Liunx service usage (Log Service Management and usage)

Whether or not a system is secure or not, or if there is a problem but the cause cannot be found, the first thing that comes to mind is log management and how to view logs.

Log Management;

System log configuration file/etc/syslog. conf

Start Log service syslog restart

Log Configuration:

AAAAA. BBBBBCCCCC

AAAAA log generation object

Mail service

Authpriv Verification

Cron scheduled tasks

Uucp Subsystem

News System

BBBBB log levels: 8 levels

Debug log

Info is normal

Notice

Warning information

Err error message

Crit Crisis Information

Alert must pay attention to the information

Emerg panic) Emergency Information

Representation Method

All information above the mail. err level

Mail. = err only requires err-level information

Mail .! = All err levels except err

Location where CCCCC logs are saved

1. Save to file

*. Info; mail. none; authpriv. none; cron. none/var/log/messages

2. Sending Terminal

*. Info; mail. none; authpriv. none; cron. none/dev/pts/3

3. Send to a user

*. Info; mail. none; authpriv. none; cron. none robin

Centralized log management

Server

Vim/etc/sysconfig/syslog

#-M 0 disables 'mark' messages. Disable MIK Information

#-R enables logging from remote machines start remote logs

#-X disables DNS lookups on messages recieved with-r disable DNS resolution

# See syslogd (8) for more details

SYSLOGD_OPTIONS = "-m 0-r-x"

Service syslog restart

Client

/Etc/syslog. conf

*. Info; mail. none; authpriv. none; cron. none @ 192.168.1.2

Service syslog restart

----------------------------------------

Main configuration file in the directory where vim/etc/syslog. conf logs are stored

Vim/etc/sysconfig/syslog configuration log Centralized Management Master configuration file

/Var/log directory

Log rotation logrotate cut log information

Vim/etc/logrotate. conf logs are randomly transferred to the master configuration file

All configuration files in the/etc/logrotate. d log

Log Rotation

Configuration file/etc/logrotate. conf

/Etc/logrotate. d/

Create a log file

Touch/var/log/test. log

Configure the log rotation configuration file

Touch/etc/logrotate. d/test

Vim/etc/logrotate. d/test

/Var/log/test. log {

Missingok: no error

Size 30 k: size 30 k

Daily: daily cut

Rotate 7: retain 7 copies

Create 0777 root

}

Logrotate-f/etc/logrotate. d/test

Logrotate-f/etc/logrotate. conf

If you do not use-f force cutting, modify the system time for testing.

This article is from the "history_xcy" blog, please be sure to keep this http://historys.blog.51cto.com/7903899/1296652