Linux Learning-Log management

1 OK start rsyslogd service

　　PS aux | grep rsyslogd See if the service is started

　　chkconfig--list | grep rsyslog See if the service is self-booting

2 The role of common logs

log file	description
/var/log/cron	System timer task related log
/var/log/cups	print Infolog
/var/log/dmesg	System boot-time kernel self-test information, can also be directly viewed with the DMESG command
/V Ar/log/btmp	Error logging Binaries, using the LASTB command to view
/var/log/lastlog	User last Login time log Binary file, use Lastlog command to view
/var/log/mailog	Mail information
/var/log/message	system Critical Information log
/var/log/secure	record authentication and authorization information
/var/log/wtmp	Log all user login and logoff information while recording system startup, restart, shutdown events Binaries, using the last command to view
/var/run/utmp	Record user information that is currently logged Use W, who, users, and more to query

Note: In addition to the system default logs, System services installed in RPM will also default to logging in the/var/log/directory. However, these logs are not recorded and managed by the RSYSLOGD service, but each service uses its own log management documentation to log itself.

Second, RSYSLOGD Log service 1st Journal file format

　　　　Time the event was generated

The server host name of the event that occurred

The service name or program name that generated the event

Specific information about the event

2/etc/rsyslog.conf configuration file

　　

Format: service name [connection symbol] Log level log record location

Service Name	Description
Auth	Security and certification related information (deprecated, authpriv substitution)
Authpriv	Security and certification related information (private)
Cron	System timed tasks Cront and at-generated logs
Daemon	Logs related to each daemon
Ftp	Log generated by the FTP daemon
Kern	Log generated by the kernel (not generated by user processes)
Local10-local7	Services reserved for local use
Lpr	Print the resulting log
Mail	Send and receive messages
News	News server-related logs
Syslog	Log information generated by the SYSLOGD service
User	Log information for the user level category
Uucp	Log information for the UUCP subsystem

Connection symbols	Description
.	Represents as long as the log that is higher than the subsequent level is recorded
.=	Represents only the log of the required level
.!	Represents other levels of logs, except for the level of logs, which are recorded

Note: ". *" means all logs

　　

Log level	Description
Debug	General Instructions for debugging information
Info	Basic notification Information
Notice	General information, but it is of some importance
Warning	Warning message, but does not affect the operation of the service or system
Err	Error messages, which generally reach the err level can affect the operation of the service or system
Crit	Critical condition information, more severe than err
Alert	Warning status information, more serious than crit, must take immediate action
Emerg	Pain level information, system is no longer available

Third, the log rotation

1st log file naming rules

If you have the "Dateext" parameter in the configuration file, the log is named by date, such as "secure-20180310"

If there is no "dateext" parameter in the configuration file, the log is named, such as "Secure.1"

Linux Learning-Log management