Linux notes (14)-Log management

(1) RSYSLOGD service:
To see if the service started: PS aux | grep rsyslogd
To see if the service is self-booting: Chkconfig--list | grep rsyslog
Configuration file:/etc/rsyslog.conf
Service name [connection symbol] Log level log record location
authpriv.*/var/log/secure
#认证相关服务. All log levels are recorded in/var/log/secure
Service Name
AUTH: Security and certification related information
AUTHPRIV: Safety and certification related information, private
Cron: System timed tasks Cront and at-generated logs
Daemon: Logs related to each daemon
Ftp:ftp log generated by daemon process
Kern: The log generated by the kernel is not generated by the user process
LOCAL0-LOCAL7: Reserved services for local use
LPR: Printing the resulting log
Mail: Send and receive messages
News: Logs related to the press server
Log generated by SYSLOG:SYSLOGD
User: Log information for the level category
Log information for the UUCP:UUCP subsystem
(2) Function of common log
/var/log/cron: Recording the relevant logs of the system's scheduled tasks
/var/log/cups/: Logging of print information
/VAR/LOG/DMESG: Records the system's self-test information at boot time
/VAR/LOG/BTMP: Logs logging of incorrect logins. Need to LASTB command to view
/var/log/lastlog: Last logon time for all users. Need to LASTB command to view
/var/log/maillog: Log Message information
/var/log/messages: Record important information about the system, and check this log first.
/var/log/secure: Records authorization verification information, as long as the user is involved, the password program will be recorded
/var/log/wtmp: Permanent record of all user logon logoff information, while recording system startup, Shutdown time. Use Last to view
/VAR/RUN/UTMP: Records the user information that is currently logged in. Only the current user's information is logged, as the user's logon logoff changes. Use W,who,users to query
RPM Package installation Log in/var/log/
(3) Log format
The time the event was generated;
The host name of the server where the event occurred;
The service name or program name that generated the event;
Specific information about the event.
(4) Log rotation
1. Naming rules for log files
If the configuration file has the "Dateext" parameter, the log is added with a date, such as: log-20160101
If not, the new log name is log and the old one is automatically changed to Log.1
2.logrotate configuration file
Daily: Log rotation cycle is daily
Weekly: Log rotation cycle is weekly
Monthly: Log rotation cycle is monthly
Rotate N: Keeps the number of log files. 0 means no backup
Compress: Log is compressed when journal rotation
Create Mode owner group: Create a new log and set permissions for new logs with owner and owning groups, such as: Create 0600 root utmp
Mail address: When log rotation, the output is sent to the mailbox
Missingok: The log does not exist and the log warning message is ignored
Notifempty: Empty log is not rotation
MinSize Size: Log rotation minimum, log to the minimum before rotation, otherwise due to not rotation
Size: Log is only larger than the specified size for rotation, not by time
Dateext: Use date as suffix
3.logrotate [Options] configuration file
-V: Show the log rotation process
-F: Force a log rotation

Linux notes (14)-Log management