Linux Log Analysis

Source: Internet
Author: User
Tags syslog

Connection time log-the connection time log is executed by multiple programs and records are written to/var/log/wtmp and/var/run/utmp. Login and other programs update the wtmp and utmp files so that the system administrator can track who is logged on to the system at any time.
Log format-select the condition and priority.
Error Log -- executed by syslogd (8. Various system Daemon Processes, user programs, and kernels report noteworthy events to files/var/log/messages through syslog (3. There are also many Linux Program Creation logs. Servers that provide network services such as HTTP and FTP also maintain detailed logs.
Connection time log:
Utmp, wtmp, and lastlog log files are the key for most UNIX log subsystems to be reused-keep the records of user logon entry and exit. Information about the previously logged-on user is recorded in the file utmp; logon entry and exit records are recorded in the file wtmp; the last log-on file can be viewed using the lastlog command. Data exchange, shutdown, and restart are also recorded in the wtmp file.
The who, w, users, and ac commands are executed by the system kernel. When a process terminates, each process writes a record to the process Statistics file (pacct or acct. Process statistics are used to provide command usage statistics for basic services in the system.
/Var/log/secure logging into the system, including sshd telnet pop.
Error Log:
Syslog has been adopted by many log functions and is used in many protection measures-any program can record events through syslog. Syslog records system events, writes to a file or device, or sends a message to users. It can record local events or events on another host through the network.
/Etc/syslog. conf file format description
Service name. Record level storage location
The service name includes common services such as httpd and ftpd.
Record level info (information) notice (Recommended information should be followed) warning or warn (warning information) error (error information) Special level such as debug (display debugging information)
Syslog storage location
Absolute path:/var/log
Printer:/dev/lp0
Remote Host: @ 192.168.0.10
The-r option/etc/sysconfig/syslog must be enabled for the remote host.
(Focuses on implementation)
Syslog security attribute settings
Chattr + a/var/log/messages
Lsattr/var/log/message
Only materials can be added, but cannot be deleted. (Only root can be modified, but we may not use lcap to prevent root from being deleted or modified for further explanation)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.