Linux Operations Phase II (13) Log Management

Linux operation and Maintenance Phase II (13) log Management

One,1, in the centos6.x log service replaced by Rsyslogd Syslogd, new features: Based on TCP transport log information , a more secure network transmission mode, a timely analysis framework for log messages, a background database, a simple logical judgment in the configuration file, and a compatible syslogd.

2, the system common log files:/var/log/cron,/var/log/btmp and so on.

Second, the Log service:

1. Format: Event-generated event occurs when the server generates event server name or program name event specific information

2./etc/rsyslog.conf configuration file format: Service name [ connection symbol ] log level log record location

connection symbol:. as long as the log that is higher than the subsequent level (including this level) is recorded, for example:cron.info

. = represents only logs of the required level, no other grades are recorded, for example:*.=emerg

.! The delegate does not equal, except for the level of the log, other levels of the log are recorded

log level:debuginfo notice warning err crit alert Emerg by rank from you to high

Logging Location: (the current log output to which log file is saved)

"The absolute path to the log file, the most common method of saving, for example:/var/log/secure

"System device file,/dev/lp0 represents the first printer.

"Forwarded to remote host:@192.168.0.210:514 (UDP protocol to Port 514, 514 is the default port for log service ); @@192.168.0.210:514(TCP protocol Send)

user name, such as root,the log will be sentto the root, and the "mail.* *" will send all levels of logs generated by the mail service to all online users. If sent to multiple online users, the user name is separated by semicolons; "local3.* ~" If the object to accept the log is ~, this log will not be recorded directly discarded.

Example: Define your own log

#vi/etc/rsyslog.conf

Write *.crit/var/log/alert.log

#service Rsyslog Restart

#ll/var/log/alert.log

device for log server

#vi/etc/rsysylog.conf (server-side settings

$Modload imtcp

$InputTcpserver Run 514 (Uncomment the two lines

#servicersyslog restart

#netstat-tuln | grep 514

#vi/etc/rsyslog.conf (Client settings

* * @@192.168.210:514

Check that the log server is set up:

#useradd AA (on client)

#passwd AA

#vi/var/log/secure (View the host name of the event that occurred

third, the log rotation: The old log file moved and renamed, while creating a new blank log file, when the old log file beyond the scope of the save, will be deleted, renamed to rely on /etc/logrotate.conf dateext Parameters.

add your own logs to the log rotation:

Party One: write the rotation policy directly in the /etc/logrotate.conf file;

Square Two: Create a rotation file in the /etc/logrotate.d/ directory.

Example: by side two:#chattr +a/var/log/alert.log

#vi/var/log/alert.log

/var/log/alert.log{

Weekly

Rotate6

Sharedscripts

Prerotate

/usr/bin/chattr-a/var/log/alert.log

Endscript

Sharescripts

Postrotate

/usr/bin/chattr +a/var/log/alert.log

Endscript

}

#vi/etc/cron.daily/logrotate

/usr/sbin/logrotate/etc/logrotate.conf >/dev/null 2>&1 (logrotate command Determines whether a log rotation condition is met according to the configuration file , log rotation is initiated by cron

#logrotate option profile name

-V (verbose display procedure

-F ( Force mandatory

iv. Log Analysis tool:Logwatch

#cp/usr/share/logwatch/default.conf/logwatch.conf/etc/logwatch/conf/logwatch.conf (Note: default configuration /etc/logwatch /conf/logwatch.conf is empty, to be generated manually)

#logwatch

#mail

From Brother Lian Training

This article is from the "Linux Operational Difficulty Learning notes" blog, please be sure to keep this source http://jowin.blog.51cto.com/10090021/1651995

Linux Operations Phase II (13) Log Management