1 OK start rsyslogd service
PS aux | grep rsyslogd See if the service is started
chkconfig--list | grep rsyslog See if the service is self-booting
2 The role of common logs
log file |
description |
/var/log/cron |
System timer task related log |
/var/log/cups |
print Infolog |
/var/log/dmesg |
System boot-time kernel self-test information, can also be directly viewed with the DMESG command |
/V Ar/log/btmp |
Error logging Binaries, using the LASTB command to view |
/var/log/lastlog |
User last Login time log Binary file, use Lastlog command to view |
/var/log/mailog |
Mail information |
/var/log/message |
system Critical Information log |
/var/log/secure |
record authentication and authorization information |
/var/log/wtmp |
Log all user login and logoff information while recording system startup, restart, shutdown events Binaries, using the last command to view |
/var/run/utmp |
Record user information that is currently logged Use W, who, users, and more to query |
Note: In addition to the system default logs, System services installed in RPM will also default to logging in the/var/log/directory. However, these logs are not recorded and managed by the RSYSLOGD service, but each service uses its own log management documentation to log itself.
Second, RSYSLOGD Log service 1st Journal file format
Time the event was generated
The server host name of the event that occurred
The service name or program name that generated the event
Specific information about the event
2/etc/rsyslog.conf configuration file
Format: service name [connection symbol] Log level log record location
Service Name |
Description |
Auth |
Security and certification related information (deprecated, authpriv substitution) |
Authpriv |
Security and certification related information (private) |
Cron |
System timed tasks Cront and at-generated logs |
Daemon |
Logs related to each daemon |
Ftp |
Log generated by the FTP daemon |
Kern |
Log generated by the kernel (not generated by user processes) |
Local10-local7 |
Services reserved for local use |
Lpr |
Print the resulting log |
Mail |
Send and receive messages |
News |
News server-related logs |
Syslog |
Log information generated by the SYSLOGD service |
User |
Log information for the user level category |
Uucp |
Log information for the UUCP subsystem |
Connection symbols |
Description |
. |
Represents as long as the log that is higher than the subsequent level is recorded |
.= |
Represents only the log of the required level |
.! |
Represents other levels of logs, except for the level of logs, which are recorded |
Note: ". *" means all logs
Log level |
Description |
Debug |
General Instructions for debugging information |
Info |
Basic notification Information |
Notice |
General information, but it is of some importance |
Warning |
Warning message, but does not affect the operation of the service or system |
Err |
Error messages, which generally reach the err level can affect the operation of the service or system |
Crit |
Critical condition information, more severe than err |
Alert |
Warning status information, more serious than crit, must take immediate action |
Emerg |
Pain level information, system is no longer available |
Third, the log rotation
1st log file naming rules
If you have the "Dateext" parameter in the configuration file, the log is named by date, such as "secure-20180310"
If there is no "dateext" parameter in the configuration file, the log is named, such as "Secure.1"
Linux Learning-Log management