Linux Note 11-System log

Last Update:2016-10-19 Source: Internet

Author: User

Tags rsyslog

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

*********************** System Log *************************
# # 1. System Log Default classification
/var/log/messages-- system services and logs, including service information, error, etc.
/var/log/secure-- System Authentication Information log
/var/log/maillog-- System Mail Service information
/var/log/cron-- System Timer Task Information
/var/log/boot -- System Boot Information

Example: View system services and logs, including service information, error, etc.

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/89/11/wKioL1gHAJmjnHOMAADNQTeYBF0433.png "title=" capture. PNG "alt=" Wkiol1ghajmjnhomaadnqteybf0433.png "/>

## 2. Log Management Service Rsyslog # #

1.rsyslog responsible for collecting logs and sorting storage logs
2.rsyslog Log Classification
Service . Log Level --/ Storing files
Example: Put all the services at all levels of logs into /var/log/westos
A.vim/etc/rsyslog.conf-- master configuration file 650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/89/11/wKioL1gHAWuwmnPxAAAU0se9SJs167.png "style=" float: none; "Title=" Captures 2. PNG "alt=" Wkiol1ghawuwmnpxaaau0se9sjs167.png "/>
b.*.*--/var/log/westos 650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/89/14/wKiom1gHAWqSZhNDAACBFE2q24I134.png "style=" float: none; "title=" capture. PNG "alt=" Wkiom1ghawqszhndaacbfe2q24i134.png "/>
Systemctl Restart Rsyslog

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/89/14/wKiom1gHAc_AIXBuAAAYgVVudWM558.png "title=" capture. PNG "alt=" Wkiom1ghac_aixbuaaaygvvudwm558.png "/>

Results:

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/89/14/wKiom1gHAWzRzaF5AACmixP8hmI363.png "style=" float: none; "Title=" Captures 3. PNG "alt=" Wkiom1ghawzrzaf5aacmixp8hmi363.png "/>

3. Log format
Log device (type). (connection symbol) log-level log processing mode

4.Log device (log type)
Auth Pamthe resulting log
authpriv ssh,FTPverification information such as login information
CronTime Task related
Kernkernel
LPRPrint
MaiMail
Marl(Svslog)-rsvsloginformation inside the service, time identification
Userinformation generated by the relevant user program
NewsNews Group
UUCP unix to UNIX copy,Unixrelated communication between the hosts
Loacl 1~7Custom Log Devices

5. debug with debug information, log information up to
info General information log, most commonly used
notice information of the most important general conditions
warning warning level
err error level, Information that prevents a feature or module from working correctly
crit alert emerg kernel crashes and other critical information
none Nothing records
top to bottom, level from low to high, less information is logged
more detailed manual man 3 syslog

6. Connection Symbols
. XXX: represents greater than or equal to XXX level of information
. =xxx : Indicates equal to XXX level of information
.! XXX: information indicating the level outside of XXX

Example:
1.record to normal file or device file
* */var/log/file.logAbsolute Path
* */dev/pst/0
Test:Logger-p Local3.info ' kadefor is testing the Rsyslog and logger "
Loggerused to generate log commands
2.Send to User (online to receive)
*. * Root
* * ROOT,DADEFOR,UP01Use','separating multiple users
*.* * *number indicates that all online users
File:/RUN/MEDIA/KIOSK/HELLO/UNIT10/2 Page 2 of 3
3.Ignore, Discard
local3.*~ Ignore AllLocal3logs of all levels of type
4.Execute Script
local3.* ^/tmp/a.sh ^followed by the absolute path of the executable script or program
Log content can be used as the first parameter of a script
Can be used to trigger alarms

7. systemctl stop firewalld
configuration log Sender
*.* @172.25.0.11 udp The protocol sends the log to the 11 host, @udp @ @tcp

To configure a log receiver
$ModLoad INUDDP Log Accept Plugin
$UDPServerRun 514 Log Accept plugin uses port
Netstat-anuple | grep rsyslog
Test
>/var/log/message Both sides are made
Logger test Messages Log Sender
tail-f/var/log/message Log Receiver

Log Sender

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/89/14/wKiom1gHA3jxr5wjAAA21Ca2r-g151.png "title=" capture. PNG "alt=" Wkiom1gha3jxr5wjaaa21ca2r-g151.png "/>650) this.width=650; src=" HTTP://S5.51CTO.COM/WYFS02/M00/89/14 /wkiom1ghawrc0zi0aaavhsbhggs267.png "title=" Capture 3. PNG "style=" Float:none; "alt=" Wkiom1ghawrc0zi0aaavhsbhggs267.png "/>

