Linux Learning (31) System log

First, preface

Linux system logs are not used much, we will pick a few more commonly used to talk about.

Second, the classification explanation 2.1/var/log/messages

This is a miscellaneous log that logs many services. Let's open it up and look.

The system logs are automatically cut by default, such as being cut on my machine:

[[Email protected]001 log]# ls/var/log/messages*/var/log/messages           /var/ log/messages-20171219  /var/log/messages-20180122/var/log/messages- 20171215  /var/log/messages-20171224

The configuration file that controls the cut is/etc/logrotate.conf

# See"Mans Logrotate"  fordetails# rotate log files weeklyweekly# keep4weeks worth of backlogsrotate4# CreateNew(empty) log files after rotating old onescreate# use date asa suffix of the rotated filedateext# uncomment This ifwant your log files compressed#compress# RPM packages drop log rotation information into ThisDirectoryinclude/etc/logrotate.d# No packages own wtmp and btmp--We'll rotate them here/var/log/wtmp {Monthly Create0664root utmp minsize 1M rotate1}
...

2.2 DMESG

The contents of this command are stored in memory. The reason for this command is that when the hardware fails, the log is written here.

[[Email protected]001log]# Dmesg|head-nTen[    0.000000] Initializing cgroup subsys cpuset[0.000000] Initializing cgroup subsys cpu[0.000000] Initializing cgroup subsys cpuacct[0.000000] Linux version3.10.0-514. el7.x86_64 ([email protected]) (GCC version4.8.5 20150623(Red Hat4.8.5- One) (GCC)) #1SMP Tue Nov A  -: the: AUtc .[    0.000000] Command line:boot_image=/vmlinuz-3.10.0-514. el7.x86_64 root=uuid=604bc673-7f8d-4355-919f-ed6740a8efc8 ro crashkernel=auto rhgb quiet lang=zh_cn. utf-8[    0.000000] Disabled Faststringoperations[0.000000] E820:bios-provided physical RAM map:[0.000000] bios-e820: [Mem0x0000000000000000-0X000000000009EBFF] usable[0.000000] bios-e820: [Mem0x000000000009ec00-0x000000000009ffff] reserved[0.000000] bios-e820: [Mem0x00000000000dc000-0x00000000000fffff] Reserved

Note that/VAR/LOG/DMESG and DMESG do not have any relationship. /VAR/LOG/DMESG Some of the boot logs for the storage system.

2.3 Last

The last command is used to record a successful login on the server.

[[Email protected]001log]# Last|head-nTenRoot pts/0        192.168.38.1Wed Jan -  -: atStill loggedinchRoot pts/0        192.168.38.1Wed Jan -  -: at- -: at(xx:xx) root pts/2        192.168.38.1Mon Jan A  the: A- -: +(2+xx: $) root pts/3        192.168.38.1Mon Jan A  the: A- the: A(xx:xx) root pts/2        192.168.38.1Mon Jan A  the: +- the: A(xx:xx) root pts/1        192.168.38.1Mon Jan A  the: -- -:xx( Geneva: +) root pts/0        192.168.38.1Tue Dec -  the: -- -: About( -+ Geneva:Geneva) root tty1 Tue Dec -  the:GenevaStill loggedinchReboot system Boot3.10.0-514. el7.x Tue Dec -  the:Geneva- -:Geneva( in+ the:xx) root pts/1        192.168.38.1Sun Dec -  A: -- -: -( to: to)

The last command actually calls the/var/log/wtmp.

2.4 Lastb

LASTB is used to log failed logins.

[[Email protected]001log]# Lastb|head-nTenRoot pts/2Wed Jan -  One: -- One: -(xx:xx) root pts/2Wed Jan -  One: -- One: -(xx:xx) root pts/2Wed Jan -  One: +- One: +(xx:xx)

When our servers are hit by brute force, look here.

2.5/var/log/secure

The security log for the system. For example, our login successes and failures will be recorded here.

Linux Learning (31) System log