Linux logs and Chrony time synchronization

First, the system default log classification

/var/log/messages	System services and logs, including service information, error, etc.
/var/log/secure	System Authentication Information Log
/var/log/maillog	System Mail Service Information
/var/log/cron	System Timer Task Information
/var/log/boot.log	System Boot Information

second, log Management servicesRsyslog

1,Rsyslog is responsible for collecting logs and classification of storage logs

2.rsyslog Log Classification

vim/etc/rsyslog.conf # # Master config file

service . log level / storage file

* */var/log/westos

Systemctl Restart Rsyslog ( Enterprise 7 startup method, Enterprise 6 with /etc/init.d/rsyslogretart)

format: Log device ( type ). ( connection symbol ) log-level log processing mode (action)

1"Log device ( can be understood as log type )

Auth	the day that Pam produces
Authpriv	ssh,ftp verification information such as login information
Cron	Time Task related
Kern	Kernel
Lpr	Print
Mail	Mail
Mark (syslog) – Rsyslog	information inside the service , Time Identification
News	News Group
User	Unix to UNIX copy, Unix host-related
Uucp	Custom Log Devices
Local1~7	Local1~7

2"Log level

Debug	With modal information, log information is the most
Info	Information-like logs, most commonly used
Notice	Information of the most important general conditions
Warning	Warning Level
Err	Error level, information that prevents a feature or module from working correctly
Crit	Critical level, information that prevents the entire system or the entire software from working properly
Alert	Information that needs to be modified immediately
Emerg	Critical information such as kernel crashes
None	Nothing is recorded.

Note: From top to bottom, level from low to high, and less information is recorded

# # details can be viewed in manual : Man 3 syslog

3"Connection symbol

. XXX: indicates information greater than or equal to XXX level

. =xxx: Represents information equal to XXX level

.! XXX: Information indicating the level outside of XXX

third, the log management instance

1. log records to a normal file or device file ::

* */var/log/file.log # Absolute path

* */dev/pts/0

Test : The Logger command is used to generate the log

2. send the log to the user (need to be online to receive )

*. * Root

* * ROOT,KADEFOR,UP01 # use , number to separate multiple users

* * * #* indicates all online users

3. Ignore , discard

local3.* ~ # ignores all levels of logs for all LOCAL3 types

4. execute the script :

local3.* ^/tmp/a.sh

^ followed by the absolute path of the executable script or program , The log content can be used as the first parameter of the script , which is used to trigger an alarm

Four, log synchronization

Systemctl STOPFIREWALLD # # Turn off the firewall of two hosts

1. Configure the Log sender

*. * @172.25.0.11 # # send logs to one host via UDP protocol

The IP address is preceded by an "@", which represents the UDP protocol transmission , two"@@", representing the transmission using the TCP protocol.

2. Configure the Log receiver

$ModLoad IMUDP # # log Receive plugin

$UDPServerRun 514 # # # log receive plugin use port

Netstat-anulpe | grep Rsyslog # #查看服务的端口udp 0 0 0.0.0.0:514 0.0.0.0:* 0 122073 32654/rsyslogd udp6 0 0:: : 514:::* 0 122074 32654/rsyslogd

3. Testing

>/var/log/messages # # # on Both sides, log files are all emptied, can be easily observed

Logger Test Message # # log Sender

Tail-f/var/log/message # # log receiver

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M01/9C/C7/wKioL1l15rDiIJcpAACpCct4-BU328.png "title=" 1.png "alt=" Wkiol1l15rdiijcpaacpcct4-bu328.png "/>

4. Log Collection Format

$template Westos, "%timegenerated%%fromhost-ip%%syslogtag%%msg%\n"

%timegenerated% # # Show Log Time

%fromhost-ip% # # display host IP

%syslogtag% # # log records target

%msg% # # Log Content

\ n # line break

$ActionfileDefaultTemplate westos*.info;mail.none;authpriv.none;cron.none/var/log/messages; Westos

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M01/9C/C8/wKiom1l150LwtWWkAABJbcfbIc4318.png "title=" 2.png "alt=" Wkiom1l150lwtwwkaabjbcfbic4318.png "/>

Five,.Log Analysis ToolJournal

Systemd-journald # # Process name

JOURNALCTL # # Direct execution, browse system log

-N 3 # # show the latest 3 articles

-P Err # # Show Error

-F # # monitoring Log

--since--until # #--since "[YYYY-MM-DD] [Hh:mm:ss]" from what time to what time of the log

-O Verbose # # displays detailed process parameters that the log can use

# #_SYSTEMD_UNIT =sshd.service service name # #_PID =1182 process PID

Management of Systemd-journald

# # By default, this program ignores the log information before restarting, such as not ignoring:

Mkdir/var/log/journalchown Root:systemd-journal/var/log/journalchmod 2755/var/log/journalkillall-1 Systemd-journaldls/var/log/journal/4513ad59a3b442ffa4b7ea88343fa55fsystem.journal user-1000.journal

Six.Time Synchronization

1. Service-side

Yum install chrony-y # # Installation Services ( Enterprise 6 not )

vim/etc/chrony.conf # # Master config file

# Allow NTP Client access from Localnetwork. Allow 172.25.0.0/24 to #允许谁去同步我的时间 # Serve time even if not synchronized Toany NTP server. Stratum local #不去同步任何人的时间, time synchronization server level

Systemctl Restart Chronyd systemctl Stop Firewalld

2. Client

Vim/etc/chrony.conf

3server 0.rhel.pool.ntp.org iburst 4server 1.rhel.pool.ntp.org iburst====> server Ntpserverip iburst 5server 2.RHEL.P ool.ntp.org iburst====> 6server 3.rhel.pool.ntp.org iburst

Systemctl Restart Chronyd

Test:

[Email protected] ~]# Chronyc sources-v

Sources = 1

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M02/9C/C8/wKioL1l16Z7Tkws2AABZ2ENTTeY779.png "title=" 3.png "alt=" Wkiol1l16z7tkws2aabz2enttey779.png "/>

3. Time setting Command Timedatectl

Timedatectl Status # # displays current time information

Set-time # # Set Current time

Set-timezone # # Setting the current time zone

SET-LOCAL-RTC 0|1 # # Set whether to use UTC Time

This article is from the "13122323" blog, please be sure to keep this source http://13132323.blog.51cto.com/13122323/1950587

Linux logs and Chrony time synchronization