Log Receivers

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/89/11/wKioL1gHA3jA9R6lAAA7Z_fAoZc828.png "title=" Capture 2. PNG "alt=" Wkiol1gha3ja9r6laaa7z_faozc828.png "/>

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/89/11/wKioL1gHAwqBID7gAAAckJ067mw253.png "style=" float: none; "Title=" Captures 4. PNG "alt=" Wkiol1ghawqbid7gaaackj067mw253.png "/>

8. Log Capture format
$template Westos, "%timegenerated%%fromhost-ip%%syslogtag%%msg%\n"
%timegenerated%
%fromhost-ip%
%syslogtag%
%msg%
\ n
$ActionfileDefaultTemplate Westos
*.info;mail.none;authpriv.none;cron.none/var/log/messages;<<westos>>

# #3. Log Analysis Tool ##
Systemd-journald Process Name

JournalctlDirect execution, browse system log
- N 3showing the latest three articles
- P ErrShow Error
- FMonitoring logs
--since--until--since ""YYYY-MM-DD""HH:mm:SS""
from what time to what time of the log
- o verboseShow detailed process parameters that the log can use
_systemd_unit=sshd.serviceService Name
_pid=1182ProcessPID

Cases:

See the latest three articles

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/89/11/wKioL1gHBTvx6NA_AABqhYed1_A350.png "title=" capture. PNG "alt=" Wkiol1ghbtvx6na_aabqhyed1_a350.png "/>

Show Error

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/89/11/wKioL1gHBJbiJoH5AAEwjbny6ME406.png "style=" float: none; "Title=" Captures 2. PNG "alt=" Wkiol1ghbjbijoh5aaewjbny6me406.png "/>

Monitoring logs

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/89/14/wKiom1gHBJfhye4uAAFZ_-0ZX3s502.png "style=" float: none; "Title=" Captures 3. PNG "alt=" Wkiom1ghbjfhye4uaafz_-0zx3s502.png "/>

View logs over a period of time

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/89/11/wKioL1gHBJjj-S-1AACjo3Fo804982.png "style=" float: none; "Title=" Captures 4. PNG "alt=" Wkiol1ghbjjj-s-1aacjo3fo804982.png "/>

Show detailed parameters of the log

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/89/14/wKiom1gHBJmD3ISMAAD2qaZkG6k529.png "style=" float: none; "Title=" captures 5. PNG "alt=" Wkiom1ghbjmd3ismaad2qazkg6k529.png "/>

To view the log of the development parameters

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/89/11/wKioL1gHBJqjQO9tAAC_19lGhZ0771.png "style=" float: none; "Title=" Captures 7png.png "alt=" Wkiol1ghbjqjqo9taac_19lghz0771.png "/>

the Systemd-journald Management
By default, this program ignores log information before restarting, such as not ignoring:
Mkdir/var/log/journal
Chown root:systemd-journal/var/log/journal
chmod 2755/var/log/journal
Killall-1 Systemd-journald
ls/var/log/journal/4513ad59a3b442ffa4b7ea88343fa55f
System.journal user-1000.journal

<<< exercises >>>
1. Configure the log service requirements for the desktop host and server host as follows:
* ) Desktop all logs in the host are directed to /var/log/westos in the file
* ) always synchronize Desktop all logs in the host to Server in

Log Sender

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/89/14/wKiom1gHA3jxr5wjAAA21Ca2r-g151.png "title=" capture. PNG "alt=" Wkiom1gha3jxr5wjaaa21ca2r-g151.png "/>650) this.width=650; src=" HTTP://S4.51CTO.COM/WYFS02/M02/89/11 /wkiol1ghb5ack7sjaaaebxb-aa8295.png "title=" Capture 1. PNG "style=" Float:none; "alt=" Wkiol1ghb5ack7sjaaaebxb-aa8295.png "/>

Log Receivers

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/89/11/wKioL1gHA3jA9R6lAAA7Z_fAoZc828.png "title=" Capture 2. PNG "alt=" Wkiol1gha3ja9r6laaa7z_faozc828.png "/>

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/89/11/wKioL1gHAwqBID7gAAAckJ067mw253.png "title=" Capture 4. PNG "style=" Float:none; "alt=" Wkiol1ghawqbid7gaaackj067mw253.png "/>

2.in theServerIn the hostTimedatectlcommand set the system time zone to Shanghai One: One: One
File:/RUN/MEDIA/KIOSK/HELLO/UNIT10/2 Page 3 of 3
3.ConfigurationServerof the hostchronydServices to makeServerthe time in the host can beDesktopHost Synchronization
4.SyncServerThe time in the hostDesktopin the host
5.in the configuration systemsystemd-journalprogram to makeJournalcommand to view the log before shutdown

Linux Note 11-System log

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More