Linux operation and Maintenance Phase II (13) log Management
One,1, in the centos6.x log service replaced by Rsyslogd Syslogd, new features: Based on TCP transport log information , a more secure network transmission mode, a timely analysis framework for log messages, a background database, a simple logical judgment in the configuration file, and a compatible syslogd.
2, the system common log files:/var/log/cron,/var/log/btmp and so on.
Second, the Log service:
1. Format: Event-generated event occurs when the server generates event server name or program name event specific information
2./etc/rsyslog.conf configuration file format: Service name [ connection symbol ] log level log record location
connection symbol:. as long as the log that is higher than the subsequent level (including this level) is recorded, for example:cron.info
. = represents only logs of the required level, no other grades are recorded, for example:*.=emerg
.! The delegate does not equal, except for the level of the log, other levels of the log are recorded
log level:debuginfo notice warning err crit alert Emerg by rank from you to high
Logging Location: (the current log output to which log file is saved)
"The absolute path to the log file, the most common method of saving, for example:/var/log/secure
"System device file,/dev/lp0 represents the first printer.
"Forwarded to remote host:@192.168.0.210:514 (UDP protocol to Port 514, 514 is the default port for log service ); @@192.168.0.210:514(TCP protocol Send)
user name, such as root,the log will be sentto the root, and the "mail.* *" will send all levels of logs generated by the mail service to all online users. If sent to multiple online users, the user name is separated by semicolons; "local3.* ~" If the object to accept the log is ~, this log will not be recorded directly discarded.
Example: Define your own log
#vi/etc/rsyslog.conf
Write *.crit/var/log/alert.log
#service Rsyslog Restart
#ll/var/log/alert.log
device for log server
#vi/etc/rsysylog.conf (server-side settings
$Modload imtcp
$InputTcpserver Run 514 (Uncomment the two lines
#servicersyslog restart
#netstat-tuln | grep 514
#vi/etc/rsyslog.conf (Client settings
* * @@192.168.210:514
Check that the log server is set up:
#useradd AA (on client)
#passwd AA
#vi/var/log/secure (View the host name of the event that occurred
third, the log rotation: The old log file moved and renamed, while creating a new blank log file, when the old log file beyond the scope of the save, will be deleted, renamed to rely on /etc/logrotate.conf dateext Parameters.
add your own logs to the log rotation:
Party One: write the rotation policy directly in the /etc/logrotate.conf file;
Square Two: Create a rotation file in the /etc/logrotate.d/ directory.
Example: by side two:#chattr +a/var/log/alert.log
#vi/var/log/alert.log
/var/log/alert.log{
Weekly
Rotate6
Sharedscripts
Prerotate
/usr/bin/chattr-a/var/log/alert.log
Endscript
Sharescripts
Postrotate
/usr/bin/chattr +a/var/log/alert.log
Endscript
}
#vi/etc/cron.daily/logrotate
/usr/sbin/logrotate/etc/logrotate.conf >/dev/null 2>&1 (logrotate command Determines whether a log rotation condition is met according to the configuration file , log rotation is initiated by cron
#logrotate option profile name
-V (verbose display procedure
-F ( Force mandatory
iv. Log Analysis tool:Logwatch
#cp/usr/share/logwatch/default.conf/logwatch.conf/etc/logwatch/conf/logwatch.conf (Note: default configuration /etc/logwatch /conf/logwatch.conf is empty, to be generated manually)
#logwatch
#mail
From Brother Lian Training
This article is from the "Linux Operational Difficulty Learning notes" blog, please be sure to keep this source http://jowin.blog.51cto.com/10090021/1651995
Linux Operations Phase II (13) Log Management