err, log logging
Mail.=err mail level equals err before logging
* Indicates all log devices and log levels
None means ignore all!
Deamon.* indicates that all levels of logs are sent to the daemon device
*.emerge indicates that the Emerg level log is sent to all devices
Kern.none indicates that all kernel logs are ignored
Common Log Locations
File name: Save the log information to a local file, the files must be given an absolute path
*: Send log information to all terminals that are currently logged on by users
User list: Send log information to some users, separated by user name
/dev/console; Send log messages to the console
@ host name or IP sends log information to the remote host, which is accepted by the SYSLOGD process of the remote host
|< program name;: Send log information to another program via pipeline
Dump of log:
Logrotate: Dump, compress, delete, backup
Login log:
/var/log/lastlog lastlog Command View
/var/log/wtmp who command view, current online user information
/var/run/utmp w Command View
Bookkeeping function, recording user-used command installation PSACCT
Log storage location:/var/accout/pacct
Starting method;
Service Psacct Start
/etc/rc.d/init.d/psacct start
Accton/var/account/pacct
Stop method:
Accton without any parameters
View commands Lastcomm based on/VAR/ACCOUNT/PACCT
/usr/bin/sa can count the amount of CPU time that a previously executed command has consumed, and
Provides consumption information for system resources and is useful for identifying certain suspicious commands that consume a large amount of CPU time
Based on/VAR/ACCOUNT/PACCT
/USR/BIN/AC based on/var/log/wtmp statistics user online time, in hours
Ac
Ac-d
Ac-p
Log Analysis Tool
Logcheck periodic analysis logs based on Crond
Swatch; CPAN used a lot of Perl modules.
Download Perl modules from http://www.cpan.org
This article from "It Network Tanuvi" blog, declined reprint!
Linux log files