Linux system logs

Linux System log core system log files

/var/log/messages

Includes boot disk at system startup, other state of System runtime, I/O error, network error, etc.
When the file is large, it will be cut into several systems;
Log Cut profile is/etc/logrotate.conf (do not modify)

DMESG command

It can display the system boot information, general view hardware problems;

DMESG | Head-n5

[[email protected] ~]# dmesg | head -n5[    0.000000] Initializing cgroup subsys cpuset[    0.000000] Initializing cgroup subsys cpu[    0.000000] Initializing cgroup subsys cpuacct[    0.000000] Linux version 3.10.0-693.el7.x86_64 ([email protected]) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC) ) #1 SMP Tue Aug 22 21:09:27 UTC 2017[    0.000000] Command line: BOOT_IMAGE=/vmlinuz-3.10.0-693.el7.x86_64 root=UUID=74ffca85-fbd2-4e59-954a-883c0e1b296a ro crashkernel=auto rhgb quiet LANG=zh_CN.UTF-8[[email protected] ~]#

Empty command

dmesg -c

System boot Log

/var/log/dmesg

Viewing the normal logon log

Last command

Main call File/var/log/wtmp

[[email protected] ~]# last |headuser     pts/1        192.168.188.3    Thu Feb  1 01:01 - 01:01  (00:00)    root     pts/1        192.168.188.3    Wed Jan 31 22:41 - 22:42  (00:00)    root     pts/0        192.168.188.1    Wed Jan 31 22:15   still logged in   reboot   system boot  3.10.0-693.el7.x Wed Jan 31 22:15 - 02:06  (03:51)    root     pts/0        192.168.188.1    Wed Jan 31 21:58 - down   (00:16)    reboot   system boot  3.10.0-693.el7.x Wed Jan 31 21:57 - 22:14  (00:17)    root     pts/0        192.168.188.1    Tue Jan 30 19:21 - down   (03:03)    reboot   system boot  3.10.0-693.el7.x Tue Jan 30 19:03 - 22:25  (03:22)    root     pts/0        192.168.188.1    Mon Jan 29 14:48 - crash (1+04:15)   reboot   system boot  3.10.0-693.el7.x Mon Jan 29 14:47 - 22:25 (1+07:37)   [[email protected] ~]#

To view logs for logon failures

LASTB command

The main calling file/var/log/btmp

[[email protected] ~]# lastbuser     ssh:notty    192.168.188.3    Thu Feb  1 02:10 - 02:10  (00:00)    btmp begins Thu Feb  1 02:10:06 2018[[email protected] ~]#

Security log

/var/log/secure
Whether the login is successful or not, it will be recorded in the log;

[[email protected] ~]# Head-n5/var/log/securejan 21:25:38 shu-test polkitd[520]: Registered Authentication Agen T for unix-process:3868:852626 (System bus name:1.59 [/usr/bin/pkttyagent--notify-fd 5--fallback], object Path/org/fre Edesktop/policykit1/authenticationagent, Locale zh_cn. UTF-8) Jan 21:25:38 shu-test polkitd[520]: Unregistered authentication Agent for unix-process:3868:852626 (System bus NA me:1.59, Object path/org/freedesktop/policykit1/authenticationagent, Locale zh_cn. UTF-8) (disconnected from bus) Jan-21:33:11 shu-test polkitd[520]: Registered authentication Agent for unix-process:4296 : 897879 (System bus name:1.62 [/usr/bin/pkttyagent--notify-fd 5--fallback], object path/org/freedesktop/policykit1/au Thenticationagent, Locale zh_cn. UTF-8) Jan 21:33:11 shu-test polkitd[520]: Unregistered authentication Agent for unix-process:4296:897879 (System bus NA me:1.62, Object path/org/freedesktop/policykit1/authenticationagent, Locale zh_cn. UTF-8) (DisconneCTED from Bus) Jan-21:33:44 shu-test polkitd[520]: Registered authentication Agent for unix-process:4317:901212 (System Bus name:1.63 [/usr/bin/pkttyagent--notify-fd 5--fallback], object path/org/freedesktop/policykit1/ Authenticationagent, Locale zh_cn. UTF-8) [[email protected] ~]#

Linux system logs