Log service for Linux---syslog&logrotate

I. Overview

On a standard Linux system, the daemon KLOGD obtains the kernel information from the record 3 buffer, and then saves them in the system's log file through the syslogd daemon. The KLOGD program can be used to read these messages either from the/proc/kmsg file or through the syslog () system. By default, it chooses to implement the Read/proc method. Either way, the KLOGD will block until a new kernel message is readable. After being awakened, it reads the new kernel message and processes it. By default, it simply passes the message to the SYSLOGD daemon. The syslogd daemon adds all the messages it receives to a file, which by default is/var/log/message. It can also be re-specified through the/etc/syslog.conf configuration file.

Second, the application

Syslog in the system development and maintenance, for us to track the problem to provide an effective help, the classification of the syslog classification can help us to accurately locate the problem. We can sort the log by modifying the/etc/syslog.conf. Linux is categorized by defining facility and severity.

Facility: 0-23 Device options available

0 Kernel messages System kernel message
1 user-level Messages User space messages
2 mail system internal mail server-related messages
3 System daemons Daemon messages
4 security/authorization messages (auth) authentication-related messages
5 messages generated internally by SYSLOGD SYSLOGD own internal message
6 Line Printer Subsystem
7 Network news Subsystem web message
8 UUCP Subsystem
9 Clock Daemon
Ten security/authorization messages (Authpriv)
FTP Daemon
NTP Subsystem
Log audit need to start AUDITD service
Log alert
Clock daemon
16-23 LOCAL0-LOCAL7 user-defined message Channel

Severity: Log Level

0 Emergency
1 Alert
2 Critical
3 Error
4 Warning
5 Notice
6 Informational
7 Debug

These are defined in the kernel:

#define LOGLEVEL_EMERG 0/* System is unusable */
#define LOGLEVEL_ALERT 1/* Action must be taken immediately */
#define LOGLEVEL_CRIT 2/* Critical conditions */
#define LOGLEVEL_ERR 3/* ERROR conditions */
#define LOGLEVEL_WARNING 4/* WARNING conditions */
#define LOGLEVEL_NOTICE 5/* Normal but significant condition * *
#define LOGLEVEL_INFO 6/* Informational */
#define LOGLEVEL_DEBUG 7/* debug-level messages */

We know about facility and severity, so how do we modify syslog.conf?

The basic syntax for the syslog.conf file line is this:

[Type of message (Facility)].     [Log level (Severity)] [Store target log file].

The following statement joins Syslog.conf, meaning that all level log messages of the Authpriv type are stored in/var/log/secure.
authpriv.*/var/log/secure

Of course, the syslog supports the action to redirect the message content to the device file. The following statements redirect messages of type info kernal to/dev/logs.

Kern.info Action (type= "Ompipe" pipe= "/dev/logs")

Configuration, remember to use service syslog restart to restart the services, so that the configuration takes effect.

Third, Logrotate--log Butler

The use of the syslog is said here, but we must have found the problem, right, if the system message is written to the log file indefinitely, the system hard disk space will be exhausted soon. At this point, we introduced logrotate, a very useful tool that can automatically truncate, compress, and delete old log files. First we configure the logrotate with the/var/log/secure above as an example. Modify the/etc/logrotate.conf as follows:

var/log/secure{    maxsize 10240000         #日志文件到达最大限度10M时将截断    compress                 #已截断的文件将使用gzip进行压缩    maxage 365               #文件最长保存365天    Rotate                #一次性可以存储20个文件, the 21st file and the longest file will be deleted.            Missingok                #在截断期间, any error will be ignored    Notifempty               #如果日志文件为空 and will not truncate    create 640 root root     # Assigns the specified permissions to the created log    postrotate         systemctl reload syslog.service >/dev/null            #所有的指令完成后, will execute script restart Syslog service    Endscript}

This completes the basic management of the log file.

Log service for Linux---syslog&logrotate