Linux Learning Notes < 23 >--Log system syslog

Syslog Service

SYSLOGD: System, responsible for recording non-kernel generated log information

KLOGD: Kernel, specifically responsible for recording the log information generated by the kernel

Kernel related logs for startup

Kernel---physical terminal (/dev/console)-- /VAR/LOG/DMESG

View related logs for kernel startup

#dmesg

#cat/VAR/LOG/DMESG

Log storage takes a scrolling way (log cut):

Messages Messages.1 Messages.2,...

Configuration file /etc/logrotate.conf

[[email protected] ~]# cat/etc/logrotate.conf # see ' Man logrotate ' for details# rotate log files weeklyweekly# Keep 4 W Eeks worth of backlogsrotate 4# create new (empty) log files after rotating old onescreate# uncomment this if you want R log Files compressed#compress# RPM packages drop log rotation information into this directoryinclude/etc/logrotate.d# n o Packages own wtmp--we ' ll rotate them here/var/log/wtmp {monthly MinSize 1M create 0664 root utmp rotate 1 }

The system initializes the relevant logs for the/sbin/init:

/var/log/messages: System standard error log information, non-kernel-generated boot information, information generated by each subsystem

/var/log/maillog: Log information generated by the mail system

/var/log/secure: Authentication, authorization-related information; Legal and illegal login information

Syslog configuration file:/etc/syslog.conf

The configuration file definition format is: facility.priority action

facility, which can be understood as the source of the log or device currently used by facility, has the following types:

Auth # Certifications related to

Authpriv # permissions, authorization-related

Cron # Tasks related to scheduling

Daemon # daemon-related

Kern # kernel-related

LPR # Print related

Mail # message-related

Mark # tags related to

News # Related

Security # Safety-related, similar to auth

Syslog # Syslog's Own

User # users-related

UUCP # UNIX to UNIX CP related

Local0 to Local7 # user-defined use

* # * means all the facility

The level of the priority log levels, which generally have lower levels (from low to high), the more detailed the records

Debug # Debugging information for a program or system

Info # General Information

Notice # does not affect the normal function, need to note the message

Warning/warn # may affect system functionality and need to alert users of important events

Err/error # error message

Crit # more serious.

Alert # must be dealt with immediately.

Emerg/panic # will cause the system to be unavailable

* # indicates all log levels

None # is the opposite of *, it means nothing.

Location of the action (action) log record

Absolute path on system # Normal file such as:/var/log/xxx

| # pipelines are routed to other command processing

Terminal # Terminals such as:/dev/console

@HOST # remote host such as: @10.0.0.1

User # System user such as: root

* # Log on to all users on the system, general Emerg level logs are defined like this

Examples of defining formats:

Mail.info/var/log/mail.log # indicates mail-related, level info and above records

# Info above level information is recorded in the/var/log/mail.log file

Auth.=info @10.0.0.1 # indicates that auth related, basic info information is recorded to the 10.0.0.1 host.

# If 10.0.0.1 is going to be able to receive log messages from other hosts

user.! =error # Indicates a record of user-related information, excluding the error level

user.! Error # Contrary to User.error

*.info # indicates the info level for logging all log information

Mail.* # indicates that all levels of information related to mail are logged

* * # Records all

Cron.info;mail.info # Multiple log sources can be separated by ";"

Cron,mail.info # and Cron.info;mail.info is a meaning

mail.*;mail.! =info # represents all levels of information related to mail, but does not include the info level

After modifying the configuration file

Service Syslog {restart|reload} is in effect

Linux Learning Notes < 23 >--Log system syslog