This is the seventh article in the series. It was originally written separately. This time it was added to the Linux column.
7.1 -- forword
Logs in Linux are undoubtedly very important. It is of great benefit for us to analyze system faults and solve related problems. This article has accumulated some knowledge and is only used for memo.
7.2 -- start
Linux system logs include system logs and application logs. The former is mostly recorded under/var/log/, while the latter is distributed in different directories as needed, of course, it may also be written under/var/log.
Here we will describe the system logs:
7.2.1, simple classification
Location:
/Usr/ADM-earlier versions of UNIX/var/adm-new versions use this location/var/log-some versions of Solaris, Linux, BSD, free BSD uses this location/etc-most UNIX versions put utmp here, some also put wtmp here, syslog. conf is here
Reference:
Connection time log-the log is executed by multiple programs and written to/var/log/wtmp and/var/run/utmp, login and other programs to update the wtmp and utmp files, enables the system administrator to track who is logged on to the system at any time.
Process statistics-executed by the system kernel. When a process terminates, each process writes a record to the process Statistics file (pacct or ACCT. Process statistics are used to provide command usage statistics for basic services in the system.
Error Log -- executed by syslogd (8. Various system Daemon Processes, user programs, and kernels report noteworthy events to files/var/log/messages through Syslog (3. In addition, many UNIX programs create logs. Servers that provide network services such as HTTP and FTP also maintain detailed logs.
Common Log File usage instructions:
Acct or pacct -- Record the command used by each user access_log -- mainly when the server runs NCSA HTTPd, record the sites connected to your server aculog -- save the modems record lastlog you dialed -- Record the recent login record of the user and the initial destination of each user, sometimes it is the last successful login record loginlog -- Record some abnormal login record messages -- Record the records output to the system console, in addition, syslogs are used to generate security-record some examples of UCP system attempts to enter the restricted range sulog-record utmp-record records of all users currently logged on to the system, this file is constantly changing as users enter and exit the system. utmpx -- utmp extension wtmp -- record user logon and exit event syslog -- the most important log file, use syslogd daemon to obtain log information :/Dev/log -- a Unix domain socket, message/dev/klog generated by processes running on the local machine -- a device that receives messages from the Unix kernel ** port 514 -- an internet socket, receives syslog messages from other machines over UDP. Uucp-the recorded uucp information can be updated by a local UCP activity or modified by an action initiated by a remote site. The information includes sent and received calls, sent requests, and senders, sending time and sending host LPD-errs -- logs for processing Printer fault information FTP logs -- execute ftpd with the-L option to obtain the logging function httpd logs -- the httpd server records every web access record history log-this file stores the vold record of the user's recent command input. log-record the error records encountered when using external media
The wtmp and utmp files are binary files, that is, you cannot view them through cat or VI. You can view them through system commands. Common Commands include WHO, user, W, AC, last
7.2.2 briefly introduce these commands:
WHO: If you run this command, you can find that there are users logging on to the system. Executing the who command separately lists the logon accounts, terminals, and logon times.
W: more information is displayed than who. For more information, see the command description.
The user that you log on. The tty name used by the TTY user. From local login @ date and time of user logon. Idle is the number of minutes that a program has attempted to read from the terminal. Jcpu: the time when all processes on the terminal and their sub-processes use the system components. The system part time used by the current active process of the pcpu. What is the name and parameter of the current process.
User: no explanation. It is very simple. The logon user is displayed.
Last: displays Recent user or terminal logon information
This log is being supplemented .........
7.3 --- Appendix
Appendix: Common commands for viewing system information
System: # uname-A # view kernel/OS/CPU information # Cat/etc/issue # Cat/etc/RedHat-release # view OS version # Cat/proc/cpuinfo # View CPU information # hostname # View computer name # lspci-TV # list all PCI devices # lsusb-TV # list all USB devices # lsmod # list loaded kernel modules # env # view environment variables resource: # Free-M # view memory usage and swap zone usage # DF-h # view usage of each partition # Du-SH <Directory Name> # view the size of a specified directory # grep memtotal/proc /meminfo # view the total memory # grep memfree/proc/meminfo # view the Amount of idle memory # uptime # view the system running time, number of users, and load # Cat/proc/loadavg # view the system load disk and partition: # Mount | column-T # view the status of the mounted partition # fdisk-L # view all partitions # Swapon-s # view all swap partitions # hdparm-I/dev/hda # view disk parameter (applicable only to ide devices) # dmesg | grep ide # view the network of IDE Device Detection Status at startup: # ifconfig # view the attributes of all network interfaces # iptables-L # view firewall settings # route-N # view route tables # netstat-lntp # view all listening ports # netstat-antp # view all established connection # netstat-s # view network statistics process: # ps-Ef # view all processes # top # display Process status in real time (details are provided in another article) Users: # W # view active users # id <User Name> # view specified user information # last # view User Logon logs # Cut-D: -F1/etc/passwd # view all users of the system # Cut-D:-F1/etc/group # view all groups of the system # crontab-L # view the scheduled Task Service of the current user: # chkconfig-list # list all system services # chkconfig-list | grep on # list all started system service programs: # rpm-Qa # view all installed software packages