##############################################
############# #第十单元 #########################
##############################################
1.RSYSLOGD Service (SYSLOGD enhanced version)
RSYSLOGD service function is used to manage system logs
Function:
1) write the log directly to the database
2) Log queue (memory queue and Disk queue)
3) template mechanism, you can get a variety of output formats
4) Plug-in structure, a variety of input and output modules
2. Service Configuration
/etc/rsyslog.conf # # #服务配置文件
vim/etc/rsyslog.conf # # #服务配置
Format: Service.loglevel logfile
*. */var/log/all.log # #所有服务的所有级别的所有日志都放到/var/log/all.log
Systemctl Restart Rsyslog # # #重新加载rsyslog
Man 5 rsyslog.conf # # #查看rsyslog. conf format
3. Log type:
Log generated by Auth:pam
Login verification information such as Authpriv:ssh,ftp
Cron: Time Task related
Kern: Kernel
LPR: Printing
Mail: Message
News: Newsgroups
User: Related information generated by your program
UUCP: Communication information between hosts
4. Log level:
Debug: Debugging information, log information up to
Info: General Information log
Notice: The most important general condition information
Warning: Warning Level
ERR: Error level, preventing a feature module from functioning
Crit: Critical level prevents the entire system or software from working properly
Alert: Information that needs to be modified immediately
Emerg: Critical information such as kernel crashes
None: Nothing is recorded
############## #日志同步 #####################
1.
In the log receiver
Vim/etc/rsyslog.conf
$ModLoad IMUDP # # #加载日志接收功能模块
$UDPServerRun 514 # # #加载日志接收端口
In the log sender
* * @ Log receiver IP
Finish configuring the Restart RSYSLOGD service
Systemctl Stop FIREWALLD # # #关闭接受方的火墙
2.
Rsyslog as a traditional syslog service, logs are collected in the/var/log/directory
The common log files are as follows:
/var/log/message # #绝大多数系统日志都记录在这里
/var/log/secure # #所有跟安全, the certification authority is recorded here
/var/log/maillog # #邮件服务日志
/var/log/cron # #计划任务日志
/var/log/boot.log # #系统启动的相关任务
############# #日志分析 ###################
Systemd-journal is an improved log management service that collects logs from the kernel, the early boot phase of the system, standard output and error messages in the boot and run of the system daemon.
Journalctl # # #日志分析命令
Journalctl-f # #监视系统日志变化
Journalctl-b # #显示系统启动以后的日志
Journalctl-n 5 # #查看最近生成的5条日志
Journalctl-p Err # #查看系统报错信息
Journalctl--since=22:00:00--until=22:00:01 # # #查看某个时间段生成的日志
Journalctl-o Verbose # # #查看日志能够使用的详细条件参数信息
Explain:
_uid= # #进程uid
_pid= # #进程id
_gid= # #进程gid
_hostname= # #进程所在主机
_systemd_unit= # #服务名称
_comm= # #命令名称
/etc/systemd/journal.conf # #配置文件
############# #日志监控工具的设定 ################
By default Journalctl is unable to see logs generated between shutdowns if you want to detect such log settings as follows:
[[Email protected] ~] #mkdir/var/log/journal
[[Email protected] ~] #chown root:systemd-journal/var/log/journal # #设置目录所有者为root, owning group is systemd-journal
[[Email protected] ~] #chmod 2755/var/log/journal # #g +s, executed as the owning group
Send the USR1 signal to the Systemd-journald or reboot Serverx.
[[Email protected] ~] #killall-usr1 Systemd-journald # #因为systemctl-journal is static state, dependent on other programs to start
[[Email protected] ~] #ls/var/log/journal/4513ad59a3b442ffa4b7ea88343fa55f
# #4513ad ... 55FF for directory, inside by system.journal file
ll-d/var/log/journal/4513ad59a3b442ffa4b7ea88343fa55f # #查看权限
du-sh/var/log/journal/4513ad59a3b442ffa4b7ea88343fa55f # #查看大小
################# #如何同步系统时间 ##################
1. Determine the time source address
172.25.254.254
2. Determine the time synchronization service used by the client host Chronyd.service
Rpm-qa|grep Chrony # #查询时间同步服务是否安装
3. Load the time source address in the Chronyd.service service
Vim/etc/chrony.conf
Server 172.25.254.254 Iburst # #172.25.254.254 Time Source Address
Systemctl Restart Chronyd.service # #重起时间同步服务
4.
Systemctl Stop Firewalld.service # #关闭源的防火墙
Modify in Source location: vim/etc/chrony.conf
22 line Allow IP # #允许这个ip同步时间
29 lines local Stratum # #取消注释
Systemctl Restart Chronyd.service
Chronyc Sources-v # #查看时间同步源
Chronyc Sourcestats-v # #查看时间同步源状态
###################### #日期时间的修改 ###################
The TIMEDATECTL command is used to query the system clock and settings to modify the date, time and time zone, or to synchronize with the remote NTP server automatic system clock.
Timedatectl List-timezones # #列出时区
Timedatectl Set-timezone "Asia/shanghai" # #设定时区为Asia/shanghai
Timedatectl set-time HH:mm:ss # #设定系统时间
Timedatectl set-time YY-MM-DD # #设定年与日
Eg:timedatectl set-time ' 2016-7-22 11:11:11 ' # #同时设置年-month-day time: minutes: seconds, need to add '
This article is from the "12148275" blog, please be sure to keep this source http://12158275.blog.51cto.com/12148275/1897824
Linux Learning Notes-log analytics manage sync, modify time, Sync time