Linux01-linux Log System syslog detailed 55

First, the log system

1. Log system: Syslog ()

Information Detail Program: Log Level

Log subsystem: Facility

Logging action: Action

Log system on Linux:

Syslog

Syslog-ng: Syslog-ng as an alternative to syslog, can completely replace the service of syslog, and by defining rules, to achieve better filtering function

Log of the system startup process:

Kernel---physical terminal (/dev/console)--/VAR/LOG/DMESG

To view the log commands:

Dmesg/var/log/dmesg

Cat/var/log/dmesg

Logs need to be scrolled (log cut): In case the log file is too large, not easy to analyze:

Messages Messages.1 Messages.2 messages.3

Logrotate Log Scrolling

/etc/cron.daily/logrotate Log Scrolling Task

/etc/logrotate.conf Log Scrolling configuration file

/ETC/LOGROTATE.D is the configuration file for all log subsystems

Log files after entering/sbin/init:

/var/log/messages: System standard error log information, non-kernel generated boot information, the information generated by each subsystem;

/var/log/maillog: Log information generated by the mail system;

/var/log/secure:600 permissions, system security log;

Syslog Service:

SYSLOGD: System that logs information generated by non-cores

KLOGD: Kernel, specifically responsible for recording the log information generated by the kernel

Service Syslog Start

Service Syslog Reload does not need to restart the Syslog service to read syslog configuration information;

Configuration file:/etc/syslog.conf:

The configuration file definition format is: facility.priority action

facility, which can be understood as the source of the log or device currently used by facility, has the following types:

Auth # Certifications related to

Authpriv # permissions, authorization-related

Cron # Tasks related to scheduling

Daemon # daemon-related

Kern # kernel-related

LPR # Print related

Mail # message-related

Mark # tags related to

News # Related

Security # Safety-related, similar to auth

Syslog # Syslog's Own

User # users-related

UUCP # UNIX to UNIX CP related

Local0 to Local7 # user-defined use

* # * means all the facility

The level of the priority log levels, which generally have the following levels (from low to high, the lower the record, the more detailed)

Debug # Debugging information for a program or system

Info # General Information

Notice # does not affect the normal function, need to note the message

Warning/warn # may affect system functionality and need to alert users of important events

Err/error # error message

Crit # more serious.

Alert # must be dealt with immediately.

Emerg/panic # will cause the system to be unavailable

* # indicates all log levels

None # is the opposite of *, it means nothing.

Location of the action (action) log record

Absolute path on system # Normal file such as:/var/log/xxx

| # pipelines are routed to other command processing

Terminal # terminals such as:/dev/console

@HOST # remote host such as: @10.0.0.1

User # System user such as: root

* # Log on to all users on the system, general Emerg level logs are defined like this

Examples of defining formats:

Mail.info/var/log/mail.log # indicates that information related to the mail subsystem is logged to the/var/log/mail.log file in the level info and above info levels

Auth.=info @10.0.0.1 # indicates that auth related, level info information is logged to the 10.0.0.1 host, provided the 10.0.0.1 is able to receive log messages from other hosts

user.! =error # Indicates a record of user-related information, excluding the error level

user.! Error # Contrary to User.error

*.info # indicates the info level for logging all log information

Mail.* # indicates that all levels of information related to mail are logged

* * * you know that.

Cron.info;mail.info # Multiple log sources can be separated by ";"

Cron,mail.info # and Cron.info;mail.info is a meaning

mail.*;mail.! =info # represents all levels of information related to mail, but does not include the info level

Remote log server configuration file:/etc/sysconfig/syslog

SYSLOGD options= "-r-m 0"

Client modification:/etc/syslog.conf

mail.*@IPADD

Make a small system to start the System Log service:

Vim/mnt/sysroot/etc/rc.d/rc.sysinit loading the network module before adding:

echo "Start syslog ..."

Syslogd

Klogd

Vim etc/sysconfig.conf

*.info;auth.none var/log/messages

auth.*var/log/secure

Touch Var/log/secure

chmod var/log/secure

Linux has a clipping technique with SSH service less than 10M

This article is from "Nick Liu's blog," Please make sure to keep this source http://zkhylt.blog.51cto.com/3638719/1426853