Linux system log files

The Linux system log file contains the Linux log file, examples of Linux log files, and examples of related operations. Knowledge points that make sense when learning Linux diary files. The diary is very... information & nbsp; Linux system log file here let's take a look at the Linux diary file, examples of Linux diary files, and examples of related tasks. Learning Linux diary files is equivalent to intentional knowledge points. It is very important for the diary to deal with the peace of mind. he has recorded the various things that occur in the system every day. you can use it to reflect on the causes of faults, traces left by attackers during attacks. Important functions of the diary include audit and monitoring. He can also promptly monitor the system status, monitor and track intrusions, and so on. In the Linux system, there are three important sub-systems: The Diary of connecting time-implemented by multiple measures, write records to/var/log/wtmp and/var/run/utmp and login to update the wtmp and utmp files, the system administrator can track who is logged on to the system at a time. Process Statistics-implemented by the system kernel. When a process stops, write a record for each process to the process Statistics file (pacct or acct. The policy of process statistics is to order application statistics for the fundamental work in the system. Fault diary-implemented by syslogd (8. Various system Guard processes, user measures and the kernel through syslog (3) to the file/var/log/messages claims worth noting the accident. There are many other UNIX methods to create a diary. Such as HTTP and FTP provide network work tools also maintain a specific diary. The commonly used log files are as follows: access-log record HTTP/web transmission acct/pacct record user ordered aculog record MODEM activity btmp record failure record lastlog record recent frequent happy login accident and last happy login messages records information from syslogs (some links to the syslog file) sudolog records the application syslogs issued by the application sudo. the sulog records the application syslogs ordered by the application su to record the real information from syslogs (usually linked to the messages file) utmp records the currently logged-on user wtmp a permanent record xferlog records the FTP session utmp, wtmp, and lastlog log files each time a user logs in and out. this is the key for most UNIX diary sub-systems -- maintain user logon entry and exit records. The information about the current login user is recorded in the file utmp; the logon entry and exit records are recorded in the file wtmp; the last login file can be ordered with lastlog. Data Exchange, shutdown, and restart are also recorded in the wtmp file. All records are pregnant timestamps. These files (lastlog is usually not large) add exceptional agility in a system with large users. For example, a wtmp file can be added without limit unless it is intercepted regularly. Many systems set wtmp to a circular application in units of one day or one week. It is usually corrected by the scripts run by cron. These scripts rename and apply the wtmp file cyclically. Generally, wtmp is named wtmp.1 after the first day, and wtmp. 1 is changed to wtmp.2 after the second day until wtmp.7. Every time a user logs on, login observes the UID in the lastlog file. If found, the user's previous logon, logout time, and host name are written to the standard output, and then the login measures are recorded in the lastlog. After a new lastlog is written, the utmp file is opened and the user's utmp record is inserted. This record is not used until the user logs on and exits. Utmp files are used in various command files, including who, w, users, and finger. Next, login tries to open the file wtmp and append the user's utmp record. When a user logs on and exits, the same utmp record with the timestamp during the update is appended to the file. Wtmp file measures last and ac application