Linux Operations Phase II (13) Log Management

Source: Internet
Author: User
Tags rsyslog

Linux operation and Maintenance Phase II (13) log Management

One,1, in the centos6.x log service replaced by Rsyslogd Syslogd, new features: Based on TCP transport log information , a more secure network transmission mode, a timely analysis framework for log messages, a background database, a simple logical judgment in the configuration file, and a compatible syslogd.

2, the system common log files:/var/log/cron,/var/log/btmp and so on.

Second, the Log service:

1. Format: Event-generated event occurs when the server generates event server name or program name event specific information

2./etc/rsyslog.conf configuration file format: Service name [ connection symbol ] log level log record location

connection symbol:. as long as the log that is higher than the subsequent level (including this level) is recorded, for example:cron.info

. = represents only logs of the required level, no other grades are recorded, for example:*.=emerg

.! The delegate does not equal, except for the level of the log, other levels of the log are recorded

log level:debuginfo notice warning err crit alert Emerg by rank from you to high

Logging Location: (the current log output to which log file is saved)

"The absolute path to the log file, the most common method of saving, for example:/var/log/secure

"System device file,/dev/lp0 represents the first printer.

"Forwarded to remote host:@192.168.0.210:514 (UDP protocol to Port 514, 514 is the default port for log service ); @@192.168.0.210:514(TCP protocol Send)

user name, such as root,the log will be sentto the root, and the "mail.* *" will send all levels of logs generated by the mail service to all online users. If sent to multiple online users, the user name is separated by semicolons; "local3.* ~" If the object to accept the log is ~, this log will not be recorded directly discarded.

Example: Define your own log

#vi/etc/rsyslog.conf

Write *.crit/var/log/alert.log

#service Rsyslog Restart

#ll/var/log/alert.log

device for log server

#vi/etc/rsysylog.conf (server-side settings

$Modload imtcp

$InputTcpserver Run 514 (Uncomment the two lines

#servicersyslog restart

#netstat-tuln | grep 514

#vi/etc/rsyslog.conf (Client settings

* * @@192.168.210:514

Check that the log server is set up:

#useradd AA (on client)

#passwd AA

#vi/var/log/secure (View the host name of the event that occurred

third, the log rotation: The old log file moved and renamed, while creating a new blank log file, when the old log file beyond the scope of the save, will be deleted, renamed to rely on /etc/logrotate.conf dateext Parameters.

add your own logs to the log rotation:

Party One: write the rotation policy directly in the /etc/logrotate.conf file;

Square Two: Create a rotation file in the /etc/logrotate.d/ directory.

Example: by side two:#chattr +a/var/log/alert.log

#vi/var/log/alert.log

/var/log/alert.log{

Weekly

Rotate6

Sharedscripts

Prerotate

/usr/bin/chattr-a/var/log/alert.log

Endscript

Sharescripts

Postrotate

/usr/bin/chattr +a/var/log/alert.log

Endscript

}

#vi/etc/cron.daily/logrotate

/usr/sbin/logrotate/etc/logrotate.conf >/dev/null 2>&1 (logrotate command Determines whether a log rotation condition is met according to the configuration file , log rotation is initiated by cron

#logrotate option profile name

-V (verbose display procedure

-F ( Force mandatory

iv. Log Analysis tool:Logwatch

#cp/usr/share/logwatch/default.conf/logwatch.conf/etc/logwatch/conf/logwatch.conf (Note: default configuration /etc/logwatch /conf/logwatch.conf is empty, to be generated manually)

#logwatch

#mail

From Brother Lian Training


This article is from the "Linux Operational Difficulty Learning notes" blog, please be sure to keep this source http://jowin.blog.51cto.com/10090021/1651995

Linux Operations Phase II (13) Log Management

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.